Privacy Policy

DocuThink (hereinafter "we", "us" or "the Company") is committed to protecting the privacy of its users. This Privacy Policy describes in a transparent and comprehensive manner how we collect, use, share and protect your personal data when you use our platform available at https://docuthink.com (the "Service").

By accessing or using DocuThink, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree to these practices, please discontinue using our services.

The person responsible for processing your personal data is:

DocuThink SAS
Contact email: contact@docuthink.io

For any questions relating to your personal data, you can contact us directly at this address.

We use your personal data for the following purposes, always in compliance with the principle of data minimization:

• Providing and maintaining the Service: processing your documents, generating summaries, enabling team collaboration.
• Personalize your experience: adapt the features to your profile and usage.
• Improving our AI algorithms: based solely on aggregated and anonymized data, never your individual documents without explicit consent.
• Communication: to send you important notifications, Service updates, or respond to your support requests.
• Security: detecting and preventing fraud, abuse, and malicious activities.
• Legal obligations: comply with our applicable legal and regulatory obligations.
• Marketing: with your consent only, to inform you of new features or offers.

For users located in the European Economic Area (EEA), we process your data on the following legal bases:

• Contract execution: processing necessary to provide the Service you have requested.
• Legitimate interest: improvement of the Service, security, fraud prevention.
• Consent: for marketing communications and certain non-essential cookies. You can withdraw your consent at any time.
• Legal obligation: when the law requires us to retain or disclose certain data.

DocuThink never sells your personal data to third parties. We may share your data only in the following situations:

• Service providers: cloud hosting providers (AWS), payment processors (Stripe), analytics tools — bound by strict confidentiality agreements.
• Allowed integrations: Google Drive and Slack, according to the permissions you have explicitly granted.
• Business transfers: in the event of a merger, acquisition or sale of assets, you will be informed in advance.
• Legal requirements: if required by law or to protect our rights and the safety of our users.

No document you upload is shared with third parties without your explicit consent.

We retain your personal data for as long as necessary for the purposes described in this policy:

• Account data: kept for the duration of your subscription + 30 days after cancellation to allow for reactivation.
• Uploaded documents: deleted within 7 days of your deletion request or account termination.
• Billing data: kept for 10 years in accordance with legal accounting obligations.
• Technical logs: kept for a maximum of 90 days for security reasons.

Upon expiry of these periods, your data is securely and irreversibly deleted.

DocuThink uses cookies and similar technologies to operate our Service and improve the user experience:

• Essential cookies: indispensable for the operation of the Service (session, authentication). Cannot be disabled.
• Performance cookies: help us understand how you use the Service (anonymized data). Can be disabled.
• Preference cookies: remember your display and language settings. Can be disabled.

You can manage your cookie preferences via our consent banner or your browser settings.

The security of your data is a top priority at DocuThink. We implement the following measures:

• End-to-end encryption of all communications (TLS 1.3).
• Encryption of your data at rest (AES-256).
• Strict access controls: only authorized members of the DocuThink team can access production data.
• Regular security audits and penetration tests.
• Two-factor authentication is available for your account.
• Infrastructure hosted on AWS with SOC 2 and ISO 27001 certifications.

In the event of a data breach that may affect your rights, we undertake to notify you within 72 hours in accordance with the GDPR.

In accordance with the GDPR and applicable data protection laws, you have the following rights:

• Right of access: to obtain a copy of your personal data that we hold.
• Right of rectification: to correct inaccurate or incomplete data.
• Right to erasure: request the deletion of your data ("right to be forgotten").
• Right to data portability: to receive your data in a structured and machine-readable format.
• Right to object: to object to the processing of your data for marketing or legitimate interest purposes.
• Right to restriction of processing: to request the restriction of processing in certain circumstances.
• Right to withdraw your consent: at any time, without affecting the lawfulness of the previous processing.

To exercise any of these rights, please contact us at contact@docuthink.io. We will respond within 30 days. You also have the right to lodge a complaint with the relevant supervisory authority (CNIL in France).

Your data may be processed in countries outside the EEA (including the United States, where AWS operates servers). These transfers are governed by standard contractual clauses approved by the European Commission, guaranteeing a level of protection equivalent to that of the EEA.

DocuThink is a professional service intended for individuals aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, please contact us immediately at contact@docuthink.io and we will delete it.

We may update this Privacy Policy to reflect legal, technical, or business changes. In the event of a substantial change, we will notify you by email at least 30 days before the changes take effect. Your continued use of the Service after this date constitutes acceptance of the revised policy.

For any questions relating to this Privacy Policy or your personal data:

• Email: contact@docuthink.io
• Site: https://www.docuthink.io/privacy

We are committed to responding to all requests within 5 business days.