Privacy Policy

Effective date: 28 August 2025

Entity responsible: Docwyn AI LLC (Wyoming, USA) ("Docwyn", "we", "us", or "our")

How to contact us: In‑product Live Support, or WhatsApp at +1 (585) 928‑3320. If you prefer email, use [email protected] (or your preferred privacy email) and we will respond.

This Privacy Policy describes how we collect, use, disclose, and protect personal data when you visit our websites, contact us, or use Docwyn’s products and services (collectively, the Services). Capitalized terms not defined here have the meanings in our Terms of Service.

1) Key roles & scope

• Customer as Controller; Docwyn as Processor. For documents and data you and your organization upload or route into the Services ("Customer Data"), your organization is the data controller (or business, under U.S. law) and Docwyn acts as a data processor (or service provider). We process Customer Data solely on your documented instructions, as set forth in the Terms and our Data Processing Addendum ("DPA").
• Docwyn as Controller. For our own website analytics, marketing, account administration, support logs, and anti‑abuse, Docwyn is the controller.
• Who this policy covers. Website visitors, trial users, customers, and end users whose data is processed via the Services.

2) Data we collect

a) Customer Data (processed as your processor)

• Document contents you submit for extraction/classification (e.g., invoices, purchase orders, bills of lading, receipts, bank statements, ID documents, passports, and other records), including any personal data contained in those documents (names, addresses, account numbers, dates of birth, identification numbers, etc.).
• Imports from connected sources you enable (e.g., email inboxes, WhatsApp, or ERPs/CRMs like OneDrive, Dynamics 365, SAP, or Salesforce).
• Metadata and usage generated by your use (e.g., file names, timestamps, model configuration, extraction outputs, accuracy feedback, and audit logs).

b) Docwyn‑controlled data (processed as controller)

• Account & billing: name, business email, company, role, authentication data, plan, payment and invoice details.
• Product telemetry: device/browser info, IP address, timestamps, feature usage, performance metrics, crash diagnostics.
• Support and communications: messages, tickets, call/chat recordings, and associated metadata.
• Marketing (if enabled): site analytics, cookie IDs, page views, campaign attributions, form submissions.

c) Sensitive data

The Services can process sensitive personal data only if your use case requires it and you lawfully collected it. You must provide the appropriate notice, consent, and lawful basis to your data subjects. Do not upload prohibited content (see Terms of Service).

3) Purposes & legal bases

When we are processor, we process Customer Data only to provide, secure, and support the Services under your instructions and contract.

When we are controller, we process personal data to:

• Provide and secure the Services (contract performance; legitimate interests)
• Improve functionality, quality, and reliability (legitimate interests)
• Communicate with you about the Services (contract; legitimate interests)
• Comply with legal obligations (legal obligation)
• With consent, for optional marketing where required (consent)

4) AI model use & training

• No use of Customer Data to train generalized models by default.We do not use Customer Data to train generalized or foundation models unless you (a) enable a setting clearly labeled as an opt‑in or (b) execute a written agreement that permits such use. Limited ephemeral processing to generate outputs is not training.
• Human‑in‑the‑loop. If you enable manual review for quality assurance or support, authorized personnel may access limited data under confidentiality obligations.

5) Sharing & disclosures

We may share personal data with:

• Subprocessors/service providers who host, store, transmit, or otherwise process data for us (e.g., cloud infrastructure, database, logging/monitoring, analytics, support tooling). We impose written obligations on subprocessors and remain responsible for their performance. We maintain a list of current subprocessors, available upon request.
• Third‑party integrations you enable (e.g., OneDrive, Dynamics 365, SAP, Salesforce, email, WhatsApp). Data shared is governed by each third party’s terms and privacy notices. You control and are responsible for these connections.
• Affiliates under common ownership, bound by this policy.
• Authorities where required by law or to protect rights, safety, and security.
• Business transfers (merger, acquisition, financing, or sale of assets). We will continue to protect data consistent with this policy.

6) International transfers

We and our subprocessors may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and implement technical/organizational measures to protect personal data during transfers.

7) Security

We maintain administrative, technical, and organizational measures designed to protect personal data, including access controls, encryption in transit and at rest where applicable, network protections, and audit logging. No system is 100% secure, and we cannot guarantee absolute security. You are responsible for securing your accounts, devices, and any third‑party integrations you enable.

8) Data retention

• Customer Data: retained for the term of your agreement and deleted or returned upon request or within a reasonable period after termination, subject to legal/archival requirements and automated backups.
• Docwyn‑controlled data: retained as necessary for the purposes described above (e.g., billing records for statutory periods; support logs for operational needs).

9) Your rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing, and to withdraw consent. To exercise rights, contact us via the methods above. We may authenticate your request and coordinate with your organization if they are the controller.

10) Children

The Services are not directed to children under 16, and we do not knowingly collect their personal data.

11) Cookies & similar technologies

We use essential cookies to operate the site; and, if you opt in (where required), analytics/advertising cookies to understand usage and improve the experience. You can manage cookies via your browser settings and, where available, our cookie banner.

12) WhatsApp & email imports

If you enable WhatsApp or mailbox imports, you authorize us to process message content and attachments to deliver the Services. You must ensure your use complies with the platform’s terms and applicable law. We are not affiliated with WhatsApp and do not control its features or policies.

13) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where required, provide notice. Your continued use after the effective date constitutes acceptance.

This Privacy Policy is provided for general informational purposes and does not constitute legal advice. You should obtain independent legal review before publishing.