Privacy Policy

Effective Date: June 28, 2026

Service Provider: UXPEDITION SOFTWARE S.R.L. (trading as docpenny) (“we”, “us”, “our”)

Contact: [email protected]

1. Introduction

We operate the docpenny service (“Service”), a credit-based PDF document generation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you accept the practices described in this Privacy Policy. If you do not agree to these practices, please do not use the Service.

2. Scope and Applicability

This Privacy Policy applies to:

  • All users of the docpenny Service
  • Visitors to our website and dashboard
  • API users and integrations
  • All data processed through our platform

This policy is designed to comply with:

  • General Data Protection Regulation (GDPR) (EU Regulation 2016/679)
  • ePrivacy Directive (2002/58/EC)
  • Applicable Romanian data protection laws (Legea nr. 190/2018)
  • Other relevant data protection regulations

3. Data Controller and Processor

3.1 Data Controller

For your account data (registration information, profile data, billing information):

  • Data Controller: UXPEDITION SOFTWARE S.R.L.
  • Contact: [email protected]
  • Address: Str. Subcetate, Nr. 61C, Ap. B24, Mun. Bistrița, Jud. Bistrița-Năsăud, România

3.2 Data Processor

For your content data (Templates, Data Chunks, generated PDFs):

  • When you use our Service to process your content, we act as a Data Processor on your behalf
  • You remain the Data Controller for your content
  • We process your content only as necessary to provide the PDF generation Service

4. Information We Collect

We collect and process the following categories of personal data:

4.1 Account Registration Data

When you create an account, we collect:

  • Email address (required for authentication and communication)
  • Name (optional, for display purposes)
  • Profile image (optional, URL only)
  • Account creation timestamp
  • Last update timestamp

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

4.2 Authentication and Session Data

To secure your account and provide access to the Service:

  • Session tokens (stored in secure, httpOnly cookies)
  • IP address (for security and fraud detection)
  • User agent (browser/device information)
  • Session expiration timestamp
  • Active Project ID (your current context)

Legal Basis: Legitimate interest (security) (GDPR Art. 6(1)(f))

4.3 Project Data

When you create or join a Project:

  • Project name
  • Project slug (unique identifier)
  • Project logo (optional, URL only)
  • Project metadata (optional)
  • Member role (owner, admin, member)
  • Invitation status and details

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

4.4 Billing and Payment Data

For credit purchases and payment processing:

  • Credit package purchased
  • Payment amount and currency
  • Payment timestamp
  • Payment processor reference ID
  • Credit transaction history
  • Credit balance
  • Free tier assignment (Project ID)

Payment Processing: Payments are processed by Polar (our payment processor). We do not store your payment card details. For more information, please see Polar’s Privacy Policy.

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

4.5 Content Data

This is the data you upload and process through our Service:

4.5.1 Templates

  • Template name
  • Template content (HTML with Liquid placeholders)
  • Template variables schema (JSON)
  • S3 storage key (internal reference)
  • Creation and update timestamps

4.5.2 Data Chunks

  • Encrypted JSON data containing your template variables
  • Encryption key (managed internally)
  • Job reference
  • Sequence number

4.5.3 Generated PDFs

  • PDF file content (your generated documents)
  • File size in bytes
  • S3 storage key (internal reference)
  • Generation timestamp

Legal Basis: Contract performance (GDPR Art. 6(1)(b)) / Legitimate interest (processing necessary for service delivery)

4.6 Job and Task Metadata

To track and manage your document generation:

  • Job ID, status, and timestamps
  • Task ID, status, and timestamps
  • Template ID reference
  • Project ID
  • API Key ID (if used)
  • Total tasks, completed tasks, failed tasks
  • Retry count
  • Webhook URL and secret (if configured)
  • Expiration timestamp
  • Download timestamps

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

4.7 Webhook Data

For integration with your systems:

  • Webhook URL (your endpoint)
  • Webhook secret (for signature verification)
  • Timestamps

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

4.8 API Key Data

For programmatic access:

  • API Key name and identifier
  • API Key secret (encrypted)
  • Permissions and scopes
  • Rate limit configuration
  • Usage statistics (request count, timestamps)
  • Expiration date (if set)

