Privacy Policy – Doxuno
Back to Doxuno

Privacy Policy

Last updated: January 2025  ·  Effective date: January 2025

1. Introduction

Doxuno ("we", "us", or "our") operates the Doxuno platform at doxuno.com, which provides ready-to-use legal document templates for individuals and businesses.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller: Doxuno  ·  Contact: support@doxuno.com

2. Data We Collect

Account Information

When you create an account, we collect your:

  • Email address — for account identification and communication
  • Display name — if you sign in via Google, your Google display name
  • Profile photo — if provided by Google sign-in (optional)

Payment Information

When you purchase a Premium subscription, your payment is processed by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe provides us only with a payment confirmation and your billing country.

We store your Premium subscription status and expiry date in our database (Firebase Firestore).

Document Data

When you fill out and download a document template, the form field values (names, dates, addresses you enter) are stored locally on your device in your browser's local storage. This data is not transmitted to or stored on our servers, except as part of the document you download.

Technical Data

We may automatically collect certain technical information when you use our platform:

  • IP address and approximate location (country/region)
  • Browser type and version
  • Pages visited and time spent (via analytics, if enabled — see Section 6)

3. How We Use Your Data

  • To provide the service — authenticate your account and manage your subscription
  • To process payments — verify and record Premium purchases via Stripe
  • To improve the platform — understand which templates are popular and fix issues
  • To communicate with you — send essential account-related emails (e.g., password reset)
  • To comply with legal obligations — retain records as required by applicable law

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Legal Basis for Processing (GDPR)

  • Contract performance (Art. 6(1)(b)) — processing your account and payment data to deliver the service you signed up for
  • Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, and improving the platform
  • Consent (Art. 6(1)(a)) — analytics cookies, where we ask for your permission before placing them
  • Legal obligation (Art. 6(1)(c)) — retaining financial records as required by law

5. Third-Party Services

We use the following third-party services that may process your personal data:

  • Firebase (Google LLC) — authentication, database (Firestore), and hosting. Data may be stored on servers in the US and EU. Firebase Privacy Policy →
  • Stripe, Inc. — payment processing. Stripe is PCI-DSS compliant and does not share your card data with us. Stripe Privacy Policy →
  • Google Analytics (planned) — website analytics to understand user behaviour. When activated, we will request your consent via our cookie banner before enabling analytics tracking.

6. Cookies & Local Storage

We use cookies and browser local storage to keep you signed in and remember your preferences. We do not use advertising or tracking cookies.

Name / Key Type Purpose Duration
firebase:authUser:* Essential Keeps you signed in to your account Until sign-out
doxuno_premium Essential Caches your Premium subscription status to avoid repeated database lookups Until subscription expires or sign-out
doxuno_purchases_* Essential Stores your document download history locally per account Until cleared by you
doxuno_cookie_consent Essential Remembers your cookie consent preference 1 year
Google Analytics cookies (_ga, _gid) Analytics Measures website usage — only activated after your explicit consent Up to 2 years

You can withdraw your analytics consent at any time by clicking Cookie Settings in the footer or clearing your browser's local storage.

7. Data Retention

  • Account data — retained until you delete your account
  • Premium subscription records — retained for 7 years to comply with financial record-keeping requirements
  • Document data — stored only in your browser's local storage; we do not retain copies on our servers
  • Analytics data — retained by Google Analytics for up to 26 months (if enabled)

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or UK, you have the following rights:

Access Request a copy of the personal data we hold about you.
Rectification Ask us to correct inaccurate or incomplete data.
Erasure Request deletion of your account and personal data ("right to be forgotten").
Portability Receive your data in a structured, machine-readable format.
Restriction Ask us to limit how we process your data in certain circumstances.
Objection Object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@doxuno.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
  • Authentication is handled by Firebase Authentication, which provides industry-standard security
  • Payment data is handled exclusively by Stripe (PCI-DSS Level 1 certified)
  • Access to our database is restricted by Firebase Security Rules

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at support@doxuno.com.

10. International Data Transfers

Some of our service providers (Firebase/Google, Stripe) may process your data outside the European Economic Area. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

11. Children's Privacy

Doxuno is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@doxuno.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email.

Your continued use of Doxuno after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your data:

Doxuno
Email: support@doxuno.com
Website: doxuno.com