← Back to DocFila

DocFila Privacy Policy

Last updated: January 5, 2026 • Effective Date: January 5, 2026

1. Introduction

DocFila, a NotaNovice UG Company ("DocFila", "we", "our", or "us"), a company registered in Germany (Company No. 12345678), is committed to protecting your privacy and ensuring you have a positive experience using our services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web application, and related services (collectively, the "Services"). Please read this policy carefully.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Services.

2. Data Controller

For the purposes of the General Data Protection Regulation (GDPR), the data controller is:

DocFila, a NotaNovice UG Company
58256 Ennepetal
Germany

Email: privacy@docfila.com
Data Protection Officer: dpo@docfila.com

3. Information We Collect

We collect several types of information:

A. Information You Provide Directly:

• Account Information: Email address, name, password (hashed), profile photo
• Profile Data: Address, phone number, date of birth (optional)
• Documents: Files you upload, scan, create, or process
• Communications: Messages you send to us for support
• Payment Information: Processed securely by our payment providers

B. Information Collected Automatically:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features used, actions taken, time spent, crash reports
• Log Data: IP address, browser type, pages visited, access times
• Location Data: General location based on IP (not precise GPS)

C. Information from Third Parties:

• Social Login: If you sign in via Google/Apple, we receive basic profile info
• Analytics Providers: Aggregated usage statistics

4. How We Use Your Information

A. Service Provision:

• Create and manage your account
• Process, store, and organize your documents
• Enable AI-powered features (analysis, translation, generation)
• Process payments and manage subscriptions

B. Service Improvement:

• Analyze usage patterns to improve features
• Debug issues and fix errors
• Develop new features based on user needs

C. Communication:

• Send important service notifications
• Respond to your support requests
• Send marketing communications (with your consent)

D. Security:

• Detect and prevent fraud
• Enforce our terms of service
• Protect our users and services

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

• Contract Performance: Processing necessary to provide our Services
• Legitimate Interests: Analytics, security, and service improvement
• Consent: Marketing communications and optional cookies
• Legal Obligation: Tax records, fraud prevention, legal requests

6. AI Processing & Document Analysis

When using AI features:

• Document content is sent to Google Gemini AI for processing
• Processing occurs on secure Google Cloud servers
• We do NOT use your documents to train AI models
• AI-generated content is not retained by the AI provider
• You can opt out of AI features while still using basic functionality

AI features include: Document explanation, translation, reply generation, form filling assistance, and document creation.

7. Data Storage & Security

Your data is protected using:

• Firebase Authentication: Secure, industry-standard login
• Firebase Cloud Storage: Encrypted document storage
• Firebase Firestore: Encrypted metadata storage
• TLS 1.3: Encryption in transit for all communications
• AES-256: Encryption at rest for stored data
• Regular Security Audits: Third-party penetration testing

Data is stored in secure data centers located in the European Union and United States. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or destruction.

8. Data Sharing & Third Parties

We do NOT sell your personal information. We may share data with:

A. Service Providers:

• Google Cloud/Firebase: Infrastructure and authentication
• Google Gemini AI: Document processing (when you use AI features)
• RevenueCat: Subscription management
• Stripe: Payment processing
• Analytics providers: Usage analytics (anonymized)

B. Legal Requirements:

• When required by law or legal process
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets

All third-party providers are bound by data processing agreements and are required to maintain the confidentiality of your information.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure adequate protection through:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable

You can request a copy of the safeguards we use by contacting our DPO.

10. Data Retention

We retain your data for as long as necessary to provide our Services:

• Active Account: Data retained while your account is active
• Account Deletion: Documents permanently deleted within 30 days
• Backup Copies: Removed within 90 days of deletion request
• Legal Requirements: Some data retained for up to 7 years for tax/legal purposes
• Anonymized Analytics: May be retained indefinitely

You can request deletion of your account at any time in Settings.

11. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@docfila.com or use the in-app data management features in Settings > Privacy.

12. Your Rights (CCPA — California Residents)

California residents have additional rights under the CCPA:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information
• Right to Non-Discrimination: No discrimination for exercising rights

We do not sell personal information as defined by the CCPA.

13. Children's Privacy

DocFila is not intended for children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe we have collected information from a child, please contact us immediately at privacy@docfila.com. We will delete such information promptly.

14. Cookies & Tracking

We use cookies and similar technologies for analytics and to improve your experience. You can manage your cookie preferences at any time through our cookie consent banner or in Settings.

15. Marketing Communications

With your consent, we may send marketing communications about new features, special offers, and tips for getting the most out of DocFila.

You can opt out at any time by:

• Clicking "Unsubscribe" in any email
• Updating preferences in Settings > Notifications
• Contacting us at privacy@docfila.com

16. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be indicated by updating the "Last updated" date, in-app notification for material changes, and email notification for significant changes.

Continued use of our Services after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

General Inquiries:
Email: privacy@docfila.com

Data Protection Officer:
Email: dpo@docfila.com

Postal Address:
DocFila, a NotaNovice UG Company
Attn: Privacy Team
58256 Ennepetal
Germany

German Supervisory Authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit NRW
www.ldi.nrw.de