Skip to main content

Privacy Policy

Last updated: February 22, 2026

This Privacy Policy describes how Sezi LLC, doing business as DocPulse ("we", "us", "our"), collects, uses, and protects your personal information when you use our website and service at https://www.docpulse.net ("Service"). We are committed to protecting your privacy and handling your data responsibly.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name — to personalize your account and communications
  • Email address — for login, notifications, and support
  • Password — stored as a one-way hash using bcrypt; we never store or see your plain-text password

1.2 Payment Information

If you subscribe to the Pro plan, payment is processed by Stripe. We do not store your credit card number, CVC, or billing address. We only store your Stripe Customer ID and Subscription ID to manage your subscription. Stripe's privacy policy is available at stripe.com/privacy.

1.3 Documents You Upload

We store the PDF files you upload on Amazon S3 (encrypted at rest). We also store metadata including the document title, filename, file size, and page count. Your documents are only accessible via tracked links you create and your authenticated dashboard.

1.4 Tracked Link & Recipient Data

When you create a tracked link, we store the recipient name and email you provide (both optional). We also store link settings such as download permissions, email gating, and password protection.

1.5 Viewer Analytics Data

When someone opens a tracked link, we collect the following about the viewer:

  • IP address — used to derive approximate geographic location (city, region, country)
  • User agent — browser and device information
  • Page view events — which pages were viewed and for how long
  • Session data — to group page views into viewing sessions
  • Email address — only if the link requires email verification (email gating)

This data is collected to provide document analytics to the account holder who shared the link. Geographic data is derived from IP addresses using a local lookup database and is not shared with third-party geolocation services.

1.6 Session & Technical Data

We use server-side sessions stored in our database to keep you logged in. We use a single essential session cookie (see our Cookie Policy). We also collect standard server logs including IP addresses and request metadata for security and debugging purposes.

2. How We Use Your Information

  • Provide the Service — store and serve your documents, track views, deliver analytics
  • Send notifications — real-time open alerts, daily activity digests, and transactional emails (welcome, password reset, link sharing)
  • Process payments — manage subscriptions via Stripe
  • Improve the Service — understand usage patterns, fix bugs, improve performance
  • Protect the Service — detect and prevent fraud, abuse, and security threats

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data under the following legal bases:

  • Contract performance — to provide the Service you signed up for (account data, documents, analytics)
  • Legitimate interest — to improve the Service, prevent fraud, and ensure security
  • Consent — where required, such as for marketing communications (which we currently do not send)
  • Legal obligation — to comply with applicable laws and regulations

4. Data Sharing & Third Parties

We share your data only with the following service providers, strictly to operate the Service:

Provider Purpose Data Shared
Amazon Web Services (S3) Document storage Uploaded PDF files
Amazon Web Services (SES) Email delivery Email addresses, notification content
Stripe Payment processing Payment details (handled by Stripe directly)
Heroku Hosting & infrastructure All data processed by the Service

We do not sell, rent, or trade your personal information. We do not use third-party advertising or analytics trackers. We have no tracking pixels, no Google Analytics, and no social media widgets.

5. Data Retention

  • Account data — retained while your account is active, deleted within 30 days of account deletion
  • Documents & analytics — retained while your account is active and deleted with your account
  • Viewer analytics — retained for as long as the associated document exists
  • Server logs — retained for up to 90 days for security and debugging
  • Payment records — retained as required by tax and financial regulations

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request restriction of processing in certain circumstances

6.1 For California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the email below.

6.2 For EEA/UK Residents (GDPR)

You have the rights listed above under GDPR. You also have the right to lodge a complaint with your local data protection authority. To exercise your rights, contact us at the email below.

To exercise any of these rights, email us at privacy@docpulse.net. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all connections
  • Passwords hashed with bcrypt
  • Documents encrypted at rest on S3
  • CSRF protection on all forms
  • Content Security Policy headers
  • Rate limiting on API endpoints
  • HTTP-only, secure session cookies

8. International Transfers

Our servers and service providers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. We rely on our service providers' data processing agreements and standard contractual clauses where applicable.

9. Children's Privacy

DocPulse is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. The "Last updated" date at the top of this page indicates when it was last revised.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: privacy@docpulse.net