Privacy Policy

2. What we collect

We may collect:

• Account data (name, email, authentication details)
• Workspace and team data (members, roles)
• Documentation record data (titles, metadata, declarations you submit)
• Technical fingerprints (e.g., SHA-256) and verification logs
• Uploaded files (e.g., supporting documents, attachments)
• Usage and security data (IP-derived security logs, device/browser data, rate-limit signals)

3. Why we process your data

We process personal data to:

• provide and operate the Service
• create and verify documentation records
• prevent fraud and abuse, enforce security and rate limits
• provide support and communicate service notices
• comply with legal obligations

4. Legal bases

Depending on context, our legal bases include:

• performance of a contract (providing the Service)
• legitimate interests (security, preventing abuse, improving reliability)
• legal obligation (compliance and record keeping)
• consent (where required, e.g., optional marketing emails)

5. Sharing

We may share data with trusted service providers only as needed to operate the Service (e.g., hosting, email delivery, payments). We do not sell your personal data.

6. International transfers

Some providers may process data outside your country. Where required, we use appropriate safeguards (such as standard contractual clauses).

7. Retention

We keep data only as long as necessary for the purposes described, including security, dispute handling, and legal compliance. You may request deletion where applicable, subject to legal and operational limits.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You may also lodge a complaint with your data protection authority.

9. Security

We use reasonable technical and organizational measures to protect data (access controls, encryption in transit, logging, and security monitoring).

10. Contact