Privacy Policy

This Privacy Policy statement is made by the DocuChain
Company (collectively, "DocuChain", "we", "us" or "our")

Last edit: May 7, 2024

Privacy Policy

This Privacy Policy statement is made by the DocuChain
Company (collectively, "DocuChain", "we", "us" or "our").

DocuChain’s Privacy Commitment

We ask for only the least amount of information necessary, gathering only what we believe is essential for doing business, or for the specific transaction at hand. We let customers know the information we have on them and allow them to opt out of specific engagements. But, by far, our biggest commitment is that we do not make a single dollar from advertising revenue — never have, never will — even from the free editions of our products. This means we avoid the fundamental conflict of interest between gathering customer information and fueling advertising revenue, and the unavoidable compromises in customer privacy that it brings.

The goal of this policy is to make explicit the information we gather, how we will use it, and how we will not. This policy is unfortunately longer than we would like, but we must unambiguously address all the relevant cases. We will try and keep the language simple and direct as much as possible.

Scope of this Privacy Policy

This Privacy Policy is divided into three parts:

This Privacy Policy applies to all DocuChain websites that link to it. It also applies to the products and services provided by DocuChain through these websites, our mobile applications, and in other third-party online marketplaces.

Part I – Information DocuChain collects and controls

This part deals with how DocuChain collects and uses information about website visitors, potential customers, users of DocuChain's products and services, and others who contact DocuChain through forms or email addresses published on or linked to our websites.

Part II – Information that DocuChain processes on your behalf

This part deals with how DocuChain handles data that you entrust to DocuChain when you use our products and services, or when you share any personal or confidential information with us while requesting customer support.

Part III – General

This part deals with topics that are relevant to both Parts I and II, and other general topics such as DocuChain's security commitments and how we will inform you when we change this Privacy Policy.

Part I – Information DocuChain collects and controls

What information DocuChain collects

DocuChain collects information about you only if we require it for a legitimate purpose. DocuChain will have information about you only if (a) you have provided the information yourself, (b) DocuChain has automatically collected the information, or (c) DocuChain has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.

I. Data Entry

When you enter the details of signatories and watchers, we ask for information like name, email address, role to complete the process.

II. Event registrations and other form submissions

When you enter the details of signatories and watchers, we ask for information like name, email address, role to complete the process.

III. Testimonials

When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us at [email protected].

IV. Interactions with DocuChain

We may record, analyze, and use your interactions with us, including email, telephone, and chat conversations with our sales and customer support professionals, for improving our interactions with you and other customers.

Information that we collect automatically

I. Information from browsers, devices, and servers

Information from browsers, devices, and servers: When you visit our websites, we collect information that web browsers, mobile devices, and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer, and mobile network information. We include these in our log files to understand more about visitors to our websites.

II. Information from cookies and tracking technologies

We use temporary and permanent cookies to identify users of our services and to enhance user experience. We embed unique identifiers in our downloadable products to track usage of the products. We also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness, and for targeted visitor and user engagement by tracking your activities on our websites. We mostly use first-party cookies and do not use third-party cookies or other third-party tracking technologies on our websites for non-essential or intrusive tracking. We also use first-party Local Storage Objects (LSOs) such as HTML5 to store content information and preferences to provide certain features.

III. Information from application logs and mobile analytics

We collect information about your use of our products, services, and mobile applications from application logs and in-house usage analytics tools and use it to understand how your use and needs can improve our products. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilized, user settings and configurations, and devices used to access and their locations.

Information that we collect from third parties

I. Information from social media sites and other publicly available sources

When you provide feedback or reviews about our products, interact, or engage with us on marketplaces, review sites, or social media sites such as Facebook, Twitter, LinkedIn, and Instagram through posts, comments, questions, and other interactions, we may collect publicly available information to allow us to connect with you, improve our products, better understand user reactions and issues, or to reproduce and publish your feedback on our websites. We must tell you that once collected, this information may remain with us even if you delete it from these sites. DocuChain may also add and update information about you from other publicly available sources.

In addition to the purposes mentioned above, we may use your information for the following purposes:

•

To communicate with you (such as through email) about products that you have downloaded and services that you have signed up for, changes to this Privacy Policy, changes to the Terms of Service, or important notices;

•

To keep you updated on new products and services, upcoming events, offers, promotions, and other information that we think will be of interest to you;

•

To request your participation in surveys or to solicit feedback on our products and services;

•

To set up and perform all other necessary tasks for providing our services, such as enabling collaboration, providing website and mail hosting, and backing up and restoring your data;

•

To understand how users utilize our products and services, to monitor and prevent issues, and to enhance our products and services;

•

To provide customer support and to analyze and improve our interactions with customers;

•

To identify and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of DocuChain, DocuChain’s users, third parties, and the public;

•

To update, expand, and analyze our records, identify new customers, and offer products and services that may be of interest to you;

•

To analyze trends, administer our websites, and track visitor navigation on our websites to understand what visitors are seeking and to better assist them;

•

To monitor and enhance marketing campaigns and provide relevant suggestions to users.

