Privacy Policy

2.1 Contact Information

When you submit a contact form or request a demo, we collect your name, email address, company name, and the content of your message.

2.2 Account Information

When you register for our platform, we collect your name, email address, organization details, and role information necessary to provision your account.

2.3 Document Data

When you use our platform, you may upload documents for compliance analysis. These include regulatory norms, policy guidelines, approved templates (grounding documents), and proposals, contracts, or filings submitted for deviation detection.

2.4 Usage Data

We automatically collect technical information such as browser type, device information, IP address, pages visited, and interaction patterns to improve our services and ensure security.

We use the information we collect to:

• Provide, maintain, and improve our document compliance detection services
• Process your documents through our AI-powered deviation detection pipeline
• Respond to your inquiries and provide customer support
• Send service-related communications (security alerts, system updates, account notifications)
• Comply with legal obligations and enforce our terms of service
• Detect, prevent, and address technical issues and security threats

We do not use your documents to train AI models for other customers. Your document data is processed solely to deliver the compliance detection service to your organization.

Document processing is central to our service. Here is how we handle your documents:

• Ingestion: Documents are parsed, chunked, and converted into vector embeddings for semantic analysis.
• Processing: Our AI models analyze submitted documents against your grounding norms to identify deviations.
• Storage: Documents are stored encrypted (AES-256 at rest) in our cloud infrastructure within India.
• Isolation:Each tenant’s data is strictly isolated using database-level row-level security. Your documents are never accessible to other tenants.
• LLM Processing: When documents are sent to large language model providers for analysis, they are transmitted via encrypted connections (TLS 1.3). We use providers with data processing agreements that prohibit use of your data for model training.

We use the following categories of third-party services:

• Cloud Infrastructure: Amazon Web Services (AWS), hosted in the Mumbai (ap-south-1) region, for compute, storage, and database services.
• AI/LLM Providers: We use large language model providers (such as OpenAI and Anthropic) for document analysis. These providers process document content under data processing agreements and do not retain your data for model training.
• Authentication: AWS Cognito for secure user authentication and identity management.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

We take data security seriously. Our infrastructure implements multiple layers of protection:

• Data Residency: All data is stored in AWS Mumbai (ap-south-1). Your documents never leave India.
• Encryption at Rest: AES-256 encryption for all stored data, including documents, database records, and backups.
• Encryption in Transit: TLS 1.3 for all data transmission between your browser, our servers, and third-party services.
• Multi-Tenant Isolation: Database-enforced row-level security ensures complete data separation between tenants.
• Access Controls: Role-based access control with complete audit trails for all data access and modifications.
• Infrastructure Security: VPC isolation, private subnets, security groups, and network ACLs protect our infrastructure.

We retain your data as follows:

• Contact form data: Retained for as long as necessary to respond to your inquiry and for up to 12 months thereafter.
• Account data: Retained for the duration of your active subscription and for a reasonable period afterward to comply with legal obligations.
• Document data: Retained for the duration of your active subscription. Upon termination, you may export your data during a 30-day transition period, after which it is permanently deleted.
• Audit logs: Retained for a minimum of 12 months for compliance and security purposes.

You may request deletion of your personal data at any time by contacting us.

Under India’s Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to Access: You may request confirmation of whether we process your personal data and obtain a summary of such data.
• Right to Correction and Erasure: You may request correction of inaccurate or misleading personal data, or erasure of data that is no longer necessary for the purpose for which it was collected.
• Right to Nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity.
• Right to Grievance Redressal: You may raise grievances regarding our data processing practices. We will respond within the time period specified by applicable law.

To exercise any of these rights, please contact us at privacy@doctru.ai. We will respond to your request within 30 days.

Your data is stored and processed within India (AWS Mumbai, ap-south-1). Document content may be transmitted to AI/LLM provider APIs for processing. Where such providers operate outside India, we ensure appropriate safeguards are in place through data processing agreements and contractual protections, in compliance with the DPDP Act.

Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. For significant changes, we will provide additional notice through email or in-platform notification.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: privacy@doctru.ai
• General inquiries: hello@doctru.ai