The data we keep, and the data we don't.

DocuCRM Labs Inc. is the data controller for personal information you provide to us directly when you visit our marketing site or use the app at app.docucrm.com.

When our customers use DocuCRM to send documents to their own recipients, the customer is the data controller for that recipient data and DocuCRM acts as a processor. A separate Data Processing Agreement governs that relationship — write to privacy@docucrm.com for a copy.

We collect three categories of data:

• Account data. Email, name, password hash, and the minimum metadata needed to authenticate you.
• Document data. Documents you upload, the recipients you add, the signing events, and the hash-chained audit log that proves them.
• Usage data. Pages viewed, basic device + browser metadata, and error reports — scoped to product-improvement purposes.

We don't sell personal data. We don't build advertising profiles. We don't read your document contents to train models.

We process personal data only when one of these legal bases applies:

• Contract. To provide the service you signed up for.
• Legitimate interest. Security, fraud prevention, debugging, keeping the service running.
• Consent. Marketing emails. You can unsubscribe at any time; the link is in every email.
• Legal obligation. Tax, anti-money-laundering, and other compliance requirements.

Account data is retained while your account is active and for 30 days after deletion to allow recovery from accidental deletes.

Signed envelopes are retained until you delete them. Soft-delete leaves an audit-trail entry; the document and its receipt remain verifiable.

Drafts remain until you delete them. Envelopes with an explicit expiry are auto-closed at the configured time.

Usage logs are retained for 90 days, then aggregated into anonymous metrics.

When you (or a recipient exercising their right to erasure) ask us to delete personal data, we soft-delete the record and write an audit-trail entry capturing who asked and when. The signed PDF and its receipt remain verifiable.

A stronger guarantee — per-recipient cryptographic erasure that destroys keys while keeping the signature proof intact — is designed and on our roadmap. It is not yet shipped. We will update this page the day it does.

We share data only with sub-processors who help us run the service. The current sub-processor list lives in our DPA — write to privacy@docucrm.com for a copy. We notify customers before adding or changing a sub-processor, and we don't transfer data to any organisation that isn't on that list.

Where international transfers occur, we apply Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable. Write to privacy@docucrm.com for the current arrangement.

You can ask us, at any time, to:

• Access a copy of your personal data.
• Correct anything that's wrong.
• Erase your data (subject to legal hold exceptions).
• Port your data to another provider.
• Object to specific processing activities.
• Withdraw consent for marketing emails.

Email privacy@docucrm.com and we will respond within thirty days. You have the right to lodge a complaint with your local data protection authority.

We use a small set of strictly necessary cookies to keep you signed in and prevent fraud. We do not use third-party advertising cookies. The analytics we run is cookieless and aggregates only — no per-user tracking.

If we update this policy in a way that affects your rights, we'll email all account holders at least thirty days before the change takes effect. Smaller editorial changes get a new "Last updated" date and a note in the changelog.