GDPR Compliance
We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR).
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations collect, use, and protect personal data of individuals in the European Union. At Docrify, we apply GDPR principles globally to ensure the highest standards of data protection for all our users.
Our Commitment
Docrify is committed to GDPR compliance and has implemented comprehensive measures to ensure the protection of personal data:
- Appointed a Data Protection Officer (DPO)
- Conducted data protection impact assessments
- Implemented privacy by design principles
- Established lawful bases for all data processing activities
- Maintains records of processing activities
- Provides data processing agreements (DPA) for business customers
Your Data Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of your personal data we process
Right to Rectification
Request correction of inaccurate personal data
Right to Erasure
Request deletion of your personal data
Right to Restrict Processing
Request limitation of how we use your data
Right to Data Portability
Receive your data in a portable format
Right to Object
Object to processing based on legitimate interests
How We Process Your Data
Lawful Basis for Processing
We process personal data based on the following legal grounds:
- Contract: Processing necessary to fulfill our service agreement
- Consent: Where you have given explicit consent
- Legitimate Interest: For service improvement and security
- Legal Obligation: When required by law
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our standard retention periods are:
- Account data: Duration of account plus 30 days
- Call recordings: 90 days (configurable)
- Analytics data: 24 months (anonymized after 12 months)
- Billing records: 7 years (legal requirement)
International Transfers
When we transfer data outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfer Impact Assessments for each destination country
- Additional technical and organizational measures
Sub-processors
We use carefully selected sub-processors to help deliver our services. All sub-processors are bound by data processing agreements and undergo security assessments.
| Provider | Purpose | Location |
|---|---|---|
| AWS | Cloud Infrastructure | EU (Frankfurt) |
| Stripe | Payment Processing | USA/EU |
| Twilio | Voice/SMS Services | USA/EU |
| OpenAI | AI Processing | USA |
Contact Our Data Protection Officer
For any questions about GDPR compliance or to exercise your data rights, please contact our Data Protection Officer:
Email: dpo@docrify.com
Address: Docrify Data Protection Officer, 123 AI Street, San Francisco, CA 94105, USA
Response Time: Within 30 days as required by GDPR