GrabDocs – Privacy Policy

Last updated: [Date]

1. Introduction

GrabDocs ("we," "us," "our") provides document management, AI-powered search, transcription, and collaboration services ("the Service"). We are committed to protecting your privacy and handling your data responsibly.

This Privacy Policy explains how we collect, use, store, and protect information when you use GrabDocs. By using the Service, you agree to the practices described here.

2. Information We Collect

2.1 Account Information

We collect basic information you provide when creating an account, such as:

  • name
  • email address
  • password (securely hashed)

2.2 User Content

We store and process content you upload or create within the platform, including:

  • documents & files
  • receipts
  • meeting recordings & transcripts
  • messages
  • workspaces and settings

You retain full ownership of your User Content.

2.3 Usage Data

We collect technical information automatically, such as:

  • device & browser information
  • IP address
  • interaction logs (e.g., login events, errors, performance metrics)
  • anonymized usage analytics

2.4 Payment Information (via Stripe)

If you subscribe to a paid plan, Stripe—our third-party payments processor—may receive:

  • billing details
  • card information
  • transaction history

GrabDocs does not store full payment card numbers.

3. How We Use Your Information

3.1 To Provide the Service

We use collected data to:

  • store your documents
  • run AI-powered search and analysis
  • generate transcripts and summaries
  • manage your account and subscription
  • maintain reliability and security

3.2 AI Processing

AI features may process:

  • extracted text from documents
  • transcripts
  • receipts
  • queries
  • metadata

AI model providers process your data transiently and do not store your content, to the extent supported by their systems. AI outputs may not always be accurate.

3.3 Security, Fraud, and Abuse Prevention

We use logs and metadata to detect suspicious activity, enforce security measures, and maintain service integrity.

3.4 Communication

We may send essential account notifications, billing updates, or security alerts. You may opt out of non-essential messages at any time.

4. How We Share Information

We do not sell or rent your personal information.

We only share data with trusted third-party service providers necessary to operate the Service, including:

  • Supabase (authentication & database)
  • Cloudflare (security, CDN, DDoS protection)
  • Render (application hosting)
  • Stripe (billing)
  • AI model providers (for transient processing)

We do not give these providers access to your document content except where required to deliver core features (e.g., LLM processing).

We may disclose information if required by law or to protect rights, users, or system security.

5. Data Storage & Security

5.1 Secure Cloud Infrastructure

User content is stored in secured cloud environments managed by trusted providers (Supabase, Render, Cloudflare).

5.2 Encryption

  • Data at rest is encrypted using industry-standard methods.
  • Data in transit is protected via TLS 1.2/1.3.

5.3 Limited Access / No-Engineer-Access Policy

Internal administrative access is strictly limited and monitored.

Engineering staff do not access user documents except:

  • when required to resolve a support request initiated by you
  • when required by security protocols
  • when required by law

5.4 Backups

We maintain routine backups to help protect against accidental loss. Backup retention is limited and subject to operational needs.

6. Data Retention

We retain User Content for as long as your account is active.

When you delete content or close your account:

  • items are removed from active systems
  • limited residual copies may remain in secure backups for a short period
  • some aggregated or anonymized usage data may be retained

We do not guarantee restoration of deleted data.

7. Your Rights

Depending on your location, you may have rights to:

  • access your data
  • update or correct your information
  • request deletion of certain data
  • request a copy of your data
  • opt out of marketing communications

Submit requests to: [email protected]

8. Cookies & Tracking Technologies

We use minimal cookies and tracking technologies to:

  • maintain secure sessions
  • understand basic usage patterns
  • improve reliability

You may control cookies through your browser.

9. International Users

GrabDocs operates in the United States.

If you access the Service from outside the U.S., your information may be transferred to and processed in the United States.

By using the Service, you consent to this transfer.

10. Children's Privacy

GrabDocs is not intended for children under 13.

We do not knowingly collect information from children under 13.

If you believe a child has created an account, contact us for removal.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Material changes will be communicated via the website or email.

Continued use of GrabDocs after updates constitutes acceptance.

12. Contact Us

If you have questions or privacy-related requests, contact us at:

Email: [email protected]