Privacy Policy
Last updated: May 2025
1. Who We Are
NuDoc ("we", "us", "our") operates the document collection platform at nudoc.io. We are the data controller for information you provide when creating an account. For files your clients upload at your request, you are the data controller and we act as a data processor on your behalf.
Contact: help@nudoc.io
2. Data We Collect
Account data
Your name, email address, and hashed password when you register.
Billing data
Payment is processed by Stripe. We store only your Stripe customer ID and subscription status. We never see or store your full card details.
Client data you enter
Names, email addresses, and any documents your clients upload through your NuDoc requests. This data belongs to you. We process it solely to deliver the service.
Usage data
Standard server logs (IP address, browser type, pages visited) and error reports via Sentry. We use this to keep the service running reliably. Logs are retained for 30 days.
3. How We Use Your Data
- To provide and operate the NuDoc service
- To send transactional emails (verification codes, upload notifications, reminders)
- To process payments and manage your subscription
- To diagnose and fix errors in the service
- To contact you about important service changes
We do not use your data for advertising and we do not sell it to any third party.
4. Third-Party Services
We use the following sub-processors to deliver the service:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services | File storage (S3), hosting | EU (London) |
| Stripe | Payment processing | EU / US |
| Brevo | Transactional email delivery | EU |
| Sentry | Error monitoring | EU |
| Crisp | Live chat support | EU |
| Google Analytics | Website analytics (page views, traffic sources, session duration) | US |
Each provider operates under a Data Processing Agreement and is bound by GDPR-equivalent safeguards.
5. Data Retention
We retain your account data and client files for as long as your account is active. If you cancel your account, your data is retained for 90 days and then permanently deleted, unless you request earlier deletion. Server logs are deleted after 30 days.
6. Your Rights (UK GDPR)
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your personal data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — ask us to limit how we use your data
To exercise any of these rights, email help@nudoc.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Cookies
We use a session cookie to keep you logged in. We also use Google Analytics (GA4), which sets analytics cookies to measure how visitors use our site — such as pages visited, traffic sources, and session duration. No personally identifiable information is sent to Google. You can opt out at any time by installing the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout). The live chat widget (Crisp) may also set its own cookies — you can disable it by closing the chat widget.
8. Security
All data is encrypted in transit (TLS) and files are encrypted at rest (AES-256). Passwords are hashed using bcrypt and never stored in plain text. Access to production systems is restricted and audited.
9. Changes to This Policy
We may update this policy from time to time. We will notify you by email before any material changes take effect. The date at the top of this page reflects the most recent update.