Privacy Policy

Last updated: January 2026

DocCollector is operated from Norway and is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

Account Holders (Accountants)

  • Email address — for authentication and communication
  • Name and company name — displayed to your clients
  • Payment information — processed securely by Stripe (we do not store card details)

Clients (Document Uploaders)

  • Name and email address — provided by the accountant who created the request
  • Uploaded documents — files you upload in response to document requests

Automatically Collected

  • IP address — temporarily stored in memory for rate limiting and abuse prevention (not persisted to database)
  • Browser type — for security purposes
  • Theme preference — your light/dark mode choice is stored locally in your browser
  • Anonymous usage analytics — page views and interactions collected without cookies or personal identifiers (see Analytics section below)

How We Use Your Data

  • To provide and operate the DocCollector service
  • To send transactional emails (document requests, reminders, notifications)
  • To process payments and manage subscriptions
  • To protect against fraud and abuse
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising.

Data Storage and Security

Your data is primarily stored and processed within the European Union:

  • Database and file storage — hosted in Frankfurt, Germany
  • Application servers — Scalingo (hosted in France)
  • Encryption — all data is encrypted in transit (TLS) and at rest

Security Measures

  • Passwordless authentication via secure magic links
  • Time-limited access tokens for document uploads (expire after 30 days)
  • Rate limiting to prevent abuse
  • File type validation to prevent malicious uploads
  • Row-level security ensuring users can only access their own data

Third-Party Services

We use the following third-party services:

  • Supabase (EU region) — database, authentication, and file storage
  • Scalingo (France) — application hosting
  • Stripe (US-based) — payment processing, operating under Standard Contractual Clauses for EU data transfers
  • Resend (EU region - Ireland) — transactional email delivery
  • PostHog (EU region - Frankfurt) — anonymous product analytics

Analytics

We use PostHog for anonymous product analytics to understand how our service is used and to improve it. Our analytics are configured in cookieless mode, which means:

  • No cookies or local storage are used for tracking
  • No personally identifiable information is collected
  • Users cannot be tracked across sessions or days
  • All analytics data is processed and stored in the EU (Frankfurt, Germany)

Because we use cookieless analytics, no consent banner is required under GDPR.

Data Retention

  • Account data is retained while your account is active
  • Uploaded documents are retained until deleted by the accountant or upon account deletion
  • Email delivery logs (recipient, subject, delivery status) are retained by our email provider for up to 30 days for deliverability purposes
  • When you delete your account, all associated data is permanently removed, including your payment information from Stripe

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Object to processing

To exercise these rights, contact us at the email below.

Contact

For privacy-related inquiries, contact us at: support@doccollector.app

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to account holders.

←  Back to home
Privacy Policy - DocCollector | DocCollector