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

4.9 Observability and Logging Data

To ensure service reliability and security:

  • Pseudonymized User IDs (UUIDs, not email addresses)
  • Pseudonymized Project IDs (UUIDs, not names)
  • Trace IDs and Span IDs (for request correlation)
  • Structured log entries (JSON format, no PII)
  • Error messages (sanitized, no sensitive data)
  • Performance metrics

Important: We never log:

  • Email addresses in plain text
  • Names in plain text
  • Data Chunk contents
  • PDF contents
  • API Key secrets

Legal Basis: Legitimate interest (service reliability and security) (GDPR Art. 6(1)(f))

4.10 Technical Data (Automatically Collected)

  • Browser type and version
  • Operating system
  • Referrer URL
  • Pages visited and timestamps
  • Session duration

Note: IP addresses are not logged or stored by our application — Better Auth IP tracking is disabled. However, visitor IP addresses transiently pass through our CDN and edge security provider (Cloudflare, see §9.2.5) for routing, DDoS mitigation, and WAF inspection. Cloudflare does not share IP data with us; we never receive or log visitor IPs at the origin.

Legal Basis: Legitimate interest (analytics and improvement) (GDPR Art. 6(1)(f))

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

  • Provide and maintain the PDF generation Service
  • Process your Templates and Data Chunks to generate PDFs
  • Manage your Jobs and Tasks
  • Deliver generated PDFs via download or webhook
  • Manage your credit balance and transactions

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

5.2 Account Management

  • Create and manage your account
  • Authenticate and authorize access
  • Manage Project memberships
  • Process invitations

Legal Basis: Contract performance (GDPR Art. 6(1)(b))

5.3 Communication

  • Send service-related announcements
  • Respond to your support requests
  • Send billing notifications
  • Provide updates about Job status (via email or webhook)

Legal Basis: Contract performance (GDPR Art. 6(1)(b)) / Legitimate interest (GDPR Art. 6(1)(f))

5.4 Security and Fraud Prevention

  • Detect and prevent unauthorized access
  • Monitor for suspicious activities
  • Investigate security incidents
  • Enforce rate limiting and abuse prevention

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f))

5.5 Service Improvement

  • Analyze usage patterns (pseudonymized)
  • Identify and fix bugs
  • Optimize performance
  • Develop new features

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f))

  • Comply with applicable laws and regulations
  • Respond to lawful requests from authorities
  • Exercise or defend legal claims

Legal Basis: Legal obligation (GDPR Art. 6(1)(c))

6. Data Retention

We retain your data for no longer than necessary for the purposes for which it was collected:

6.1 Account Data

  • Retention Period: As long as your account is active, plus 30 days after account deletion request
  • Reason: Account management and service delivery

6.2 Project Data

  • Retention Period: As long as the Project exists, plus 90 days after last member leaves
  • Reason: Multi-tenant service management

6.3 Billing and Credit Data

  • Retention Period: 7 years (for tax and accounting purposes)
  • Reason: Legal compliance (Romanian commercial law)

6.4 Templates

  • Retention Period: As long as you maintain an active account
  • Reason: Your intellectual property, available for reuse

6.5 Data Chunks (Encrypted)

  • Retention Period: Immediately on task completion; stragglers within 24 hours
  • Reason: Job processing and retry logic
  • Note: Data Chunks are encrypted at rest and in transit

6.6 Generated PDFs

  • Retention Period: Deleted on download. If never downloaded, automatically deleted within 72 hours of job completion
  • Reason: Allow time for download
  • Note: Automated expiry via daily maintenance cron. Terminal-state jobs older than 72 hours have their PDF files deleted from S3.

6.7 Job and Task Metadata

  • Retention Period: Indefinite — job and task rows are never deleted from the database
  • Reason: Job lifecycle tracking, status polling, and retry logic
  • Note: Only the encrypted data chunk (user content) is deleted on task completion. The metadata row persists.

6.8 Webhook Data

  • Retention Period: Webhook URL and secret retained on the job record until job expiration. No delivery logs are persisted.
  • Reason: Webhook delivery configuration for event notifications
  • Note: Delivery logs are ephemeral (stdout only); not stored in the database.

