Privacy Policy

Introduction

Document Management ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ERP platform ("Service").

Legal Entity:
Document Management, Inc.
6201 Murray Street, Little Rock, AR 72209
Phone: 501-562-9995
Email: privacy@docmgmt.ai
DPO: dpo@docmgmt.ai

By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of our Service.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Name, email address, phone number
• Company name, address, tax ID
• Job title, department
• Payment information (processed by Stripe, not stored by us)
• Profile photo and preferences

Customer Data (Your Business Data):

• Documents (invoices, purchase orders, contracts, labels)
• Customer and vendor information
• Product inventory data
• Sales and purchase transactions
• Financial records
• Shipping and logistics information
• Communications within the platform
• Any other content you upload or create

Communications:

• Support requests and correspondence
• Feedback and survey responses
• Chat messages with our team

1.2 Information Collected Automatically

Usage Information:

• Pages viewed and features used
• Time spent on pages
• Actions performed in the application
• Search queries
• Date and time of access

Device and Technical Information:

• IP address
• Browser type and version
• Operating system
• Device identifiers
• Screen resolution
• Referral URLs

Cookies and Tracking Technologies:

• Essential cookies (authentication, security)
• Functional cookies (preferences, settings)
• Analytics cookies (usage patterns, performance)
• See our Cookie Policy for details

1.3 Information from Third Parties

We may receive information from:

• Email integration providers (Gmail API)
• Payment processors (Stripe)
• Authentication providers (Google, Microsoft)
• Publicly available sources (company registries)

2. How We Use Your Information

2.1 To Provide and Maintain the Service

• Process and store your documents
• Perform AI analysis and automation
• Enable collaboration features
• Provide customer support
• Process payments and billing
• Send transactional notifications (order confirmations, alerts)

2.2 To Improve and Optimize

• Analyze usage patterns to improve features
• Troubleshoot technical issues
• Conduct research and development
• Test new features
• Generate anonymized analytics

2.3 For Security and Fraud Prevention

• Detect and prevent security threats
• Investigate suspicious activity
• Enforce our Terms of Service
• Protect against abuse and fraud

2.4 For Communication

• Respond to your inquiries
• Send service announcements
• Notify you of changes to the Service
• Send marketing communications (with your consent - you can opt out)

2.5 For Legal Compliance

• Comply with legal obligations
• Respond to lawful requests from authorities
• Establish, exercise, or defend legal claims

3. AI Processing and Third-Party Services

3.1 AI Providers

We use the following AI services to process your documents:

• OpenAI (GPT-4): Document analysis, text generation
• Anthropic (Claude): Document understanding, automation
• Google AI (Gemini): Vision processing, data extraction

3.2 Data Processing Agreements

We have Data Processing Agreements (DPAs) with all AI providers ensuring:

• Your data is NOT used to train their models
• Data is processed only for your specific requests
• Data is not retained by the AI provider after processing
• Appropriate security measures are in place
• GDPR compliance for EU data

3.3 Opting Out of AI Processing

You can disable AI features in your account settings. This will limit certain functionality but ensures your data is not sent to third-party AI providers.

4. How We Share Your Information

4.1 We Share With:

Service Providers (Sub-Processors):

• Google Cloud Platform: Infrastructure hosting (US region)
• OpenAI, Anthropic, Google AI: AI processing
• Stripe: Payment processing
• SendGrid: Email delivery
• Intercom: Customer support chat
• Sentry: Error tracking

All sub-processors are contractually obligated to protect your data and use it only for providing services to us.

Within Your Organization:

• Data is accessible to users you authorize in your account
• Account administrators have access to all data in their organization

For Legal Reasons:

• To comply with subpoenas, court orders, or legal process
• To respond to government requests
• To enforce our Terms of Service
• To protect our rights, property, or safety
• To investigate fraud or security issues

Business Transfers:

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.2 We Do NOT:

• Sell your personal information to third parties
• Share your data for marketing purposes without consent
• Use your Customer Data to compete with you
• Train our own AI models on your proprietary data

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your account is active and as necessary to provide services.

5.2 After Account Termination

• Customer Data: Deleted 60 days after termination (you have 30 days to export)
• Backup Data: May persist in backups for up to 90 days
• Account Information: Retained for 7 years for legal/tax compliance
• Usage Analytics: Anonymized data may be retained indefinitely

5.3 Legal Hold

We may retain data longer if required by law, legal proceedings, or to resolve disputes.

6. Data Security

6.1 Technical Measures

• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access Controls: Role-based access, multi-factor authentication
• Network Security: Firewalls, intrusion detection
• Data Isolation: Logical separation between tenants
• Monitoring: 24/7 security monitoring and logging
• Backups: Automated daily backups with encryption

6.2 Organizational Measures

• Background checks for employees with data access
• Security training and awareness programs
• Confidentiality agreements with staff
• Incident response procedures
• Regular security audits and penetration testing

6.3 Your Responsibilities

• Keep your password confidential
• Enable multi-factor authentication
• Monitor your account for suspicious activity
• Report security incidents immediately

7. Your Privacy Rights

7.1 All Users Have the Right To:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your account and data
• Data Portability: Export your data in a machine-readable format
• Objection: Object to processing of your data
• Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU/EEA Users)

If you are in the European Union or European Economic Area, you have additional rights under GDPR:

• Right to Restriction: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority
• Right to Data Portability: Receive data in a structured, machine-readable format

7.3 CCPA Rights (California Residents)

• Right to Know: What personal information is collected, used, shared, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising rights

7.4 How to Exercise Your Rights

To exercise any of these rights:

• Email us at: privacy@docmgmt.ai
• Use the Privacy Settings page in your account
• Contact your account administrator (for organization-managed accounts)

We will respond to your request within 30 days. We may require verification of your identity before fulfilling requests.

8. International Data Transfers

8.1 Data Location

Your data is primarily stored in Google Cloud Platform's us-central1 region (United States). It may be transferred to and processed in other countries where our service providers operate.

8.2 EU-US Data Transfers

For transfers from the EU to the US, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• EU-US Data Privacy Framework (where applicable)

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately at privacy@docmgmt.ai.

10. Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, see our Cookie Policy at /legal/cookies.

Types of Cookies We Use:

• Essential: Required for authentication and security (cannot be disabled)
• Functional: Remember preferences and settings (can be disabled)
• Analytics: Track usage and performance (can be disabled)
• Marketing: Not currently used (would require consent)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

For material changes, we will:

• Notify you via email at least 30 days in advance
• Display a prominent notice in the Service
• Require your consent where required by law

12. Contact Information

Data Protection Officer (DPO)

For privacy-related inquiries:
Email: dpo@docmgmt.ai
Privacy Email: privacy@docmgmt.ai
Phone: 501-562-9995
Address: Document Management, Inc., 6201 Murray Street, Little Rock, AR 72209

EU Representative (if applicable)

If required for EU operations, we will designate an EU representative and update this section accordingly.