Privacy Policy

This policy describes how docrud handles personal and operational data in connection with its software services. The policy is intended to be read with applicable Indian law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, to the extent and from the time relevant provisions apply to the processing in question.

Where a customer acts as the primary deciding party for document content, recipients, sharing, or processing purpose, that customer may independently bear obligations as a controller, business user, or equivalent deciding party for its own use of the product.

Nothing in this policy should be read as a representation that every customer use case is automatically compliant with every applicable privacy, employment, financial, sectoral, evidentiary, or cross-border rule. Customers remain responsible for assessing their own legal basis, notice requirements, and internal permissions.

docrud may collect account details, workspace information, policy acceptance records, billing records, uploaded content metadata, access logs, document activity history, and operational analytics required to run the platform.

Where product features involve AI, analysis requests may use document text, sheet content, prompts, and surrounding workflow context strictly to produce the requested software output.

Depending on feature usage, the platform may also record team member identities, internal login IDs, transfer access events, encrypted session metadata, signature evidence logs, device or session indicators, and consent or acknowledgement records necessary to operate governed workflows.

Information may be processed for account creation, authentication, access management, support, billing, security, fraud prevention, file and document workflow execution, consent recording, analytics, platform administration, feature improvement, and compliance response.

Where consent is used as a basis for specific processing, the platform may record acceptance events, timestamps, and related identifiers. In other cases, processing may occur because it is necessary to provide the requested service, to maintain product security, to comply with law, or to support legitimate product operations.

Where a customer or workspace administrator instructs the platform to send, analyze, encrypt, share, store, or route a document or data object, the platform may process the relevant information to execute those instructions, maintain integrity of the workflow, and preserve records reasonably necessary for support or dispute handling.

Information is used to authenticate users, operate workspaces, enforce plans, maintain auditability, secure file and document workflows, improve product reliability, and support billing, support, and compliance operations.

docrud does not position AI-generated analysis as a substitute for independent legal, tax, accounting, compliance, or professional advice.

The operator may also use de-identified, aggregated, or service-level operational information for platform optimization, abuse detection, system health analysis, capacity planning, and product administration, provided such use is not intended to re-identify a person except where necessary for security, fraud prevention, or compliance response.

Workspace owners and super administrators may have visibility into certain account, usage, consent, and operational records required for product administration, platform support, fraud prevention, and compliance handling.

Tenant-protected content, restricted document access, and gated delivery modes may still require separate passwords, access codes, or workspace authorization even where metadata remains visible for control or support purposes.

Where customers create internal users or team members, those team members may gain access to shared mailbox threads, sheet sessions, file-transfer records, or workspace modules according to the permissions assigned by the workspace owner. Customers are responsible for configuring those permissions appropriately.

Data may be retained for the period reasonably necessary to deliver the service, maintain logs, resolve disputes, enforce contracts, protect rights, respond to legal process, preserve evidence, or satisfy internal security and accounting requirements.

The operator may disclose data where required by applicable law, valid legal process, judicial order, government direction, fraud investigation, or a good-faith need to protect the rights, safety, systems, or customers of the operator.

Where permitted by law and operationally feasible, requests for correction or update may be addressed through account controls, support processes, or administrative actions. However, certain logs, invoices, audit trails, consent records, and security records may need to be preserved in their original recorded form.

The platform may rely on hosting, infrastructure, analytics, AI, communications, or payment service providers in order to operate the service. Use of such providers remains subject to the operator’s commercial and security controls, but customers acknowledge that modern software services may involve storage, support, or processing components across multiple systems or jurisdictions.

Customers should avoid uploading material that they are not authorized to place into a cloud software workflow or into an AI-assisted processing request. Where a customer has strict residency, secrecy, procurement, or export-control constraints, that customer should independently evaluate whether a particular workflow is appropriate before use.