Privacy Policy
Effective date: June 3, 2026 · Last updated: June 3, 2026
This Privacy Policy explains how dotDocType ("dotDocType", "we", "us", or "our") collects, uses, discloses, and protects personal data when you visit dotdoctype.io (the "Website"), join our waitlist, contact us, or use the dotDocType platform and related services (collectively, the "Services"). It also describes the privacy rights available to individuals in the European Economic Area (EEA), the United Kingdom, the United States, Brazil, Canada, and other jurisdictions across the Americas and Europe.
Contents
- Who we are
- Scope & our roles
- Data we collect
- How & why we use data
- Cookies & analytics
- How we share data
- International transfers
- Data retention
- Security
- EEA & UK rights (GDPR)
- US rights (CCPA/CPRA & states)
- Brazil rights (LGPD)
- Canada (PIPEDA)
- Children's privacy
- Automated decisions & AI
- Changes
- Contact us
1. Who we are
The data controller responsible for the Website and our direct customer relationships is:
dotDocType — operated by IDDF ADMINISTRADORA DE BENS PROPRIOS LTDA
Registered address: RUA PROFESSOR BRANDAO 678, CURITIBA, PR, 80045-280, BRAZIL
General contact: contact@dotdoctype.io
Privacy contact: privacy@dotdoctype.io
For individuals in the EEA or the UK, our data protection point of contact can be reached at privacy@dotdoctype.io. Where required, our EU/UK representative under Article 27 GDPR is: TO BE APPOINTED.
2. Scope & our roles
This Policy applies to two distinct situations, in which our role under data-protection law differs:
- As a controller — when we decide how and why personal data is processed: visitors to our Website, waitlist subscribers, people who contact us, and our direct account holders. This Policy governs that processing.
- As a processor / service provider — when our customers use the dotDocType platform to build and run their own applications, any personal data they load into those applications ("Customer Data") is processed by us on their behalf and under their instructions. For that Customer Data, our customer is the controller, and processing is governed by the agreement and Data Processing Addendum (DPA) between us and that customer, not by this Policy. A DPA incorporating the EU Standard Contractual Clauses is available on request at privacy@dotdoctype.io.
3. Personal data we collect
Depending on how you interact with us, we may collect:
- Identity & contact data — name, email address, company, role, and any information you include when you join the waitlist, request a demo, or contact us.
- Account data — credentials and profile details if you register for the Services, and authentication identifiers (for example, when signing in with Microsoft Entra ID or another identity provider).
- Usage & device data — IP address, browser type, device and operating system, pages viewed, referring URLs, timestamps, and interactions with the Website, collected through cookies and similar technologies.
- Communications — the content of messages, support requests, and feedback you send us.
- Transaction & billing data — where you purchase a plan, limited records needed for invoicing and compliance (payment is handled by our payment or marketplace providers; we do not store full card numbers).
We do not intentionally collect special-category (sensitive) personal data through the Website, and we ask that you do not send it to us in free-text fields.
4. How & why we use your data
We use personal data for the purposes below. For individuals protected by the GDPR/UK GDPR, the corresponding legal basis is shown.
| Purpose | GDPR legal basis |
|---|---|
| Operate, secure, and improve the Website and Services | Legitimate interests; performance of a contract |
| Manage the waitlist, respond to enquiries, and send service communications | Consent; legitimate interests; pre-contractual steps |
| Create and administer accounts and provide support | Performance of a contract |
| Analytics and audience measurement (e.g., Google Analytics) | Consent (where required); legitimate interests |
| Marketing emails about dotDocType (you can opt out anytime) | Consent; legitimate interests |
| Billing, fraud prevention, and meeting legal obligations | Legal obligation; legitimate interests |
| Establishing, exercising, or defending legal claims | Legitimate interests; legal obligation |
5. Cookies & analytics
We use cookies and similar technologies to run the Website, remember your preferences, and understand how the Website is used. We use Google Analytics to measure traffic and improve the experience; Google processes this data as described in its own policies. Where required by law (for example, in the EEA and UK), non-essential cookies and analytics are only set after you provide consent through our cookie banner, and you can withdraw consent at any time. You can also control cookies through your browser settings. For more detail on the categories of cookies we use and how to manage them, contact privacy@dotdoctype.io.
