Privacy Policy

On this page

This Privacy Policy explains how Documintly collects, uses, stores, shares, and protects personal data when you use our website, web application, and related services.

Documintly is owned and operated by Globe Astral LLC, a Wyoming limited liability company.

We have written this policy to be clear and practical. If anything is unclear, you can contact us at legal@documintly.com.

1. About This Policy

This Privacy Policy applies to:

Visitors to the Documintly website
Users who create a Documintly account
Users who create, upload, edit, store, share, or manage invoices, documents, templates, QR codes, signatures, client records, and related business information
People who contact us for support, feedback, account-related requests, or privacy requests

When you upload or enter information about your own clients, customers, recipients, or business contacts into Documintly, you are responsible for making sure you have the right to use that information. For that data, you generally act as the data controller, and Documintly acts as a service provider or data processor on your behalf.

2. Who We Are

The service is operated by:

Globe Astral LLC Owner and operator of Documintly Wyoming limited liability company

Registered mailing address: [Add Globe Astral LLC registered mailing address]

For privacy questions, requests, or complaints, contact:

Email: legal@documintly.com

We have not appointed a Data Protection Officer unless required by applicable law. Privacy-related questions should be sent to the email address above.

If we are legally required to appoint an EU or UK representative in the future, we will update this Privacy Policy with the relevant contact details.

3. Personal Data We Collect

We collect personal data in the following ways.

Account information

When you create or manage an account, we may collect:

Name
Email address
Password authentication data
Account preferences
Time zone, currency, branding, or business profile settings
Login and authentication information
Subscription or account status

Passwords are handled through our authentication provider and are not stored by us in plain text.

Business and document information

When you use Documintly, you may create, upload, or store:

Invoices
Documents and PDFs
Templates
Client names and client contact details
Billing addresses
Tax or VAT numbers
Invoice numbers, payment terms, line items, totals, notes, and related invoice content
Uploaded files
Saved signatures
QR code data
Company presets and branding details
Shared document or invoice links
Related document and invoice activity

You control the content you upload or create in Documintly.

Billing information

If you subscribe to a paid Documintly plan, payment and billing are handled by Stripe. We may store billing-related metadata such as:

Stripe customer ID
Subscription status
Plan type
Billing period dates
Trial status
Cancellation or renewal status
Billing address information returned by Stripe
Payment status and invoice/payment history metadata

We do not store full card numbers on our servers.

Support and feedback information

If you contact us or submit feedback, we may collect:

Your name
Your email address
Your message
Account or technical details needed to respond
Error details or environment information related to your request

Usage, security, and technical data

We may automatically collect technical information such as:

IP address
Browser type
Device information
Operating system
Pages or features used
Error logs
Security events
Rate-limit and abuse-prevention data
Authentication and session activity
Cookie and similar technology data

This information helps us operate, secure, troubleshoot, and improve Documintly.

4. How We Collect Personal Data

We collect personal data:

Directly from you when you create an account, use the app, upload files, create invoices or documents, save templates, generate QR codes, or contact us
Automatically when you use the website or app
From service providers when needed to operate the service, process payments, send emails, prevent abuse, provide analytics, or maintain security
From connected systems or integrations that you authorize, if such integrations are added or enabled

5. How We Use Personal Data

We use personal data to:

Create and manage your account
Provide Documintly's invoice, document, template, QR code, and PDF tools
Store and manage your uploaded files
Generate, edit, organize, and share invoices and documents
Enable public or private share links when you choose to use them
Track shared invoice or document views and downloads
Send account, billing, security, password reset, and service notifications
Process subscriptions, trials, renewals, cancellations, and billing changes
Provide customer support
Receive and respond to feedback
Detect, prevent, and investigate fraud, abuse, unauthorized access, and security incidents
Maintain backups, logs, and service reliability
Improve Documintly's functionality, design, performance, and user experience
Comply with legal, tax, accounting, and regulatory obligations
Enforce our terms, policies, and legal rights

We do not sell your personal data.

We do not use the content of your invoices, uploaded documents, templates, signatures, or client records to train AI models.

