Privacy Policy
Last update: January 21, 2021
How we protect your privacy
on OkDocu.com and when you use our services
OkDocu is operated by Smart Document Technologies LLC, a company registered at 108 West 13th Street, Wilmington, Delaware, United States.
SDT, we and us refers to Smart Document Technologies LLC and any of our corporate affiliates.
We offer many services to help you run your business, including a platform to host your own OkDocu workspace. As part of running those services we collect data about you and your business. This data is not only essential to run our services, but also critical for the safety of our services and all our users.
This policy explains what information is collected, why it is collected, and how we use it.
Information we collect
Most of the personal data we collect is directly provided by our users when they register and use our services. Other data is collected by recording interactions with our services.
Account & Contact Data: When you register on our website to use one of our products, or to subscribe to one of our services, or fill in one of our contact forms, you voluntarily give us certain information. This typically includes your name, company name, email address, and sometimes your phone number, postal address (when an invoice or delivery is required), your business sector and interest in OkDocu, as well as a personal password.
We never record or store credit card information from our customers, and always rely on trusted third-party PCI-DSS-compliant payment processors for credit card processing, including for recurring payment processing.
Job Application Data: When you apply for a job on our website or via an employment agency, we usually collect your contact information (name, email, phone) and any information you choose to share with us in your introduction letter and Curriculum Vitae. If we decide to send you a job proposition, we will also ask you to provide extra personal details as required to fulfill our legal obligations and personnel management requirements. We will not ask you to provide information that is not necessary for the recruitment process. In particular, we will never collect any information about your racial or ethnic origin, political opinions, religious beliefs, trade union membership or sexual life.
Browser Data: When you visit our website and access our online services, we detect and store your browser language and geolocation in order to customize your experience according to your country and preferred language. Our servers also passively record a summary of the information sent by your browser for statistical, security and legal purposes: your IP address, the time and date of your visit, your browser version and
platform, and the web page that referred you to our website.
Form protection: some forms on our website may be protected by Google reCAPTCHA. This technology relies on heuristics that are based on technical characteristics of your browser and device, and may also use specific Google cookies. See also Google Privacy Policy and Terms of Use in the Third Party Service Providers section below.
Customer Workspaces: When you subscribe to an OkDocu Cloud service and create your own OkDocu workspace (for example by starting a Free Trial), any information or content you submit or upload into your workspace is your own, and you control it fully. This data will often include personal information, for example: your list of employees, your contacts and customers, your messages, pictures, videos, etc. We only ever collect this information on your behalf, and you always retain ownership and full control on this data.
Google.com Account Data: When you subscribe to the OkDocu platform and create your project, the platform may require authorization to access your Google.com account, which includes an OAuth token granting access to your account.
How we use this information
Account & Contact Data: We use your contact information in order to provide our services, to answer your requests, and for billing and account management reasons. We may also use this information for marketing and communication purposes (our marketing messages always come with a way for you to opt-out at any time). We also use this data in aggregated/anonymised form in order to analyze service trends.
If you have registered to participate in an event published on our website, we may transfer your name, email address, phone number and company name to our local organizer and to the sponsors of the event for both direct marketing purposes and in order to facilitate the preparations and booking for the event. If you have expressed interest in using OkDocu or otherwise asked to be contacted by an OkDocu service provider, we may also transfer your name, email address, phone number and company name to one of our official Partners in your country or region, for the purpose of contacting you to offer their local assistance and services.
Job Application Data: We will only process this information for our recruitment process, in order to evaluate and follow-up with your application, and in the course of preparing your contract, if we decide to send you a job proposition. You may contact us at any time to request the deletion of your information.
Browser Data: This automatically recorded data is anonymously analyzed in order to maintain and improve our services. Google reCAPTCHA may also be used for security purposes, in order to prevent abuse of our services. In that case we only process the anonymous score that reCAPTCHA determines based on your browser and device. We will only correlate this data with your personal data when required by law or for security purposes, if you have violated our Acceptable Use Policy.
