01
Controller and scope
DocuDevs.ai ("DocuDevs", "we", "us", or "our") is operated by Gabria Oy, a company registered in Finland. This Privacy Policy applies to our public website at docudevs.ai, the DocuDevs web application, APIs, SDKs, CLI, documentation, support channels, and related document processing services.
For account, billing, website, and service administration data, Gabria Oy is the controller. For personal data contained inside customer documents, prompts, schemas, templates, lookup files, knowledge bases, or workflow configurations, we generally process that data on your behalf to provide the Service.
02
Information we collect
Account and authentication data
We collect account identifiers such as name, email address, organization, authentication provider, session data, and security events. If you sign in with Google, GitHub, or another identity provider, we receive the profile information you authorize that provider to share.
Billing and procurement data
Payments may be processed through Stripe, Azure Marketplace, or separately agreed enterprise procurement. We do not store full card numbers. We may receive billing contact details, invoice data, tax details, payment status, token-pack purchases, and transaction identifiers.
Customer content
When you use DocuDevs, you may upload documents, images, spreadsheets, prompts, schemas, templates, lookup files, knowledge bases, runtime flow definitions, and configuration data. Processing outputs can include OCR text, extracted JSON, source-location evidence, traces, batch exports, and generated workflow artifacts.
Usage and technical data
We collect service metadata such as endpoints called, job identifiers, processing status, token usage, selected OCR or model tier, latency, errors, user agent, audit logs, and security logs to operate, secure, bill, and improve the Service.
Communications
If you contact us, we process your message, contact details, and related support context so we can respond and maintain service records.
03
How we use data
- To provide document processing, extraction, lookup, evaluation, and automation workflows.
- To authenticate users, protect accounts, and manage organizations.
- To process payments, Azure Marketplace procurement, invoices, taxes, and token balances.
- To operate SDK, API, web app, edge runtime, and integration-builder features.
- To monitor reliability, debug failures, prevent abuse, and improve performance.
- To send transactional notices such as account, security, billing, and service messages.
- To comply with legal obligations and enforce our Terms of Service.
Our legal bases include performance of a contract, compliance with legal obligations, our legitimate interests in operating and securing the Service, and consent where required.
We do not use your uploaded documents, prompts, schemas, lookup files, knowledge bases, or extraction results to train DocuDevs models or third-party foundation models. Third-party AI providers process customer content only to fulfill the requested workflow, subject to the applicable provider terms and deployment configuration.
04
Providers and transfers
We use service providers to operate DocuDevs, including:
- Microsoft Azure for hosting, storage, queues, monitoring, Document Intelligence, Azure OpenAI, and related AI services.
- Supabase for authentication.
- Stripe for payment processing and billing workflows.
- Google and GitHub when you choose OAuth login.
- Azure Marketplace when your organization procures DocuDevs through Microsoft cloud billing.
- Your configured providers when you bring your own LLM, OCR, storage, or integration provider.
Depending on your deployment, provider choices, and procurement route, personal data may be processed in the European Economic Area or transferred internationally. Where required, we rely on appropriate safeguards such as data processing agreements, standard contractual clauses, provider regional controls, and other lawful transfer mechanisms.
05
Data retention
- Temporary documents and results: Stored for up to 2 weeks and then automatically deleted unless you save them to a longer-lived feature.
- Cases, knowledge bases, lookup files, templates, configurations, and runtime flows: Retained until you delete them or close the account, unless a separate agreement states otherwise.
- Account data: Retained while your account is active. After a deletion request, we delete or anonymize account data within 30 days unless retention is required.
- Billing and accounting records: Retained as required by Finnish law, typically 6 years for accounting records.
- Security, audit, and usage logs: Retained for as long as reasonably needed to secure, debug, bill, and operate the Service.
06
Security
We use technical and organizational measures including TLS encryption in transit, encryption at rest, hashed API keys, organization-scoped access controls, row-level security where applicable, audit logging, and least-privilege access to protect customer data. No system is perfectly secure, so you are responsible for protecting your account credentials, API keys, provider credentials, and runtime environments.
07
Your rights
As a Finland-based company, we comply with the EU General Data Protection Regulation. Depending on the context, you may have the right to access, correct, delete, export, object to, restrict, or withdraw consent for processing of your personal data.
We do not use solely automated processing to make decisions about you that produce legal or similarly significant effects. To exercise your rights, contact privacy@docudevs.ai. You also have the right to lodge a complaint with the Finnish Office of the Data Protection Ombudsman or another competent supervisory authority.
09
Changes
We may update this Privacy Policy from time to time. If changes are material, we will notify users by email, in-product notice, or a notice on the website.
10
Contact
Gabria Oy
Finland
privacy@docudevs.ai
gabria.fi/contact