Privacy Policy

Effective Date: April 19, 2026 | Last Updated: May 3, 2026

This Privacy Policy describes how DocDoctor ("we," "us," "our"), operated by Phillip Knowles and available at docdoctor.info, collects, uses, stores, and protects your information when you use our document-conversion service ("Service"). We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

1.1 Account Information

When you create an account (via Amazon Cognito), we collect:

Email address — used as your login identifier and for transactional communications.
User ID — a unique identifier (UUID) assigned by Cognito.
Authentication tokens — stored in your browser's session storage; never sent to our servers in plain form.

1.2 Uploaded Content

When you use the Service, you upload files (documents, spreadsheets, images, etc.) for conversion. We process these files to generate your requested outputs. We do not read, analyze, or use the content of your files for any purpose other than providing the conversion service.

1.3 Job Metadata

For each conversion job, we store:

Job ID, file name, file size, content type
Selected output operations (e.g., "markdown," "pdf," "json")
Job status (pending, processing, complete, error)
Timestamps (created, updated)
Your user ID (to associate the job with your account)

1.4 Subscription & Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We receive and store:

Your Stripe customer ID
Subscription ID, plan name, and subscription status
Monthly usage count (documents processed)

We never see, store, or process your credit card number, CVC, or full billing address. That data lives solely within Stripe's PCI-DSS compliant infrastructure.

1.5 Automatically Collected Information

We collect standard server-side logs via AWS CloudWatch and API Gateway, including:

IP address
Request timestamp, HTTP method, path, status code
User-Agent string
Latency and error data

We do not use third-party analytics trackers, advertising pixels, or social-media tracking scripts. We do not use cookies for tracking. Session authentication uses browser sessionStorage only.

2. How We Use Your Information

Purpose	Data Used	Legal Basis (GDPR)
Provide the conversion service	Uploaded files, job metadata	Contract performance
Authenticate your account	Email, user ID, tokens	Contract performance
Process payments	Stripe customer/subscription IDs	Contract performance
Enforce usage quotas	Plan, monthly doc count	Contract performance
Monitor and debug the Service	Logs, error data, job metadata	Legitimate interest
Respond to support inquiries	Email, job metadata	Legitimate interest
Display aggregate site statistics	Anonymized job counts and sizes	Legitimate interest
Operate the referral program	Referral code, referral counts, commission balance, PayPal email (if provided)	Contract performance / Legitimate interest
Process referral payouts	PayPal email address (if provided), commission amount	Contract performance

3. Data Retention

Data Type	Retention Period	Deletion Method
Uploaded files (S3)	24 hours	S3 lifecycle expiration
Generated outputs (S3)	24 hours	S3 lifecycle expiration
Job metadata (DynamoDB)	7 days	DynamoDB TTL auto-delete
User account data (DynamoDB)	Until account deletion	Manual request
Referral commission balance & PayPal email	Until account deletion or explicit removal	Manual request
CloudWatch logs	30 days	Log group retention policy
Stripe subscription data	Per Stripe's retention policy	Managed by Stripe

We do not create backups of your uploaded files or outputs beyond the retention windows listed above.

4. Data Security

We implement multiple layers of encryption and access control:

4.1 Encryption in Transit

All traffic between your browser and our servers is encrypted via TLS 1.2+ through Amazon CloudFront and API Gateway.
Internal AWS service-to-service communication uses TLS.

4.2 Encryption at Rest

Amazon S3: All uploaded files and results are encrypted using AES-256 server-side encryption (SSE-S3).
Amazon DynamoDB: User and job data is encrypted using AWS KMS customer-managed keys (CMK).
Amazon CloudWatch Logs: Log data is encrypted using AWS KMS CMK.
AWS Secrets Manager: API keys and secrets are encrypted using KMS.

4.3 Access Controls

Lambda functions operate under the principle of least privilege with narrowly scoped IAM policies.
S3 buckets block all public access; pre-signed URLs with short expiry are used for uploads and downloads.
API endpoints requiring authentication use Amazon Cognito User Pools with PKCE OAuth 2.0 flow.
Stripe webhook signatures are verified to prevent spoofed events.

4a. Referral Program Data

If you participate in the DocDoctor referral program, we collect and store the following additional data:

Referral code — a unique identifier linked to your account, used to attribute new sign-ups.
Referral statistics — count of referred users, their active subscription MRR, and your accrued commission balance. These figures are displayed only to you.
PayPal email address — optionally provided by you to receive cash payouts. This address is stored encrypted in AWS DynamoDB and is transmitted to PayPal solely for the purpose of sending your commission payment via the PayPal Payouts API. We do not share it with any other party or use it for marketing.

We use PayPal, Inc. as a payment processor for referral commission payouts. When a payout is initiated, we transmit your PayPal email address and payout amount to PayPal's API. PayPal's own Privacy Policy governs how they handle this data.

5. Data Sharing & Third Parties

We do not sell, rent, or share your personal data with third parties for their marketing purposes. Data is shared only with the following service providers, strictly as needed to operate the Service:

Provider	Purpose	Data Shared
Amazon Web Services (AWS)	Hosting, storage, compute, auth, CDN	All service data (processed within AWS US-East-1 region)
Stripe	Payment processing	Stripe customer ID; Stripe manages all card data directly

We do not use any advertising networks, social-media SDKs, or analytics providers that would receive your data.

6. No Use for AI/ML Training

We do not use your uploaded Content, generated Outputs, or any personal data to train, fine-tune, or improve machine-learning models, artificial intelligence systems, or algorithmic products — whether our own or any third party's. Your files are processed, delivered, and deleted. Period.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

7.1 For All Users

Access — Request a copy of the personal data we hold about you.
Deletion — Request deletion of your account and all associated data.
Correction — Request correction of inaccurate personal data.
Data Portability — Receive your data in a structured, machine-readable format.

7.2 For EU/EEA/UK Residents (GDPR)

In addition to the above, you have the right to:

Object to processing based on legitimate interest.
Restrict processing in certain circumstances.
Withdraw consent at any time (where processing is consent-based).
Lodge a complaint with your local data protection authority.

Our lawful bases for processing are contract performance (providing the Service you signed up for) and legitimate interest (maintaining service reliability and security).

7.3 For California Residents (CCPA/CPRA)

We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.
You have the right to know what categories of data we collect, request deletion, and opt out of any future sale (though we do not sell data).

7.4 Exercising Your Rights

To exercise any of these rights, email us at support@docdoctor.info. We will respond within 30 days (or within any shorter timeframe required by applicable law).

8. International Data Transfers

The Service is hosted on AWS in the US-East-1 (N. Virginia) region. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on AWS's compliance certifications (including SOC 2, ISO 27001, and participation in the EU-US Data Privacy Framework) to ensure adequate protection of transferred data.

9. Children's Privacy

The Service is not directed at children under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

10. Cookies & Tracking Technologies

DocDoctor does not use cookies for tracking, analytics, or advertising. We use browser sessionStorage to store authentication tokens for the duration of your browser session. No data is stored in localStorage that persists beyond your session, except a temporary file reference for the conversion flow.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will:

Notify affected users via email within 72 hours of becoming aware of the breach.
Notify the relevant supervisory authority as required by applicable law (e.g., GDPR Article 33).
Provide details about the nature of the breach, the data affected, and steps taken to mitigate harm.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last Updated" date. If changes are material, we will make reasonable efforts to notify registered users. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

For questions, concerns, or data-rights requests:

Email: support@docdoctor.info
Website: docdoctor.info