doctagd

Privacy Policy

How Doctagd collects, uses, stores, and processes personal data. Operated by Project Paced Ltd.

Last updated 15 May 2026

This Privacy Policy explains how Doctagd ("Doctagd", "we", "us", or "our") collects, uses, stores, and processes personal data.

Doctagd is a product operated by Project Paced Ltd.

Company Information

Project Paced Ltd,
International House,
64 Nile Street,
London,
N1 7SR,
United Kingdom

1. Scope

This Privacy Policy applies to:

  • the Doctagd website
  • the web application
  • API access
  • billing and account systems
  • support communications
  • related services

2. Information We Collect

Account Information

We may collect:

  • name
  • email address
  • login credentials
  • authentication records
  • password hashes
  • account preferences
  • API key metadata

Customer Content

We process Customer Content uploaded or generated through the Service, including:

  • spreadsheets
  • Word templates
  • generated documents
  • saved configurations
  • mappings
  • workflow metadata
  • API payloads
  • filenames
  • preview data

Customer Content may contain personal data depending on what users upload.

Billing Information

We may collect or receive:

  • subscription status
  • billing plans
  • invoices
  • payment metadata
  • usage records
  • Stripe customer identifiers

Payment card information is processed by our payment processor and is not stored directly by Doctagd.

Technical and Usage Information

We may collect:

  • IP addresses
  • browser information
  • device information
  • timestamps
  • usage metrics
  • log records
  • API activity
  • rate-limit data
  • security telemetry

3. How We Use Information

We use information to:

  • provide document-generation functionality
  • authenticate users
  • secure the Service
  • operate the API
  • generate previews and downloads
  • save configurations
  • process subscriptions and billing
  • enforce quotas and limits
  • prevent abuse and fraud
  • provide support
  • maintain and improve the Service
  • comply with legal obligations

4. Legal Bases for Processing

Where UK GDPR or GDPR applies, we rely on legal bases including:

  • performance of a contract
  • legitimate interests
  • compliance with legal obligations
  • consent where applicable

Our legitimate interests include:

  • operating and securing the Service
  • improving reliability and functionality
  • preventing abuse
  • supporting customers
  • enforcing our Terms

5. File Storage and Retention

Uploaded files may be stored temporarily in private cloud storage.

Session uploads and temporary processing artefacts may be automatically deleted after operational retention periods.

Saved configurations and associated templates may persist until deleted by users or removed in accordance with our policies.

Generated documents, previews, logs, and job metadata may be retained temporarily for operational, billing, support, security, or reliability purposes.

Retention periods may vary depending on:

  • feature usage
  • billing status
  • legal obligations
  • security requirements
  • operational needs

6. Sharing and Disclosure

We do not sell Customer Content.

We may share data with third-party service providers that help operate the Service, including providers for:

  • hosting
  • storage
  • databases
  • billing
  • email delivery
  • authentication
  • bot protection
  • infrastructure
  • monitoring

We may also disclose information:

  • where required by law
  • to protect rights or security
  • to investigate abuse
  • during corporate transactions
  • with your consent or direction

7. Subprocessors and Service Providers

Doctagd uses third-party subprocessors and infrastructure providers.

Current providers may include:

  • Vercel
  • Neon
  • Stripe
  • Resend
  • Better Auth (hosted authentication infrastructure)
  • Upstash
  • Cloudflare Turnstile

Additional subprocessors may be added over time as the Service evolves. See the Subprocessors list for current detail.

8. International Transfers

Some providers may process data outside the United Kingdom or European Economic Area.

Where applicable, we use contractual and organisational safeguards intended to support lawful international transfers.

9. Security

We use technical and organisational measures intended to help protect the Service and Customer Content, including:

  • authentication protections
  • private storage controls
  • access restrictions
  • encryption in transit
  • operational monitoring
  • credential protections

No system can guarantee absolute security.

Users are responsible for securing their own devices, credentials, integrations, and uploaded data.

See the Security overview for more detail.

10. Your Rights

Depending on applicable law, you may have rights including:

  • access
  • correction
  • deletion
  • restriction
  • objection
  • portability
  • withdrawal of consent
  • complaint to a supervisory authority

Requests may be subject to verification and applicable legal limitations.

11. Cookies and Similar Technologies

Doctagd may use cookies and similar technologies for:

  • authentication
  • session management
  • security
  • preferences
  • analytics
  • operational functionality

Additional details are provided in the separate Cookie Policy.

12. Children

The Service is not intended for children under 18.

We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy periodically.

Updated versions will be posted with a revised "Last updated" date.

Continued use of the Service after updates become effective constitutes acceptance of the revised policy.

14. Contact

Questions regarding this Privacy Policy or privacy-related requests may be submitted through the contact page or official support channels.

See all legal documents or send questions through the contact page.