This page summarises security practices and operational safeguards used by Doctagd.
Doctagd is a product operated by Project Paced Ltd.
1. Overview
Doctagd is designed to help users securely process spreadsheets, templates, generated documents, and workflow data.
Security is an ongoing operational priority, and practices may evolve over time.
2. Infrastructure
Doctagd uses cloud infrastructure providers for hosting, storage, databases, billing, and related operational services.
Current providers may include:
- Vercel
- Neon
- Stripe
- Resend
- Cloudflare Turnstile
Infrastructure providers may change over time. See the Subprocessors page for the current list.
3. Authentication and Access Controls
Security measures may include:
- authenticated user sessions
- password protections
- email verification
- API-key authentication
- access restrictions
- least-privilege operational access
- credential protections
- bot protection controls
4. File Storage
Uploaded files and generated documents may be stored in private cloud storage.
Temporary session uploads and processing artefacts may be deleted automatically after operational retention periods.
Saved configurations and associated templates may persist until deleted or removed in accordance with operational policies.
5. Encryption
Doctagd uses encryption in transit through HTTPS/TLS.
Third-party infrastructure providers may additionally provide encryption-at-rest capabilities.
6. Monitoring and Abuse Prevention
Operational and security monitoring may include:
- request logging
- abuse detection
- rate limiting
- bot protection
- API monitoring
- credential protection
- operational alerts
7. Employee and Operational Access
Access to systems and operational data is intended to be limited to authorised personnel and service providers where reasonably necessary for:
- operating the Service
- supporting customers
- investigating abuse
- maintaining security
- complying with legal obligations
8. Shared Responsibility
Users remain responsible for:
- securing their credentials
- securing API keys
- reviewing generated documents
- maintaining backups
- securing connected integrations
- assessing regulatory suitability
9. Vulnerability Reporting
If you believe you have identified a security vulnerability affecting Doctagd, please contact us through the contact page or official support and legal channels.
Please do not:
- exploit vulnerabilities
- access data without authorisation
- disrupt the Service
- publicly disclose issues before remediation efforts are complete
10. No Guarantees
No online service can guarantee absolute security.
Doctagd does not warrant that the Service will be immune from attacks, interruptions, or unauthorised access.