SS Doc logoSS Doc
Sign In
πŸ”’ Privacy & Security

Privacy Policy

Last updated: September 30, 2025

1. Introduction

This Privacy Policy describes how SS Doc ("we," "our," or "us") collects, uses, and protects your information when you use our document collection service. We are committed to protecting your privacy and ensuring the security of your personal information and documents.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and authentication details. This information is necessary to provide you with access to your collections and documents.

Document Data

We store documents that you upload and that others submit to your collections. This includes file content, metadata, upload timestamps, and any associated information you configure for your collections.

Usage Information

We collect information about how you use the service, including login times, features accessed, and general usage patterns to improve our service and ensure security.

Technical Information

We automatically collect certain technical information such as IP addresses, browser type, device information, and access logs for security and operational purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and maintaining the SS Doc service
  • Processing and storing documents in your collections
  • Authenticating your identity and securing your account
  • Communicating with you about your account and service updates
  • Improving our service and developing new features
  • Detecting and preventing fraud, abuse, and security issues
  • Complying with legal obligations

4. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All data is encrypted in transit and at rest using industry-standard encryption
  • Access Controls: Strict access controls ensure only authorized personnel can access systems
  • Secure Infrastructure: We use secure cloud infrastructure with regular security audits
  • Authentication: Multi-factor authentication and secure login processes
  • Regular Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Data Isolation: Your documents are isolated and only accessible to you

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information or documents to third parties. We may disclose information only in the following limited circumstances:

  • With your explicit consent
  • To comply with legal obligations or valid legal requests
  • To protect our rights, property, or safety, or that of others
  • In connection with a business transaction (with notice to users)
  • To trusted service providers who assist in operating our service (under strict confidentiality agreements)

6. Document Submitter Privacy

When someone submits documents to your collections:

  • We collect only the documents and any optional information you request
  • Submitters' documents are only accessible to the collection owner (you)
  • We do not use submitted documents for any purpose other than providing the service
  • Submitters can contact us to request deletion of their submissions
  • We maintain submission logs for security and operational purposes

7. Data Retention

We retain your information as follows:

  • Account Information: Retained while your account is active and for a reasonable period after deletion
  • Documents: Retained until you delete them or close your account
  • Usage Logs: Retained for operational and security purposes for up to 2 years
  • Backups: Data may persist in backups for up to 90 days after deletion

8. GDPR Compliance and Your Rights

If you are located in the European Union (EU), European Economic Area (EEA), or other jurisdictions with similar data protection laws, you have specific rights under the General Data Protection Regulation (GDPR) and related laws. We are committed to honoring these rights.

Legal Basis for Processing

We process your personal data based on the following legal grounds: (a) Performance of a contract with you, (b) Our legitimate interests in providing and improving our services, (c) Your consent where required, and (d) Compliance with legal obligations.

Your GDPR Rights:

πŸ” Right to Access (Article 15)

You can request access to your personal data and receive information about how we process it. Use our data export feature in Settings to download your complete data.

✏️ Right to Rectification (Article 16)

You can correct inaccurate personal data or complete incomplete data through your account settings.

πŸ—‘οΈ Right to Erasure "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when certain conditions are met. Use the account deletion feature in Settings, which includes a 30-day grace period.

⏸️ Right to Restrict Processing (Article 18)

You can request limitation of processing your personal data under specific circumstances.

πŸ“¦ Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used format and transfer it to another service.

βœ‹ Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing.

πŸ”„ Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.

How to Exercise Your Rights:

  • β€’ Visit your Settings page to export data or request account deletion
  • β€’ Contact us at [email protected] for other requests
  • β€’ We will respond to valid requests within 30 days (1 month) as required by GDPR
  • β€’ Some rights may not apply in all circumstances - we'll explain why if we can't fulfill a request

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Ensure the security of your account
  • Analyze usage patterns to improve our service

You can control cookies through your browser settings, though this may affect service functionality.

10. Data Processing for Business Users

For Pro plan users who process personal data through document collections, we act as a data processor under GDPR. In this capacity, you (as the data controller) determine the purposes and means of processing personal data.

Data Processing Addendum (DPA)

Our DPA for Pro users covers:

  • Data processing instructions and limitations
  • Security measures and incident response procedures
  • Sub-processor arrangements and approval processes
  • International transfer safeguards
  • Data subject rights support and cooperation
  • Data return and deletion upon termination
  • Audit rights and compliance monitoring

As a Pro user, you are responsible for ensuring lawful basis for processing, obtaining necessary consents, and informing data subjects about data processing. We provide tools and controls to help you meet your obligations.

11. International Data Transfers

Your data may be stored and processed in facilities located in different countries. We ensure that any international transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information.

Safeguards for EU Data:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where available
  • Additional technical and organizational measures
  • Regular monitoring of transfer arrangements

12. Supervisory Authority and Complaints

If you believe we have not processed your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority.

EU/EEA Users:

You can contact your local data protection authority or file a complaint with the supervisory authority in the EU member state where you reside, work, or where the alleged violation occurred. You can find contact information for EU data protection authorities atedpb.europa.eu

We encourage you to contact us first at [email protected] so we can address your concerns directly, but this does not affect your right to lodge a complaint with a supervisory authority.

13. Children's Privacy

SS Doc is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of any material changes via email or through the service. Your continued use of the service after such modifications constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy, your data rights, or our privacy practices, please contact us:

  • Email: [email protected]
  • Contact Form: Contact page
  • Response Time: We aim to respond to privacy inquiries within 24 hours
  • GDPR Requests: We respond to valid GDPR requests within 30 days

16. Data Protection Officer

For users in jurisdictions that require a Data Protection Officer, you can contact our DPO at [email protected] for privacy-related matters and data protection questions. Our DPO is available to assist with GDPR compliance questions and data subject rights requests.

Questions about your privacy?