docufykit.comVerify. Extract. Deliver.
Sign inQuickstart

Privacy Policy

Last updated: March 6, 2026

This Privacy Policy explains how docufykit.com ("Docufykit", "we", "us", "our") collects, uses, stores, and discloses personal data when you use our services, including:

  • our website and documentation
  • the customer portal
  • the document verification API
  • related support and sales channels

By using the service, you acknowledge this Privacy Policy.

1. Who We Are

Docufykit provides document verification and structured data extraction software for business customers.

For privacy requests, contact: [email protected]

For support, contact: [email protected]

2. Roles and Scope

Depending on the workflow, Docufykit may act as:

  • Data controller for account, billing, website, support, and service operations data.
  • Data processor for customer-submitted document and verification data processed on behalf of business customers.

Customers are responsible for ensuring they have a valid legal basis to submit personal data to Docufykit.

3. Data We Collect

We may collect the following categories of data:

A. Account and Organization Data

  • name
  • work email
  • organization name and membership role
  • authentication session and magic-link events

B. API and Integration Data

  • client app identifiers
  • API key metadata
  • webhook endpoint URLs and delivery metadata
  • request metadata provided by customers

C. Verification and Document Data

  • uploaded document files
  • extracted structured fields
  • verification outputs and decision statuses
  • processing logs, checksums, and reason codes

D. Billing Data

  • plan, quota, and usage records
  • invoice and payment status metadata
  • Stripe customer and checkout identifiers

We do not store full raw payment card numbers. Payment processing is handled by Stripe.

E. Support and Sales Communications

  • inquiry content
  • contact details you provide
  • attachments and message history

F. Technical and Security Data

  • IP address and approximate location
  • browser, device, and operating system information
  • timestamps, service logs, and audit/security events

4. How We Use Data

We use data to:

  • provide and maintain the service
  • authenticate users and secure access
  • process verification jobs and deliver webhook events
  • operate billing, subscriptions, top-ups, and invoicing
  • respond to support and sales requests
  • monitor reliability, prevent abuse, and improve performance
  • comply with legal obligations

5. Legal Bases (Where Applicable)

When required by applicable law (including GDPR/UK GDPR), we rely on:

  • performance of a contract
  • legitimate interests (service security, fraud prevention, product improvement)
  • legal obligations
  • consent (where explicitly requested)

6. Sharing and Subprocessors

We may share data with trusted service providers that help us operate the service, such as:

  • cloud hosting and infrastructure providers
  • object storage and CDN providers
  • email delivery providers (for magic links and transactional messages)
  • payment and billing processors (for example Stripe)
  • support/contact tooling providers

These providers are contractually restricted to processing data for authorized purposes only.

7. International Transfers

Your data may be processed in countries outside your jurisdiction. Where required, we implement transfer safeguards, such as contractual protections and equivalent measures required by applicable law.

8. Data Retention

We retain data only as long as needed for the purposes in this policy, including:

  • account and organization data: for the lifecycle of the account and legitimate post-termination obligations
  • verification and delivery records: according to plan retention settings and legal/operational requirements
  • billing records: as required by accounting and tax laws
  • security logs: for incident response, abuse prevention, and legal compliance

When data is no longer required, we delete or anonymize it according to our retention controls.

9. Security

We use administrative, technical, and organizational safeguards, including:

  • least-privilege access controls
  • encrypted transport (TLS)
  • secret and key management controls
  • logging and monitoring for abuse and incidents
  • regular dependency and infrastructure maintenance

No system is completely secure. You are responsible for keeping your account email and integration credentials secure.

10. Your Rights

Depending on your location, you may have rights to:

  • access your personal data
  • correct inaccurate data
  • request deletion
  • restrict or object to certain processing
  • receive a copy (data portability)
  • withdraw consent where processing is consent-based
  • lodge a complaint with a competent data protection authority

To exercise rights, contact [email protected].

For data submitted by a customer through the API, the customer (as controller) may need to handle the request first.

11. Cookies and Similar Technologies

We use cookies and similar technologies necessary for:

  • session and language preferences
  • security and abuse prevention
  • core service operation

If we introduce optional analytics or marketing cookies, we will provide additional notice and controls where required.

12. Children's Privacy

The service is intended for business users and is not directed to children under the age required by applicable law. We do not knowingly collect personal data from children in violation of applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version. Material changes may be communicated through the website, portal, or other service channels.

14. Contact

For privacy questions or requests:

If your organization requires a DPA or security review package, contact [email protected].