6. Lawful Basis for Processing

Where privacy laws such as the GDPR or UK GDPR apply, we rely on the following lawful bases:

Purpose	Lawful basis
Creating and managing your account	Performance of a contract
Providing the Documintly service	Performance of a contract
Processing subscriptions and billing	Performance of a contract
Sending password resets and service notifications	Performance of a contract / legitimate interests
Customer support and feedback	Legitimate interests
Security, fraud prevention, and abuse prevention	Legitimate interests / legal obligation
Improving the service	Legitimate interests
Marketing communications, where used	Consent or legitimate interests, depending on applicable law
Legal, tax, accounting, and compliance obligations	Legal obligation
Enforcing terms, policies, and legal rights	Legitimate interests / legal obligation

Where we rely on legitimate interests, we consider your privacy rights and only process data in a way that is necessary, proportionate, and expected in the context of operating Documintly.

We only share personal data when necessary to provide, secure, and operate Documintly.

We may use the following categories of service providers:

Provider or service	Purpose	Possible processing location
Supabase	Authentication, database, file storage, private storage buckets, and account data	United States, European Economic Area, or other provider-supported regions
Vercel	Hosting, deployment, infrastructure, and analytics	United States, European Economic Area, or other provider-supported regions
Stripe	Subscription billing, checkout, customer portal, invoices, payment processing, and tax/billing records	United States, European Economic Area, or other provider-supported regions
Resend	Transactional email delivery, if enabled	United States or other provider-supported regions
Cloudflare Turnstile	Bot protection and abuse prevention	Global infrastructure
Upstash	Rate limiting and abuse prevention, if enabled	United States, European Economic Area, or other provider-supported regions
Google Fonts or similar font providers	Font loading for app interface and document/signature styling	Global infrastructure
Error logging, monitoring, or analytics providers	Reliability, debugging, performance, and product improvement, if enabled	United States, European Economic Area, or other provider-supported regions

We require service providers to process personal data only as needed to provide their services to us.

We may also share information:

If required by law, subpoena, court order, or legal process
To protect the rights, safety, security, or property of Documintly, our users, or others
To investigate fraud, abuse, unauthorized access, or security incidents
In connection with a merger, acquisition, financing, restructuring, or sale of assets
With your consent or at your direction

8. Data Processing Addendum

If you use Documintly to process personal data about your own clients, customers, recipients, or business contacts, you may need a Data Processing Addendum.

A Data Processing Addendum is available on request by contacting legal@documintly.com.

9. Public and Shared Links

Documintly allows you to create share links for invoices and documents.

When you enable a share link, anyone with the link may be able to view or download the shared invoice or document, depending on the feature and settings available in your account.

Documintly may track shared-link activity, including:

View count
Download count
Last viewed time
Last downloaded time
In-app notifications for views or downloads, depending on your notification settings

You are responsible for sharing links only with appropriate recipients and disabling links when they should no longer be accessible.

10. File Storage and Deletion

Documintly may store uploaded files, templates, signatures, and documents in private storage.

When you delete certain items, they may first move to trash or a recovery state. Deleted items may be retained for up to 30 days before permanent deletion, unless earlier deletion is requested or required.

Account deletion may also include a 30-day grace period before permanent removal of account-related data and stored files.

Some information may be retained longer where required for legal, billing, tax, accounting, fraud prevention, dispute resolution, or security purposes.

11. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy.

Typical retention periods include:

Data type	Retention period
Account data	While your account is active
Deleted account data	Up to 30 days after scheduled deletion, unless legal retention applies
Deleted documents, invoices, templates, or files	Up to 30 days in trash/recovery, unless permanently deleted sooner
Billing and subscription records	As long as required for tax, accounting, legal, and payment compliance
Support and feedback messages	As long as needed to respond, maintain records, and improve the service
Security and abuse-prevention logs	As long as needed to protect the service and investigate incidents
Anonymized or aggregated usage data	May be retained indefinitely because it no longer identifies you

When we no longer need personal data, we will delete it, anonymize it, or securely retain it only where required by law or legitimate business needs.

12. Sensitive Personal Data

Documintly is not designed for storing sensitive personal data unless it is necessary for your lawful business use.

You should not upload or enter sensitive personal data unless you have a lawful basis and all required permissions to do so. Sensitive personal data may include:

Health or medical information
Government identification numbers
Financial account credentials
Biometric information
Criminal record information
Information about race, ethnicity, religion, political opinions, trade union membership, sexual orientation, or similar protected categories

If you choose to include sensitive personal data in invoices, documents, templates, signatures, QR codes, uploaded files, or client records, you are responsible for ensuring that you have the legal right to process that information.