Customer Workspace: We only collect and process this data on your behalf, in order to perform the services you have subscribed to, and based on the instructions you explicitly gave when you registered or configured your service and your OkDocu workspace. Our Helpdesk staff and engineers may access this information in a limited and reasonable manner in order to solve any issue with our services, or at your explicit request for support reasons, or as required by law, or to ensure the security of our services in case of violation of our Acceptable Use Policy in order to keep our services secure.
Google.com Account Data: During the configuration phase of your OkDocu project, the platform uses your OAuth token to setup the Google.com account you will use for OkDocu authentication. The OAuth token is not stored and is deleted as soon as you
close your OkDocu session, or after 2 days.
Accessing, Updating or Deleting Your Personal Information
Account & Contact Data: You have the right to access and update personal data you have previously provided to us. If you wish to update personal data or permanently delete your account or personal information for a legitimate purpose, please contact our Helpdesk to request so. We will take all reasonable steps to permanently delete your personal information, except when we are required to keep it for legal reasons (typically, for administration, billing and tax reporting reasons).
Job Application Data: You may contact us at any time to request access, updates or deletion of your application information. The easiest way to do it is to reply to the last message you exchanged with our Human Resource personnel.
Customer Workspace: You can manage any data collected in your workspace hosted on OkDocu.com at any time, using your administration credentials, including modifying or deleting any personal data stored therein.
At any time you may request the deletion of your entire workspace contacting our Helpdesk.
Google.com Account Data: You can request the deletion of your Google.com OAuth token by simply logging out from OkDocu.com.
Third Party Service Providers / Subprocessors
In order to support our operations we rely on several Service Providers. They help us with various services such as payment processing, web audience analysis, cloud hosting, marketing and communication, etc.
Whenever we share data with these Service Providers, we make sure that they use it in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract.
Below is a list of the Service Providers we are currently using, why we use them, and what kind of data we share with them.
A. Subprocessors
These third-party service providers are processing data for which SDT is Controller or Processor, on behalf of SDT.
Amazon Web Services, Inc.
Privacy & Security
Infrastructure and hosting of OkDocu.com and OkDocu Cloud service (SaaS), DDOS Protection.
Currently hosted by AWS: Production data from OkDocu.com and its affiliate services, including OkDocu Cloud service (SaaS) customer workspaces.
Data Center Certifications: ISO 9001, ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC3, PCI-DSS, HIPAA
MongoDB, Inc.
Privacy & Security
Document-oriented databases
Currently hosted by MongoDB: Production data from OkDocu.com and its affiliate services, including OkDocu Cloud service (SaaS) and customer workspace databases. Data Center Certifications: ISO 27001, SOC, GDPR, PCI-DSS, HIPAA
B. Third-party Processors and Controllers
These third-party service providers are processing data for which SDT is a Controller, as Processors, on behalf of SDT, or they are receiving such data as Controllers, for the specific purpose of performing the services they have been contracted to provide.
Stripe
Payment processing on OkDocu.com.
Shared with Stripe: Order details (amount, description, reference), Customer name and email. Only stored by Stripe: credit card info.
OneSignal
In-browser push notifications for OkDocu.com visitors.
Shared with OneSignal: Non-personal browser data, geolocation info, language (no identifiable information). Only stored by OneSignal: browser/mobile device IDs.
Google Analytics
Anonymous website audience analysis.
Shared with Google Analytics: Non-personal browser data, anonymized IP, geolocation info, language (no identifiable information).
Google reCAPTCHA
Form protection.
Used by Google reCAPTCHA: Browser and device characteristics, Google cookies.
Data Retention
Account & Contact Data: we will only retain such data as long as necessary for the purpose for which it was collected, as laid out in this policy, including any legal retention period, or as long as necessary to carry out a legitimate and reasonable promotion of our products and services.
