Privacy Policy

This Privacy Policy explains how DocLity handles information when you use our PDF, file, developer, calculator, image, AI, and utility tools.

DocLity is designed to collect the minimum information needed to operate the service, improve reliability, protect the platform, and respond to support requests.

Depending on how you use the platform, we may process uploaded files, text you enter into a tool, support form details, anonymous telemetry, operational logs, and browser-side identifiers used to understand session-level usage patterns.

• Files and text submitted to a tool so the requested action can be completed.
• Support details such as your name, email address, category, subject, message, submitted time, and page URL when you contact us.
• Anonymous usage data such as page views, tool views, successes, failures, client errors, route health, and aggregate engagement metrics.
• Coarse location signals such as country, region, or city when your hosting or CDN provider sends those values in request headers.
• Technical logs and security events used to diagnose failures, abuse, and delivery issues.

DocLity offers both browser-based and API-based tools. Some operations happen directly in your browser, while other operations are performed by our backend or by native conversion tools such as Poppler, LibreOffice, Ghostscript, qpdf, Tesseract, or related helper processes.

Uploaded files are processed only to complete the action you request. We do not sell uploaded content or use it for advertising. You should only upload files you own or are authorized to process.

• Some previews, rearranging, merging, and similar actions may run locally in your browser.
• Other actions may temporarily pass through the API and server-side processing pipeline.
• Temporary server files are subject to cleanup and retention limits configured for the API environment.
• Tool output should always be reviewed before relying on it, especially for OCR, AI-assisted, or format-conversion workflows.

DocLity uses a small amount of browser storage and cookies for platform functionality, user-requested preferences, and optional analytics. These mechanisms are first-party only.

At the time of this policy, the platform may use local storage for an anonymous telemetry session identifier, theme persistence, and certain tool-specific local features, a first-party cookie for recent tools, and a secure HttpOnly cookie for admin sessions in protected internal areas.

• A telemetry session identifier stored in browser local storage to measure anonymous repeat usage and engagement.
• A recent-tools cookie and theme preference stored locally or in a first-party cookie for convenience.
• Tool-specific local storage where the feature directly depends on local persistence, such as saved notepad content.
• A strict HttpOnly admin session cookie used only for protected internal admin routes after successful admin authentication.

We use anonymous telemetry to understand platform demand, route health, tool success rates, and product reliability. Google Analytics 4 is used when configured, but is not loaded for visitors we detect in the European Economic Area, United Kingdom, or Switzerland (based on coarse country signals from our hosting provider). Vercel Web Analytics and Speed Insights are cookieless aggregate services that do not store marketing cookies in your browser.

When available from infrastructure headers, DocLity may derive coarse location information such as country, region, or city for aggregate reporting. We do not request precise device GPS location through the browser, and we do not intentionally store raw IP addresses as part of product analytics.

Location analytics are used in aggregate form to understand where the platform is being used, how demand varies by region, and where reliability improvements may be needed.

• Telemetry may be retained in memory or in lightweight aggregate form, depending on the deployment configuration.
• Geo analytics may be incomplete if your host or CDN does not provide country, region, or city headers.
• Google Analytics may set cookies or use similar identifiers as described in Google's documentation. We attempt to avoid loading GA4 for EEA, UK, and Swiss visitors using edge geo headers; VPNs or missing geo data may affect this. Operators should obtain legal advice for their jurisdiction and traffic.

DocLity may be hosted, processed, cached, backed up, logged, or delivered through infrastructure located in multiple countries depending on your deployment architecture and service providers.

If you use the service from a country with data-transfer restrictions, you are responsible for determining whether the deployment, transfer mechanisms, notices, and contractual protections used for that deployment are sufficient for your legal obligations.

If you contact us through the support page, we use your information to respond, troubleshoot issues, and improve the platform.

Support requests may be delivered by SMTP email or by a configured webhook/email delivery provider, depending on how the deployment is configured.

• We may retain support records, related logs, and delivery attempts for troubleshooting and security purposes.
• Reply-to information in support emails is used so we can respond directly to your message.

We do not sell your personal information. Information may be processed by infrastructure and service providers that help operate DocLity, such as hosting platforms, CDNs, email delivery services, or server-side conversion tools you deploy as part of the stack.

We may also disclose information when required by law, to investigate abuse, or to protect the platform, our users, or third parties.

DocLity applies input validation, file-type restrictions, size limits, rate limiting, security headers, upload cleanup, and restricted admin protections. These controls are designed to reduce abuse and lower the risk of processing unsafe content.

No system is perfectly secure. You remain responsible for using strong credentials, deploying the service securely, and reviewing outputs before acting on them.

Retention depends on the type of information and your deployment settings. Temporary upload artifacts are intended to be removed automatically. Operational logs, support records, and telemetry summaries may be retained for troubleshooting, security, and service improvement.

If you run your own DocLity deployment, you control the final retention configuration for infrastructure logs, uploads, and email records.

DocLity is not intended for children who are below the minimum digital-consent age in their jurisdiction, and we do not knowingly design the platform to solicit personal information from children.

If you believe a child has submitted personal information through the service in a way that should not have occurred, contact support so the relevant deployment operator can review and respond appropriately.

You may stop using the service at any time. You may also contact support if you want us to review or remove a support message or other directly submitted information, subject to operational, legal, and security needs.

Depending on where your users are located, local privacy laws may give them rights such as access, correction, deletion, objection, portability, or restriction. You should obtain legal advice before relying on this policy for regulated production use.

Nothing in this policy is intended to waive or limit rights that cannot lawfully be waived under applicable privacy or consumer law.