Legal bases for collecting and using information

Legal processing bases applicable to DocuChain

If you are an individual from the European Economic Area (EEA), our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on contractual necessity, one or more legitimate interests of DocuChain or a third party that are not overridden by your data protection interests, or your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.

Withdrawal of consent

Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.

Legitimate interests notice

Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.

Your choice
in information use

Opt out of non-essential electronic communications

You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages. However, you will continue to receive essential notices and emails such as security incident alerts, security and privacy update notifications, and essential transactional related emails.

Disable cookies

You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.

Optional information

You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.

Your choice in information use

Employees and independent contractors

Employees and independent contractors of relevant DocuChain group entities have access to the information covered in Part I on a need-to-know basis. We require all employees and independent contractors of DocuChain group entities to follow this Privacy Policy for personal information that we share with them.

Third-party service providers

We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as marketing and advertising partners, event organizers, web analytics providers and payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.

Domain registrars

When you register a domain through DocuChain from domain name registrars, we share your name and contact information such as your physical address, email address, and phone number with them as per the ICANN domain registration rules.

Reselling partners

We may share your personal information with our authorized reselling partners in your region, solely for the purpose of contacting you about products that you have downloaded or services that you have signed up for. We will give you an option to opt out of continuing to work with that partner.

Marketplace application developers

When you install or purchase any application developed using DocuChain's APIs that is posted on DocuChain’s online marketplace, your name and email address will be shared with the developer of the application, so they may engage with you directly as the provider of that application or service. DocuChain does not control the use of your personal information by the developers, which will be based on their own privacy policies.

Other cases

Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.

Your rights with respect to information we hold about you as a controller

If you are in the European Economic Area (EEA), you have the following rights with respect to information that DocuChain holds about you. DocuChain undertakes to provide you the same rights no matter where you choose to live.

Right to access

You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose, and period of processing, and the persons to whom the information is shared.

Right to rectification

You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.

Right to erasure

You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.

Right to restriction of processing

You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to data portability

You have the right to transfer your information to a third party in a structured, commonly used, and machine-readable format, in circumstances where the information is processed with your consent or by automated means.

Right to object

You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.

Right to complain

You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use, or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.

Retention of information

We retain your personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

Part II – Information that Zoho processes on your behalf

Information entrusted to DocuChain and purpose

Information from mobile devices

When you authorize it, some of our mobile applications may access features like the camera, microphone, call history, contacts, photo library, files, and other data stored on your mobile device. Our applications require such access to deliver their services effectively. Additionally, when you grant permission, location-based data is collected for various purposes, including locating nearby contacts or setting location-based reminders. This data is solely shared with our mapping providers and is utilized solely for mapping user locations. You have the option to disable access to this information for mobile applications at any time by adjusting your device settings. Data stored on your mobile device and its location information, accessible to mobile applications, will be used within the application's context and associated with your account in the relevant services (where it will be stored on our servers) or products (where it will remain with you unless shared with us).
(All the information entrusted to DocuChain is collectively referred to as "service data.")

Ownership and control of your service data

We acknowledge that you maintain ownership of your service data. You have full control over your service data, including the ability to access it, share it through supported third-party integrations, and request its export or deletion.

How we use service data

We process your service data based on the instructions you provide through the various modules of our services. For instance, when you utilize our invoicing service to generate an invoice, details such as your customer's name and address will be utilized for invoice creation. Similarly, when employing our campaign management service for email marketing, the email addresses of individuals on your mailing list will be utilized for sending emails.

Push notifications

If you have enabled notifications on our desktop and mobile applications, we will send push notifications using a push notification provider such as Apple Push Notification Service, Google Cloud Messaging, or Windows Push Notification Services. You can manage your push notification preferences or disable these notifications by adjusting the notification settings within the application or device.

Who we share service data with

Company DocuChain and third-party sub-processors

In order to provide services and technical support for our products, DocuChain engages other group entities
and third parties.

Employees and independent contractors:

We may provide access to your service data to our employees and individuals who are independent contractors of DocuChain involved in providing the services. This access allows them to (i) identify, analyze, and resolve errors, (ii) manually verify emails reported as spam to improve spam detection, or (iii) manually verify scanned images submitted to us to verify the accuracy of optical character recognition. Access to your service data is restricted to specific individuals, logged, and audited. Our employees also have access to data you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within DocuChain.

Collaborators and other users

Some of our products or services allow you to collaborate with other users or third parties. Initiating collaboration may enable other collaborators to view some or all of your profile information. For example, when you edit a document that you have shared with others for collaboration, your name will be displayed next to your edits to inform your collaborators about the changes made.

Third-party integrations you have enabled

Most of our products and services support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service data and personal information about you. We encourage you to review the privacy practices of the third-party services and products before enabling integrations with them.