Job Application Data: If we do not hire you, we may keep the information you provide for up to 2 years in order to contact you again for any new job proposition that may come up, unless you ask us not to do so. If we hire you, your personal information will be stored for the duration of your employment contract with us, and afterwards, during the applicable legal retention period that applies in the country where we employed you.
Browser Data: we will only retain this data for a short period of time, generally 2 months, unless we need to keep it in relation with a legitimate concern related to the security or performance of our services, or as required by law.
Customer Workspace: we will only retain this data as long as necessary for providing the services you subscribed to. For workspaces hosted on the OkDocu Cloud, if you cancel the service your workspace is kept deactivated for 4 weeks (the grace period during which you can change your mind), and then destroyed (workspaces may be deleted earlier upon request).
Google.com Account Data: we keep this data as long as your OkDocu subscription is active, except the OAuth token which is deleted after 2 days, or as soon as you logout from OkDocu.
Safety Retention Period: We always try to preserve your data from accidental or malicious deletion. As a result, after we delete any of your personal information (Account & Contact Data) from our database upon request from you, or after you delete any personal information from your workspace (Customer Workspace), or if you delete your entire workspace, it is not immediately deleted from our backup systems, which are secured and inalterable. The personal data could remain stored for up to 12 months in those backups, until they are automatically destroyed. We commit not to use those backup copies of your deleted data for any purpose except for maintaining the integrity of our backups, unless you or the law require us to do so.
Physical Data Location / Data Transfers
Hosting Services
Hosting Locations: customer workspaces are hosted in the OkDocu Cloud Region closest to where they are based, and can request a change of region (subject to availability):
• americas (Canada, United States, Brazil)
• asia (Singapore)
• europe (France, Ireland)
Backup Locations: backups are replicated on multiple continents in order to meet our Disaster Recovery objectives, and are located in the following countries, regardless of the original hosting region:
• United States and France
International Staff
In some cases, the personal data mentioned in this Privacy Policy may be accessed by staff members of SDT subsidiaries in other countries. Such access will always be done for the same purposes and with the same privacy and security precautions as if it was done by our own local staff, so all the guarantees we provide still apply. We use standard contractual clauses to bind our subsidiaries in a way that offers sufficient
safeguards on data protection for the limited and temporary data transfers that occur for
such access.
Third Party Disclosure
Except as explicitly mentioned above, we do not sell, trade, or otherwise transfer your personal data to third parties. We may share or disclose aggregated or de-identified information, for research purposes, or to discuss trends or statistics with third-parties.
Cookies
Cookies are small bits of text sent by our servers to your computer or device when you access our services. They are stored in your browser and later sent back to our servers so that we can provide contextual content. Without cookies, using the web would be a much more frustrating experience. We use them to support your activities on our website, for example your session (so you don't have to login again).
Cookies are also used to help us understand your preferences based on previous or current activity on our website (the pages you have visited), your language and country, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
We also use third-party services such as Google Analytics, who set and use their own cookies to identify visitors and provide their own contextual services. For more information regarding those third-party providers and their Cookie Policy, please see the relevant references in the Third-Party Service Providers section.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies, or look at the links below.
• Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Edge: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-
data-and-privacy
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-
your-computer
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-
sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
We do not currently support Do Not Track signals, as there is no industry standard for
compliance.
Policy Updates
We may update this Privacy Policy from time to time, in order to clarify it, to reflect any changes to our website, or to comply with legal obligations. The "Last Updated" mention at the top of the policy indicates the last revision, which is also the effective date of those changes. We give you access to archived versions of this policy, so you can review the changes.
Contacting Us
If you have are any question regarding this Privacy Policy, or any enquiry about your personal data,please contact us via email at privacy@okdocu.com or by mail:
Smart Document Technologies LLC - OkDocu Data Protection
108 West 13th Street
Wilmington, DE 19801 United States