13. Security

We use reasonable technical and organizational measures to protect personal data, including:

HTTPS/TLS encryption in transit
Private storage buckets for user files where applicable
Authentication and access controls
Row-level access controls in the database where applicable
Server-side authorization checks
Rate limiting and bot protection
Payment processing through Stripe rather than storing card details directly
Restricted service-role access for administrative server operations
Monitoring, logging, and security reviews
Vendor and service provider review where appropriate

No online service can guarantee absolute security. You are responsible for keeping your login credentials secure and for controlling who can access your shared links. We cannot guarantee complete security, and your use of the Service is at your own risk.

14. International Transfers

Documintly is operated by Globe Astral LLC and may use service providers located in different countries, including the United States, the European Economic Area, and other regions.

Where required by applicable law, we rely on appropriate safeguards for international transfers, such as contractual protections, data processing agreements, standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

15. Your Privacy Rights

Depending on your location, you may have rights over your personal data, including the right to:

Request access to your personal data
Request correction of inaccurate or incomplete data
Request deletion of your personal data
Request restriction of processing
Object to certain processing
Request portability of your data
Withdraw consent where processing is based on consent
Opt out of certain marketing communications
Lodge a complaint with a data protection authority

You also have the right to object to processing based on legitimate interests, including certain profiling activities where applicable.

To exercise your rights, contact us at legal@documintly.com.

We may need to verify your identity before completing certain requests.

We aim to respond to valid privacy requests within 30 days, unless a different period is required by applicable law. If a request is complex or we receive many requests, we may extend the response period where legally permitted and will notify you when required.

16. California Privacy Notice

This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to us.

We may collect the following categories of personal information:

Category	Examples
Identifiers	Name, email address, IP address, account identifiers
Customer records information	Billing details, business contact information, subscription records
Commercial information	Plan type, subscription status, transaction metadata
Internet or network activity	Login activity, usage data, device data, security logs
Geolocation data	Approximate location inferred from IP address
Professional or business information	Company details, client records, invoice and document information you enter
Inferences	Account preferences, product usage patterns, or feature preferences
Sensitive personal information	Only if you choose to upload or enter it into the service

We use these categories of information for the purposes described in this Privacy Policy, including providing the service, processing billing, securing the platform, supporting users, improving the product, and complying with legal obligations.

We do not sell personal information.

We do not knowingly share personal information for cross-context behavioral advertising.

California residents may have the right to:

Know what personal information we collect, use, disclose, sell, or share
Request access to personal information
Request deletion of personal information
Request correction of inaccurate personal information
Opt out of sale or sharing, where applicable
Limit the use of sensitive personal information, where applicable
Not be discriminated against for exercising privacy rights

To make a California privacy request, contact legal@documintly.com.

17. Your Responsibilities for Client and Document Data

Documintly is designed for creating, managing, uploading, editing, and sharing business documents and invoices.

You are responsible for:

The accuracy and legality of the content you upload or create
Obtaining any required permission to store client, customer, recipient, or third-party information
Avoiding unnecessary sensitive information in invoices, documents, templates, signatures, QR codes, and uploaded files
Managing access to shared links
Deleting or disabling content that should no longer be available
Complying with privacy, tax, accounting, and business-record obligations that apply to your use of Documintly

18. Marketing Communications

We may send you service-related messages, such as account notices, billing notices, password resets, subscription updates, security alerts, and important product notices.

If we send marketing emails, you can unsubscribe at any time using the link in the email or by contacting us.

Even if you opt out of marketing emails, we may still send you essential service-related messages required to operate your account.

19. Cookies and Similar Technologies

Documintly may use cookies and similar technologies to:

Keep you signed in
Remember preferences
Secure the service
Prevent abuse and automated activity
Understand website or app usage
Improve performance and reliability

Some cookies are necessary for the service to work. Others, such as analytics or marketing cookies, may depend on your consent where required by law.

For more information, see our Cookie Policy if one is available on our website.

20. Automated Decision-Making

Documintly does not use automated decision-making that produces legal or similarly significant effects on users.

We may use automated systems for security, fraud prevention, spam prevention, rate limiting, abuse detection, and service reliability.

21. Children's Privacy

Documintly is not intended for children under 18.

We do not knowingly collect personal data from children. If you believe a child has provided personal data to Documintly, contact us at legal@documintly.com and we will take appropriate steps to delete it.

22. Data Breaches

If we become aware of a personal data breach that requires notification under applicable law, we will notify affected users and/or relevant authorities as required.

You can report suspected security or privacy issues by contacting legal@documintly.com.

23. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify you by email, in-app notice, or another appropriate method. The "Last updated" date at the top of this page will show when the policy was most recently changed.

24. Contact