6. How we share data
We do not sell your personal data. We share it only as needed with:
- Service providers (subprocessors) who process data on our behalf under contract — including cloud hosting and infrastructure (e.g., Microsoft Azure), analytics (e.g., Google), email and communication tools, and, where applicable, the Microsoft Marketplace for offer fulfilment and lead handling.
- Professional advisers such as lawyers, auditors, and accountants, where necessary.
- Authorities and other parties where required by law, to comply with legal process, or to protect our rights, users, or the public.
- Successors in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
7. International data transfers
We operate across the Americas and Europe, and your personal data may be transferred to, and processed in, countries other than your own — including the United States and the European Union. When we transfer personal data out of the EEA, the UK, or other regions with transfer restrictions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, adequacy decisions, or other lawful mechanisms. A copy of the relevant safeguards is available on request.
8. Data retention
We keep personal data only for as long as necessary for the purposes described in this Policy, including to provide the Services, comply with legal, accounting, or reporting obligations, and resolve disputes. Waitlist and marketing data is retained until you unsubscribe or ask us to delete it. Account data is retained for the life of the account and a limited period afterward. When data is no longer needed, we delete or anonymize it.
9. Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, tenant isolation, and audit logging. No method of transmission or storage is completely secure, but we work to protect your information and to notify you and the relevant authorities of data breaches where the law requires.
10. Your rights — EEA & United Kingdom (GDPR)
If you are in the EEA or the UK, you have the right to: access your personal data; rectify inaccurate data; erase data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office; in the EEA, your national data protection authority). To exercise these rights, contact privacy@dotdoctype.io.
11. Your rights — United States (CCPA/CPRA and other states)
If you are a resident of California, you have the right to: know and access the categories and specific pieces of personal information we collect; delete your personal information; correct inaccurate information; and opt out of the "sale" or "sharing" of personal information and of targeted advertising. We will not discriminate against you for exercising these rights.
We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA). We do not knowingly process the sensitive personal information of consumers for purposes that would require an opt-out.
Residents of other US states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, and others — have comparable rights to access, correct, delete, and opt out of targeted advertising and sales. To exercise any of these rights, or to appeal a decision, contact privacy@dotdoctype.io. We will verify your request and may ask for information to confirm your identity. You may use an authorized agent to submit a request on your behalf.
12. Your rights — Brazil (LGPD)
If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) gives you the right to: confirm the existence of processing; access your data; correct incomplete or inaccurate data; anonymize, block, or delete unnecessary data; request data portability; obtain information about sharing; and withdraw consent. You may also petition the national data protection authority (ANPD). Requests can be sent to privacy@dotdoctype.io.
13. Your rights — Canada (PIPEDA)
If you are in Canada, you may request access to the personal information we hold about you and ask us to correct it, and you may withdraw consent subject to legal and contractual restrictions. You may also contact the Office of the Privacy Commissioner of Canada. Requests can be sent to privacy@dotdoctype.io.
14. Children's privacy
The Website and Services are intended for businesses and professionals and are not directed to children. We do not knowingly collect personal data from children under 16 (or the minimum age in your jurisdiction). If you believe a child has provided us personal data, contact us and we will delete it.
15. Automated decision-making & AI
The dotDocType platform includes AI-assisted features. We do not use your Website or account data to make decisions that produce legal or similarly significant effects about you without human involvement. Where AI features process Customer Data within our customers' applications, that processing is governed by the controller (our customer) and the applicable DPA, and is subject to the safeguards and rights described above.
16. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Website or Services after changes take effect constitutes acceptance of the revised Policy.
17. How to contact us
For any privacy question or to exercise your rights, contact us at privacy@dotdoctype.io or by mail at RUA PROFESSOR BRANDAO 678, CURITIBA, PR, 80045-280, BRAZIL. We will respond within the timeframes required by applicable law.