Data Privacy Policy

Because docrud may process documents, spreadsheets, signatures, access logs, and AI analysis requests, users should upload or input only the information their organization is authorized to process and protect.

Where high-risk or regulated data is involved, customers should review internal policy requirements before using advanced features such as AI analysis, encrypted delivery, or external sharing.

Users should apply data minimization in practice and avoid placing unnecessary personal information, secrets, payment credentials, health records, government identifiers, or unrelated confidential material into the platform merely because a feature technically allows file or text input.

Users should avoid processing sensitive personal information, highly regulated data, or children’s data through the platform unless they have a valid lawful basis, internal authorization, and an appropriate operational reason to do so.

Where children’s data, health data, financial credentials, biometric information, or other sensitive categories are involved, the customer remains responsible for assessing whether additional consent, notice, security, or legal restrictions apply under Indian law or any other applicable law.

The product is not positioned as a child-directed service, regulated medical record system, banking core system, or biometric identity platform. Customers should therefore apply heightened caution before using it for particularly sensitive categories of information.

Super admin and authorized workspace administrators may have visibility into usage, billing, consent status, and certain support-relevant metadata needed to manage the platform responsibly.

Protected document content may remain restricted even where surrounding metadata is visible for operational tracking, entitlement checks, or security review.

Customers who enable internal teams should inform their users, contractors, or personnel as appropriate that administrators may have operational visibility into workspace events, billing state, consent records, and other governance-relevant information within the product.

The operator seeks to maintain reasonable security practices and procedures appropriate to the service model, taking into account the nature of data, account controls, access gating, encryption features, retention needs, and operational risk.

Users acknowledge that reasonable security also depends on workspace configuration, password hygiene, endpoint security, employee conduct, approval discipline, and proper handling of downloaded or exported content outside the platform.

No statement in this policy should be interpreted as a guarantee that any particular dataset, workflow, or customer configuration automatically satisfies every contractual information-security schedule or every legal test that may be asserted in a dispute.

Features such as DoXpert, Visualizer AI, document parser, support AI, and DocSheet AI may process the content supplied by the user in order to generate summaries, visuals, scorecards, recommendations, or workflow outputs. Customers should use such features only for material they are permitted to process through an AI-assisted software flow.

The operator aims to keep those features useful and controlled, but customers remain responsible for deciding whether a specific document, dataset, or internal matter is suitable for AI-assisted handling under their own legal, contractual, and policy obligations.