GrabDocs – Privacy Policy

Last updated: [Date]

1. Introduction

GrabDocs ("we," "us," "our") provides document management, AI-powered search, transcription, and collaboration services ("the Service"). We are committed to protecting your privacy and handling your data responsibly.

This Privacy Policy explains how we collect, use, store, and protect information when you use GrabDocs. By using the Service, you agree to the practices described here.

2. Information We Collect

2.1 Account Information

We collect basic information you provide when creating an account, such as:

  • name
  • email address
  • password (securely hashed)

2.2 User Content

We store and process content you upload or create within the platform, including:

  • documents & files
  • receipts
  • meeting recordings & transcripts
  • messages
  • workspaces and settings

You retain full ownership of your User Content.

Important: Customers should not upload Protected Health Information (PHI), payment card information, or other regulated data unless GrabDocs has expressly agreed in writing to support such use under an appropriate agreement where required (for example, a Business Associate Agreement where applicable).

2.3 Usage Data

We collect technical information automatically, such as:

  • device & browser information
  • IP address
  • interaction logs (e.g., login events, errors, performance metrics)
  • anonymized usage analytics

2.4 Payment Information (via Stripe)

If you subscribe to a paid plan, Stripe—our third-party payments processor—may receive:

  • billing details
  • card information
  • transaction history

GrabDocs does not store full payment card numbers.

3. How We Use Your Information

3.1 To Provide the Service

We use collected data to:

  • store your documents
  • run AI-powered search and analysis
  • generate transcripts and summaries
  • manage your account and subscription
  • maintain reliability and security

3.2 AI Processing

AI features may process:

  • extracted text from documents
  • transcripts
  • receipts
  • queries
  • metadata

GrabDocs currently uses OpenAI to provide certain AI-powered features, such as chat, summarization, classification, extraction, and semantic search. Over time, GrabDocs may also use additional AI models or service providers to support these or related features. When AI features are used, GrabDocs limits the data sent for processing to the portions reasonably needed to fulfill the user's request, such as relevant document text, metadata, queries, or excerpts where feasible. AI processing is intended to respect existing user permissions and access controls, and content a user is not authorized to access is not intended to be included in that user's AI results or responses. GrabDocs may store chat history and related interaction data to support continuity, security, troubleshooting, support, and audit functions. GrabDocs does not use customer data to train its own foundation models and does not intentionally provide customer data to third-party AI providers for training their general models.

AI providers may process data submitted through AI features in order to provide the requested functionality. GrabDocs seeks to limit that data to what is reasonably necessary for the feature being used. AI outputs may not always be accurate.

AI processing may involve third-party providers. GrabDocs does not control the operation of these providers and is not responsible for outputs generated by them.

AI-generated outputs are for informational purposes only and should not be relied upon for legal, medical, financial, or professional decision-making.

3.3 Security, Fraud, and Abuse Prevention

We use logs and metadata to detect suspicious activity, enforce security measures, and maintain service integrity.

3.4 Communication

We may send essential account notifications, billing updates, or security alerts. You may opt out of non-essential messages at any time.

3.5 Google Workspace APIs

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

4. How We Share Information

We do not sell or rent your personal information.

We may share data with third-party service providers that support the operation of the Service, including providers for hosting, storage, security, authentication, billing, and AI-powered functionality. These providers may change over time as our services evolve.

Examples of such providers may include infrastructure, billing, and AI service providers.

We do not give these providers access to your document content except where required to deliver core features (e.g., LLM processing).

Third-party providers only have access to the extent necessary to perform their services. We require them to maintain reasonable security practices.

Third-party providers involved in PHI processing will only do so under a signed Business Associate Agreement (BAA).

We may disclose information if required by law or to protect rights, users, or system security.

5. Data Storage & Security

5.1 Secure Cloud Infrastructure

User content is stored in secured cloud environments managed by third-party infrastructure providers.

5.2 Encryption

GrabDocs uses commercially reasonable technical and organizational safeguards, including industry-standard security measures and encryption in transit and at rest where applicable.

5.3 Limited Internal Access

Internal administrative access is limited and monitored.

Internal access to user content is restricted, monitored, and permitted only when necessary for support, security, legal compliance, or authorized operational purposes.

5.4 Backups

We maintain routine backups to help protect against accidental loss. Backup retention is limited and subject to operational needs.

5.5 Account Security Recommendations

We recommend customers enable multi-factor authentication where available and follow best practices for account security.

6. Data Retention

Data is retained only as long as reasonably necessary to provide the Service, maintain security and support functions, and meet legal or operational obligations.

We retain User Content for as long as your account is active.

When you delete content or close your account:

  • items are removed from active systems
  • limited residual copies may remain in secure backups for a short period
  • some aggregated or anonymized usage data may be retained

Aggregated or anonymized data may be retained for analytics or service improvement.

In accounts covered by a signed Business Associate Agreement (BAA), retention and deletion of PHI will follow the terms specified in the BAA.

We do not guarantee restoration of deleted data.

7. Your Rights

Depending on your location, you may have rights to:

  • access your data
  • update or correct your information
  • request deletion of certain data
  • request a copy of your data
  • opt out of marketing communications

Submit requests to: [email protected]

8. Cookies & Tracking Technologies

We use minimal cookies and tracking technologies to:

  • maintain secure sessions
  • understand basic usage patterns
  • improve reliability

You may control cookies through your browser.

9. International Users

GrabDocs primarily operates and supports its services through infrastructure and operations based in the United States.

If you access the Service from outside the U.S., your information may be transferred to and processed in the United States.

By using the Service, you consent to this transfer.

Customers are responsible for compliance with local privacy and data transfer laws when using the Service outside the U.S.

10. HIPAA / Protected Health Information

Customers should not upload Protected Health Information (PHI) unless GrabDocs has expressly agreed in writing to support that use case under an appropriate agreement where required, such as a Business Associate Agreement.

Customer acknowledges they are solely responsible for compliance with applicable privacy laws, including HIPAA, when uploading, storing, or transmitting PHI.

GrabDocs is not responsible for compliance with other regulated data (e.g., payment card data, government IDs, financial or legal records). Customers are solely responsible for compliance unless otherwise agreed in writing.

11. Children's Privacy

GrabDocs is not intended for children under 13.

We do not knowingly collect information from children under 13.

If you believe a child has created an account, contact us for removal.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Material changes will be communicated via the website or email.

Continued use of GrabDocs after updates constitutes acceptance.

13. Contact Us

If you have questions or privacy-related requests, contact us at:

Email: [email protected]