Privacy Policy for Deeplodoc

Last Updated: January 2026

At Deeplodoc, we are committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your data when you use our service. By using Deeplodoc, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Personal Information:

We collect personal information that you provide to us, including your name and email address. If you make payments, we may also collect payment information necessary to process transactions.

Google Account Data:

With your explicit consent, we access your Gmail account to read emails containing invoices. We also access your Google Drive to save processed invoices. This access is granted only after you subscribe to our service and authorize us through Google OAuth.

Non-Personal Information:

We automatically collect certain non-personal information, including cookies and analytics data, to improve our service and user experience.

2. Purpose of Data Collection

  • To process invoices from your Gmail account
  • To save processed invoices to your Google Drive
  • To improve the quality and functionality of our service
  • To process payments and manage subscriptions

3. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances: (1) when required by law or legal process, (2) to provide our service through Google APIs (Gmail and Google Drive), which requires sharing necessary data with Google in accordance with their terms of service.

4. Data Protection and Legal Basis

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Legal Basis for Processing

Our processing of your personal data is based on:

  • Your explicit consent for Gmail and Google Drive access
  • Performance of our service contract with you
  • Our legitimate interest in improving service quality and detecting fraud

We have conducted a Data Protection Impact Assessment (DPIA) to evaluate the risks associated with processing Gmail and Google Drive data.

5. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

Data Categories and Retention Periods:

Active Account Data

While your account is active, we retain: (1) Your email and name for authentication, (2) Records of processed invoices for service delivery, (3) Payment information as required by payment processors, (4) System logs and audit trails for security (retained for 90 days).

After Cancellation

After you cancel your subscription or disconnect the service: (1) We delete your personal information (email, name) within 30 days, (2) We preserve audit logs for 90 days for security purposes.

Google Drive Files

Important: Invoices you have saved to Google Drive remain in your Google Drive account and are under your control. We do not delete files from your Google Drive.

You may request deletion of your data at any time by contacting us at support@deeplodoc.io, subject to legal retention requirements.

We will process your deletion request within 30 days and confirm completion by email.

6. Data Processors and Third Parties

We use the following third-party service providers to deliver our services:

Google Workspace APIs

When you authorize us to access your Gmail and Google Drive, we use Google's APIs to process your data. Google acts as a data processor on our behalf under a Data Processing Agreement that complies with GDPR Article 28. Your data is processed by Google in accordance with their Privacy Policy and Terms of Service.

Your Gmail and Google Drive data remains under your control and in your Google account. We only access this data to provide the invoice processing service.

Supabase

We use Supabase for authentication and user data storage. Supabase is a GDPR-compliant data processor with appropriate security measures.

All our data processors have signed Data Processing Agreements (DPAs) that ensure compliance with GDPR requirements.

7. Data Breach Notification

We take data security seriously and have procedures in place to handle potential data breaches.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you promptly without undue delay and in accordance with GDPR Article 33 (within 72 hours of discovery).

Our notification will include:

  • The nature of the personal data breach
  • The name and contact details of our Data Protection contact point
  • The likely consequences of the data breach
  • Measures we have taken or will take to address the breach and mitigate any harm

For data protection and security inquiries, contact us at support@deeplodoc.io

8. Children's Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately so we can delete such information.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by email to the address associated with your account. The "Last Updated" date at the top of this policy indicates when it was last revised.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@deeplodoc.io

By using our service, you agree to the terms of this Privacy Policy.