Other cases

Additional scenarios where we may share information, similar to the data covered in Parts I and II, are described in Part III.

Retention of information

We retain your data as long as you continue to use DocuChain Services. Once you terminate your actions in service data will eventually be deleted from the active database during the next cleanup, which occurs once every six months. The data deleted from the active database will also be removed from backups after three months.

Data subject requests

If you are from the European Economic Area and believe that we store, use, or process your information on behalf of one of our customers, please contact the customer if you would like to access, rectify, erase, restrict, or object to processing, or export your personal data. We will provide support to our customer in responding to your request within
a reasonable timeframe.

Part III – General

Children’s personal information

Our products and services are not intended for individuals under the age of 16. DocuChain does not knowingly collect personal information from children under 16 years of age for its own purposes. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 16 years has provided personal information to us, please contact us, and we will take the necessary steps to delete the information we hold about that child. However, using our products, you may collect information about individuals who may be children. If you process information relating to children, you acknowledge and agree that you will be responsible for complying with the applicable laws and regulations related to the protection of such personal information.

How secure is your information

At DocuChain, we prioritize data security. We have implemented rigorous administrative, technical, and physical safeguards to prevent unauthorized access, use, modification, disclosure, or destruction of the information you entrust to us.

Data Protection Officer

We have appointed a Data Protection Officer to oversee our management of your personal information in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to [email protected] or by writing to: Data Protection Officer, DocuChain Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands.

Locations and international transfers

We share your personal information and service data within the DocuChain Group and with third parties engaged by DocuChain Group for the purposes described above. By accessing or using our products and services or otherwise providing personal information or service data to us, you understand that the processing, transfer, and storage of your personal information or Service Data within the United States of America, the European Economic Area (EEA) and other countries where DocuChain operates. Such transfers are subject to appropriate data protection agreements such as a group company agreement that is based on EU Commission’s Model Contractual Clauses for data processing activities to which GDPR applies. You can write to [email protected] for obtaining a copy of the agreements on the basis of which we transfer your data within DocuChain Group and with the third parties engaged by us.

Automation and Artificial Intelligence

In order to provide enhanced productivity and predictive capabilities to our users, we employ a variety of technologies such as regex parsing, template matching, artificial intelligence, and machine learning. In keeping with DocuChain's commitment not to exploit your data in a way that is not respectful of your privacy and confidentiality expectations, we make only the following limited use of service data for these technologies: (i) using anonymized crops of service data to improve accuracy of the algorithms; and (ii) using your organization's data for developing models specific for your organization. Our automation and artificial intelligence technologies are mostly powered by our own organization's data such as internal communications, communications with customers and internal documents as well as free and paid external sources.

Do Not Track (DNT) requests

Some internet browsers have enabled 'Do Not Track' (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you don't wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals.

External links on our websites

Some pages of our websites may contain links to websites that are not linked to this Privacy Policy. If you submit your personal information to any of these third-party sites, your personal information is governed by their privacy policies. As a safety measure, we recommend that you not share any personal information with these third parties unless you've checked their privacy policies and assured yourself of their privacy practices.

Blogs and forums

We offer publicly accessible blogs and forums on our websites. Please be aware that any information you provide on these blogs and forums may be used to contact you with unsolicited messages. We urge you to be cautious in disclosing personal information in our blogs and forums. DocuChain is not responsible for the personal information you elect to disclose publicly. Your posts and certain profile information may remain even after you terminate your account with DocuChain.

Social media widgets

Our websites include social media widgets such as Facebook "like" buttons and Twitter "tweet" buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate on the website, and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.

Disclosures in compliance with legal obligations

We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.

Enforcement of our rights

We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, spam filtering, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.

Business Transfers

We do not anticipate selling our business. However, in the unlikely event of a sale, acquisition, or merger, we will ensure that the acquiring entity is legally obligated to uphold our commitments to you. Any change in ownership or the use of your personal information and service data will be communicated to you via email or through prominent notice on our website. We will also inform you of any choices you may have concerning your personal information and service data.

Compliance with this Privacy Policy

We diligently strive, including through regular reviews, to ensure that the personal information you provide is used in accordance with this Privacy Policy. If you have any concerns about our adherence to this Privacy Policy or the handling of your personal information, please contact us at [email protected]. We will promptly address your concerns and, if necessary, collaborate with the appropriate regulatory authorities to resolve them effectively.

Notification of changes

We may update the Privacy Policy as needed, and we will inform you of any modifications through a service announcement or by sending an email to your primary email address. If there are significant changes to the Privacy Policy that impact your rights, you will receive at least 30 days' advance notice via email to your primary email address. However, if your email address is not verified, you may miss important notifications sent via email. If you believe that the updated Privacy Policy affects your rights regarding our products or services, you have the option to terminate your use by sending us an email within 30 days. Your continued use following the effective date of changes to the Privacy Policy will constitute acceptance of the updated terms. Minor changes to the Privacy Policy will not trigger email notifications.