Privacy Policy

Last updated: January 12, 2026

1. Introduction

Doclo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at doclo.ai, use the Doclo SDK, or access Doclo Cloud services.

Please read this Privacy Policy carefully. By using our services, you consent to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

We collect information in several ways depending on how you interact with our services:

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, company name, and password.
  • Payment Information: If you subscribe to a paid plan, we collect billing information including payment card details (processed securely through our payment processor), billing address, and transaction history.
  • Communications: When you contact us for support or inquiries, we collect the content of your messages, email address, and any attachments you provide.
  • API Keys: We securely store third-party API keys you provide to enable AI provider integrations. These are encrypted at rest and in transit.

2.2 Information Collected Automatically

  • Log Data: We collect information your browser sends when visiting our website, including IP address, browser type and version, operating system, referring URLs, pages viewed, and access times.
  • Device Information: We collect information about the device you use to access our services, including device type, unique device identifiers, and mobile network information.
  • Usage Analytics: We collect information about how you use our services, including features accessed, actions taken, flow executions, error logs, and performance metrics.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See Section 8 for more details.

2.3 Document Data

  • Doclo Cloud: Documents processed through Doclo Cloud are handled transiently by default. We do not store the content of your documents beyond what is necessary to complete the processing request, unless you explicitly configure data retention settings.
  • Doclo SDK: When using the self-hosted SDK, documents never leave your infrastructure. We do not have access to any documents processed through the SDK.
  • Extracted Data: Structured data extracted from your documents may be stored in your Doclo Cloud workspace for analytics and auditing purposes, subject to your retention settings.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Provide, operate, and maintain our services
  • Process your document extraction and classification requests
  • Manage your account and provide customer support
  • Process payments and send transaction confirmations

3.2 Service Improvement

  • Analyze usage patterns to improve our services
  • Develop new features and functionality
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse

3.3 Communications

  • Send administrative notifications about your account
  • Respond to your comments, questions, and support requests
  • Send technical notices, updates, security alerts, and support messages
  • Send promotional communications (with your consent, where required)

3.4 Legal and Safety

  • Comply with legal obligations and respond to lawful requests
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service and other agreements

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, such as payment processing, data hosting, analytics, customer support, and email delivery. These providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 AI Providers

When you use Doclo Cloud or the SDK with third-party AI providers (such as OpenAI, Anthropic, Google, Mistral, etc.), your document data is sent to these providers for processing. Each provider has their own privacy policy and data handling practices. We encourage you to review the privacy policies of any AI providers you use.

4.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), to protect our rights or property, or to prevent harm.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations:

  • Account Data: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
  • Transaction Data: Retained for 7 years to comply with tax and accounting requirements.
  • Document Data: Processed transiently and deleted immediately after processing, unless you configure custom retention settings.
  • Usage Analytics: Aggregated and anonymized data may be retained indefinitely for service improvement.
  • Log Data: Retained for up to 90 days for security and debugging purposes.

You may request deletion of your data at any time by contacting us. Some information may be retained as required by law or for legitimate business purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access Controls: We implement role-based access controls and require multi-factor authentication for administrative access.
  • Infrastructure Security: Our services are hosted on secure cloud infrastructure with regular security audits and penetration testing.
  • API Key Security: Third-party API keys are stored using envelope encryption with customer-specific keys.
  • Monitoring: We continuously monitor our systems for security threats and anomalies.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Third-Party Services and Links

Our services integrate with and contain links to third-party services. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use, including:

  • AI providers (OpenAI, Anthropic, Google, Mistral, etc.)
  • OCR services (Datalab, Reducto, etc.)
  • Payment processors
  • Analytics services

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities:

8.1 Types of Cookies

  • Essential Cookies: Required for the website to function properly, including authentication and security cookies.
  • Analytics Cookies: Help us understand how visitors interact with our website to improve user experience.
  • Preference Cookies: Remember your settings and preferences for future visits.

8.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling certain cookies may affect the functionality of our services.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

9.1 Access and Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format.

9.2 Correction

You have the right to request correction of inaccurate or incomplete personal information.

9.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions.

9.4 Restriction and Objection

You have the right to restrict or object to certain processing of your personal information.

9.5 Withdraw Consent

Where we rely on consent, you have the right to withdraw your consent at any time.

9.6 Marketing Communications

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us.

To exercise any of these rights, please contact us at founders@doclo.ai. We will respond to your request within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those of your country. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Do Not Sell: We do not sell your personal information as defined by the CCPA.

To exercise these rights, please contact us at founders@doclo.ai.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on contract performance, legitimate interests, consent, or legal obligations.
  • Data Protection Officer: For GDPR-related inquiries, contact us at founders@doclo.ai.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email (if you have an account) or by posting a notice on our website prior to the changes becoming effective.

We encourage you to review this Privacy Policy periodically for any updates. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate requests within 30 days. In certain circumstances, we may need additional time, in which case we will notify you.

Doclo Logo
2026 All Rights Reserved
Privacy PolicyTerms of Service