Privacy Policy

This is a template-sourced v1 Privacy Policy. It is a faithful description of what the platform actually does, but it has not yet been reviewed by counsel. Before accepting paying customers at scale the text in this document will be rewritten by qualified SA + EU privacy counsel. If you are a regulator or prospective customer reviewing this page, treat it as factual but pre-professional.

1. Who we are

DocReadi ("we", "us") is a multi-tenant SaaS platform operated from South Africa that extracts structured data from unstructured financial documents and makes it available to our customers ("tenants") via a web UI, API, and export channels.

For personal data that tenants upload via documents, the tenant is the controller (GDPR) / responsible party (POPIA) and we are the processor / operator. For personal data we collect directly from tenant users (email address, authentication metadata, session cookies), we are the controller for those specific purposes.

2. What personal data we process

About tenant users (our direct customers)

• Name and email address (for authentication and account management).
• Password hash (bcrypt, cost 12).
• Session cookie metadata (user ID, company ID, signed HMAC, 30-day expiry).
• Audit trail: which documents a user approved / rejected / edited and when.
• WhatsApp phone numbers, if the tenant opts into WhatsApp ingestion.

About counterparties and third parties named on documents

When a tenant uploads an invoice or similar document, we may extract:

• Company names and registration numbers.
• VAT / tax numbers (which, for sole traders, may identify a natural person).
• Bank account details.
• Billing and delivery addresses.
• Named contacts ("Bill to: …" lines).
• Handwritten signatures on delivery notes (stored as part of the document image; never extracted, matched, or used for identification).

3. Lawful basis

For tenant users: performance of contract (Art. 6(1)(b) GDPR; POPIA §11(1)(b)) and legitimate interests (Art. 6(1)(f); POPIA §11(1)(f)) for security, anti-abuse monitoring, and service improvement.

For counterparties and third-party data subjects: tenants rely on legitimate interests as their lawful basis. We assist tenants in meeting their obligations (Art. 14(5)(b) transparency exemption for personal data not obtained from the data subject typically applies for invoice contact lines).

4. Automated decision-making

If a tenant enables auto-approval for document extractions above a confidence threshold, extracted records may be written to finished state without human review. This engages GDPR Art. 22 / POPIA §71. We support this by exposing a contest mechanism (see Request your data) for any data subject who believes an auto-approved extraction affects them in a way they wish to challenge.

5. Retention

Tenants set their own retention window at /ui/settings/retention. The default is 7 years, chosen to straddle common tax-record retention obligations (SA SARS 5y, UK HMRC 6y, EU VAT 6–10y, US IRS 7y, AU 5y, CA 6y). Automatic deletion cascades to token-usage records, processing errors, extraction attempts, typed records, line items, and the physical document file.

Backups are age-encrypted with the tenant's key and retained on S3 with lifecycle rules: 30 days hot, 90 days Glacier, 365 days delete. A deletion-on-restore tombstone mechanism ensures that documents deleted in production are re-deleted if their backup is ever restored.

6. International transfers

The platform is currently hosted in the European Union (Railway, eu-west4). Tenant data is sent to large-language-model providers (see our sub-processor list) for extraction; several of these providers are in the United States. Transfers are covered by the EU-US Data Privacy Framework where providers are certified, by Standard Contractual Clauses otherwise, and documented in each provider's DPA. South African tenants transfer under POPIA §72(1)(a) with contractual safeguards.

7. Security

• HTTPS in transit everywhere.
• Postgres row-level security policies enforced per tenant.
• HMAC-signed session cookies with rotatable secret.
• Fernet encryption for sensitive columns (WhatsApp tokens today; bank-account numbers in Wave 2).
• Bcrypt password hashing (cost 12).
• CSRF protection on all form submissions.
• Content Security Policy and standard security headers.

8. Your rights

Depending on your jurisdiction you may have rights to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion (subject to lawful retention obligations).
• Object to processing based on legitimate interests.
• Request restriction or portability.
• Lodge a complaint with a supervisory authority (the Information Regulator in South Africa, or the relevant EU supervisory authority).

Exercise these rights via our rights-request form. If you are a counterparty whose data was uploaded by a tenant, we will forward your request to the relevant tenant within 5 business days and assist them in fulfilling it within the applicable regulatory deadline.

9. Sub-processors

We publish a complete sub-processor list at /legal/subprocessors. We provide 30 days' prior notice to tenants of any new sub-processor; tenants may object to any addition.

10. Children

The service is intended for business financial-document processing and is not designed to process the personal data of children under 16. Do not upload documents containing children's personal data.

11. Changes to this policy

Material changes will be notified to tenant account holders at least 30 days before taking effect. The last updated date at the top of this page reflects the most recent revision.

12. Contact

Our Information Officer (POPIA §55) and our privacy contact: privacy@docreadi.com. Mail addressed to this inbox is triaged within 5 business days.