Legal
Privacy Policy
This policy explains what information the doQvault product processes, why it is used, and the choices available to you.
Effective and last updated: 16 July 2026
1. Scope and operator
This policy applies to the doQvault product application, including its authenticated workspaces, product-support interactions, and related account services. The service is operated by doQvault. A separate website or preview-waitlist notice may apply when you use those services.
2. Information we process
- Identity and account data: name, email address, OAuth provider identity, profile details, avatar, phone number when supplied, organization membership, roles, and security settings.
- Workspace content: documents, structured fields, subjects, tasks, deadlines, comments, tags, templates, sharing instructions, and other information you or your organization add.
- Usage and security data: session and authentication events, device/browser information, IP-derived network information, request logs, audit events, and diagnostics needed to operate and protect the service.
- Browser-stored data: theme and tour preferences, a non-sensitive signed-in route hint, organization/session display state, notification cursors, and temporary invitation-return data.
- Support data: messages, files, and account details you choose to share when asking for help.
3. How we use information
- Provide, maintain, personalize, and improve the workspace features you request.
- Authenticate users through Google or Microsoft, maintain sessions, enforce permissions, and prevent abuse.
- Store, organize, search, preview, export, share, and audit workspace content as directed by authorized users.
- Send essential account, security, invitation, task, and service communications.
- Diagnose failures, respond to support requests, and comply with applicable legal obligations.
- When an authorized user deliberately invokes an AI feature, process the selected document or content to return the requested suggestion or extraction.
Depending on the context and applicable law, processing is based on performing the service agreement, your consent or instructions, legitimate interests in operating and securing the service, and legal obligations.
4. Cookies and local storage
The service uses essential authentication and OAuth-correlation cookies. The primary session cookie is HttpOnly and is not available to application JavaScript. A separate readable cookie is used only as a navigation hint; it is not an authentication credential. The application also uses local or session storage for preferences, limited account/workspace display state, notification continuity, and temporary invitation handoff. These technologies are necessary for sign-in, security, and requested product behavior rather than advertising.
5. When information is shared
We do not sell workspace content or personal information, and we do not use it for third-party advertising.
Information may be disclosed only as needed:
- to authorized members, administrators, recipients, or external collaborators according to workspace permissions and your sharing choices;
- to infrastructure, storage, email, authentication, security, support, and optional AI service providers acting for the operator under appropriate obligations;
- during a corporate transaction, subject to appropriate confidentiality and notice where required; or
- to comply with law, protect rights and safety, investigate abuse, or enforce agreements.
6. Retention and deletion
Account and workspace information is retained while needed to provide the service, maintain security and audit records, resolve disputes, meet contractual commitments, and comply with law. Retention may vary by data type and workspace instructions. Deletion from active systems may be followed by a limited period in protected backups or logs before routine expiry. Workspace administrators may control content belonging to their organization, so requests may need to be directed through them.
7. Security and your responsibilities
We use reasonable technical and organizational safeguards designed to protect information, including access controls, cookie-based sessions, audit trails, and encryption where supported. No online service can guarantee absolute security. Keep provider accounts and recovery codes secure, review permissions carefully, and retain independent copies of important records.
8. International processing
The operator and its service providers may process information in countries other than yours. Where required, appropriate contractual or other safeguards are used for cross-border transfers. Your organization may also choose where its users and recipients access shared content.
9. Your choices and rights
Depending on applicable law, you may have rights to access, correct, export, delete, restrict, or object to certain processing, withdraw consent, or complain to a data-protection authority. Some requests are subject to identity verification, legal exceptions, and the workspace administrator's control of organization data. You can also disconnect by signing out and may manage profile, session, notification, and sharing settings in the product.
10. Children
doQvaultis a professional and organizational service and is not directed to children. Do not create an account or submit a child's personal information unless an authorized organization has a lawful basis and appropriate safeguards for doing so.
11. Changes to this policy
We may update this policy as the service or legal requirements change. Material changes will be communicated through the product or another appropriate channel, and the effective date above will be revised.
12. Contact
For privacy questions or requests, use the support channel provided with your workspace, service order, or invitation or email dv@doqvault.app.
doQvaultMumbai, India