6.9 API Key Data

  • Retention Period: As long as the API Key is active; cascade deleted on org deletion
  • Reason: Security auditing

6.10 Session Data

  • Retention Period: Session duration (typically 24-48 hours)
  • Reason: Authentication
  • After expiration: Automatically deleted

6.11 Observability Logs

  • Retention Period: 90 days
  • Reason: Service reliability and security monitoring
  • After 90 days: Automatically purged

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

7.1 Technical Measures

  • Encryption at Rest: All Data Chunks are encrypted using industry-standard encryption (AES-256)
  • Encryption in Transit: All communications use TLS 1.2+ (HTTPS)
  • Secure Authentication: Session-based auth with secure, httpOnly cookies
  • Pseudonymization: User and Project identifiers are pseudonymized in logs
  • Access Controls: Role-based access control (owner, admin, member)
  • Network Security: Firewalls, rate limiting, DDoS protection
  • Database Security: PostgreSQL with row-level security where applicable

7.2 Organizational Measures

  • Data Minimization: We collect only what is necessary
  • Least Privilege: Employees have minimal necessary access
  • Regular Audits: Security reviews and penetration testing
  • Incident Response: Established procedures for data breaches
  • Employee Training: Data protection and security awareness

7.3 Infrastructure

  • Hosting Provider: OVH Cloud
  • Location: European Union (France, Germany, or other EU countries)
  • Data Centers: ISO 27001 certified
  • Compliance: GDPR, ISO 27018 (cloud privacy)

8. Data Subject Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

8.1 Right to Access (GDPR Art. 15)

You have the right to request access to the personal data we hold about you, including:

  • The purposes of processing
  • The categories of personal data
  • The recipients or categories of recipients
  • The retention period
  • The existence of automated decision-making

How to exercise: Download your data from your Settings page (Account or Project tabs), or submit a request to [email protected]

8.2 Right to Rectification (GDPR Art. 16)

You have the right to request correction of inaccurate personal data we hold about you.

How to exercise: Update your profile in the dashboard or contact [email protected]

8.3 Right to Erasure (“Right to be Forgotten”) (GDPR Art. 17)

You have the right to request erasure of your personal data in certain circumstances:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent (where applicable)
  • You object to processing (where applicable)
  • The data was processed unlawfully

Exceptions: We may retain certain data for:

  • Legal compliance (tax, accounting)
  • Exercise or defense of legal claims
  • Public interest reasons

How to exercise: Request account deletion from your Settings page, or contact [email protected]

8.4 Right to Restriction of Processing (GDPR Art. 18)

You have the right to request restriction of processing in certain circumstances:

  • You contest the accuracy of the data
  • The processing is unlawful but you oppose erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing

How to exercise: Contact [email protected]

8.5 Right to Data Portability (GDPR Art. 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Scope: Applies to data provided by you (not derived data)

How to exercise: Request a data export from your Settings page (Account or Project tabs), or by contacting [email protected]

8.6 Right to Object (GDPR Art. 21)

You have the right to object to processing based on:

  • Legitimate interests (GDPR Art. 6(1)(f))
  • Direct marketing
  • Profiling

How to exercise: Contact [email protected]

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Note: We do not currently use automated decision-making that produces legal effects.

9. Data Transfers

9.1 International Transfers

All data is processed and stored on servers located in the European Union (OVH Cloud data centers). We do not transfer your personal data outside the European Economic Area (EEA) unless:

  • The recipient country has an adequacy decision from the European Commission
  • Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
  • You have provided explicit consent

9.2 Third-Party Service Providers

We may share data with the following third-party service providers:

9.2.1 Payment Processing

  • Provider: Polar (polar.sh)
  • Data Shared: Payment information (processed directly by Polar)
  • Purpose: Payment processing for credit purchases
  • Location: United States (Polar Software, Inc., Delaware). EU data transfers protected by Standard Contractual Clauses (SCCs). DPA available.
  • Legal Basis: Contract performance

