Last Updated: July 6, 2026
DocManager Pro ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our document management platform and related services (collectively, the "Service"). By accessing or using the Service, you consent to the practices described in this policy.
1. Information We Collect
1.1 Personal Information You Provide
When you register for an account, we collect: your full name, email address, company name (optional), and account password (encrypted). When you make a purchase, our payment processor (PayPal) collects billing information including credit card details, billing address, and transaction data. We do not store full credit card numbers on our servers. We receive transaction confirmation and payment status from PayPal but do not have access to your complete financial instrument details.
1.2 Information Collected Automatically
When you use our Service, we automatically collect: (a) Log Data — IP address, browser type, operating system, referring/exit pages, date/time stamps, and clickstream data; (b) Usage Data — features accessed, documents uploaded/downloaded, storage consumed, login frequency, session duration, and feature interaction patterns; (c) Device Information — device type, unique device identifiers, and network information. We use cookies and similar tracking technologies (including localStorage and sessionStorage) to maintain your session, remember preferences, and analyze usage patterns. You can control cookie settings through your browser, but disabling cookies may affect Service functionality.
1.3 Documents and Content
We store the documents, files, and content you upload to the Service ("User Content"). We collect metadata associated with your User Content, including file names, file sizes, file types, upload timestamps, and folder/category organization. We do not access, scan, or analyze the contents of your documents for advertising, profiling, or any purpose other than providing the Service features you request (such as search indexing).
2. How We Use Your Information
We use the information we collect for the following purposes:
(a) Service Delivery: To create and maintain your account, process your documents, enable search and retrieval, manage storage quotas, and provide customer support.
(b) Payment Processing: To process subscription payments, verify transactions, issue refunds, and maintain billing records. All payment processing is handled by PayPal in accordance with their privacy policy.
(c) Communication: To send service-related communications including: account registration confirmation, password reset codes (or display them directly upon registration), subscription confirmations, renewal reminders, security alerts, and changes to our policies or terms. Administrative messages cannot be opted out of as they are essential to Service operation.
(d) Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities. This includes AML/KYC compliance checks for transactions meeting regulatory thresholds.
(e) Service Improvement: To analyze aggregated, anonymized usage patterns to improve our platform performance, user interface, feature prioritization, and error resolution.
(f) Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
3. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:
(a) Service Providers: We share information with third-party vendors who perform services on our behalf, including: PayPal (payment processing), our VPS hosting provider (infrastructure), and Resend (email delivery, pending domain verification). These providers are contractually bound to use your information only as necessary to provide services to us and in compliance with applicable data protection laws.
(b) Legal Obligations: We may disclose information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court order, subpoena, or regulatory investigation).
(c) Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, user information may be transferred as part of the transaction. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.
(d) With Your Consent: We may share your information for any other purpose with your explicit consent.
4. Data Security
We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information:
Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3. Passwords are hashed using bcrypt with a cost factor of 10. User Content is encrypted at rest using AES-256 encryption before storage on our servers.
Access Control: Database access is restricted to authorized personnel and secured by SSH key authentication. The production database is protected behind firewall rules. API endpoints require JWT token authentication with appropriate role-based access controls.
Limitations: While we strive to use commercially acceptable means to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal information and User Content for as long as your account remains active or as needed to provide you with the Service. Specifically:
Active Accounts: All account data, User Content, and associated metadata are retained while your account is active. Storage limits are enforced according to your subscription plan tier.
Account Deletion: Upon your request to delete your account, we will permanently remove all personal data and User Content within 30 calendar days. During this 30-day window, your data remains recoverable should you change your mind.
Legal Retention Obligations: Certain information (such as transaction records, payment receipts, and AML/KYC documentation) may be retained for longer periods as required by applicable law, tax regulations, or to defend against legal claims. Such records are retained for a minimum of 5 years following account termination.
Backups: Encrypted system backups are retained for up to 30 days for disaster recovery purposes. Backup deletion follows the same 30-day removal cycle.
6. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Access and Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format. You can export your documents at any time through the dashboard.
Correction: You may update or correct your account information (name, company, password) through the settings panel. For corrections to billing information, please contact our support team.
Deletion: You may request deletion of your account and all associated data by contacting us at privacy@docmanager.pro. We will process deletion requests within 30 days as described in Section 5.
Data Processing Restrictions: You may withdraw consent for non-essential data processing. Note that this may limit certain Service features. Essential processing (such as authentication and billing) cannot be restricted while your account is active.
Marketing Communications: We do not currently send marketing emails. Any future marketing communications will include an unsubscribe mechanism. Transactional and account-related communications cannot be opted out of.
7. International Data Transfers
Our servers are located in Hong Kong. If you access the Service from outside Hong Kong, your information may be transferred to, stored, and processed in Hong Kong where our servers are located. By using the Service, you consent to such transfer. We take appropriate safeguards to ensure that your information receives an adequate level of protection as required by applicable data protection laws.
8. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us immediately.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will notify you via email (to the email address associated with your account) and/or by posting a prominent notice on our website at least 14 calendar days before the changes become effective. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to periodically review this page for the latest information on our privacy practices.
10. Cookie Policy
We use essential cookies and browser storage (localStorage/sessionStorage) to operate the Service, including: authentication tokens (JWT stored in localStorage), language preferences, and session state. We do not use third-party tracking cookies, advertising cookies, or analytics cookies from external providers. You may disable cookies in your browser settings, but this will prevent you from logging into the Service.
11. AML / KYC Compliance
In compliance with applicable anti-money laundering (AML) and know-your-customer (KYC) regulations, we may collect and verify identity information for transactions exceeding regulatory thresholds. This includes: government-issued identification documents, proof of address, and source of funds declarations. This information is collected solely for compliance purposes, stored securely with restricted access, and not used for any commercial purpose. We may share necessary information with regulatory authorities when required by law. Failure to provide requested verification documents may result in account suspension or transaction reversal. Records collected under AML/KYC obligations are retained for the legally mandated period even after account closure.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: privacy@docmanager.pro
We will acknowledge your inquiry within 2 business days and aim to resolve it within 14 calendar days.