9.2.2 Infrastructure

  • Provider: OVH Cloud
  • Data Shared: All service data (hosted infrastructure)
  • Purpose: Cloud hosting and storage
  • Location: European Union
  • Legal Basis: Contract performance / Legitimate interest

9.2.3 Analytics and Monitoring

  • Provider: PostHog (via OpenTelemetry OTLP)
  • Data Shared: Pseudonymized trace data (request paths, status codes, durations, error indicators — no PII, no IP addresses, no user agents)
  • Purpose: Service monitoring and performance optimization
  • Location: EU (PostHog Cloud EU)
  • Legal Basis: Legitimate interest

9.2.4 Email Communications

  • Provider: Nuntly
  • Data Shared: Email addresses, notification content (verification links, password reset URLs, invitation details, data export download links)
  • Purpose: Transactional email delivery (account verification, password reset, organization invitations, GDPR data export notifications)
  • Location: EU (Nuntly is French-based, EU data residency)
  • Legal Basis: Contract performance

9.2.5 CDN and Edge Security

  • Provider: Cloudflare, Inc.
  • Data Shared: IP addresses, HTTP headers, cookies (including session cookies), TLS cipher information, request URIs, response status codes
  • Purpose: Content delivery network (CDN), DDoS mitigation, Web Application Firewall (WAF), bot detection, TLS termination
  • Location: Global edge network (US-based parent company, Cloudflare, Inc.). Data may transit non-EU PoPs transiently. International transfers covered by Cloudflare’s Standard Contractual Clauses (SCCs) and GDPR-compliant Data Processing Agreement. Cloudflare offers a fully EU-region processing option (no US egress).
  • Legal Basis: Legitimate interest (security and service availability) (GDPR Art. 6(1)(f))

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  1. Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR Art. 33)
  2. Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms (GDPR Art. 34)

Our breach notification will include:

  • The nature of the breach
  • The categories and approximate number of data subjects affected
  • The categories and approximate number of personal data records affected
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach
  • The contact details of the Data Protection Officer (DPO)

11. Children’s Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child under 16 has provided us with personal data without parental consent, please contact us immediately at [email protected].

12. Cookies and Similar Technologies

This section describes our use of cookies in compliance with the ePrivacy Directive (2002/58/EC) as implemented in Romania by Legea nr. 506/2004 and further aligned with the GDPR via Legea nr. 190/2018.

Essential Cookies

We use only strictly necessary (essential) cookies for:

  • Authentication: Secure session management (httpOnly, Secure, SameSite=Strict)
  • Preferences: Remembering your active Project

These cookies are necessary for the Service to function. Under Art. 4(5) of Legea nr. 506/2004, strictly necessary cookies that are essential for providing an information society service explicitly requested by the user do not require prior consent. We do not use analytics, tracking, or advertising cookies.

  • Session cookies: Duration of your session

Managing Cookies

You can manage essential cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the updated Privacy Policy on our website
  • Sending an email notification for material changes
  • Displaying a notice in your dashboard

Your continued use of the Service after we post any modifications to the Privacy Policy constitutes your acknowledgment and acceptance of the modified Privacy Policy.

Change History:

  • May 31, 2026: Initial version
  • June 1, 2026: Corrected IP address claim (tracking disabled, not pseudonymized). Trimmed cookie section to reflect essential-only cookies per ePrivacy Directive.
  • June 14, 2026: Added explicit reference to Legea nr. 506/2004 (cookie consent). Numbered cookies as Section 12.
  • June 15, 2026: Updated effective date for service launch.
  • June 28, 2026: Added Cloudflare (CDN and edge security) as sub-processor. Clarified IP handling at CDN layer.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Data Protection Officer (DPO) Email: [email protected]

Privacy Team Email: [email protected]

General Support Email: [email protected]

Postal Address: Str. Subcetate, Nr. 61C, Ap. B24, Mun. Bistrița, Jud. Bistrița-Năsăud, România

16. Supervisory Authority

If you are located in the European Economic Area and believe that we have infringed or violated your privacy rights, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Romanian Supervisory Authority: Agenția Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) B-dul G-ral. Gheorghe Magheru nr. 28-30 Sector 1, București România

Website: https://www.dataprotection.ro


Last Updated: June 28, 2026

en