Privacy Policy

1. Introduction and Scope

Welcome to CreateMyDoc ("we," "us," "our," or the "Service"). We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document generation platform.

This Privacy Policy applies to all users of the Service, including visitors to our website, registered users, and anyone who generates documents through our platform. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, you should not access or use the Service. We encourage you to review this Privacy Policy periodically as we may update it from time to time.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Create an Account: Name, email address, password, and any other information you choose to provide during registration.
• Generate Documents: Any personal, business, or legal information you input into our document generation forms, including names, addresses, dates, financial information, business details, and other data necessary to create your requested documents.
• Contact Us: Name, email address, phone number, and the content of your message when you reach out to our support team or submit inquiries.
• Make Payments: Payment information such as credit card numbers or other financial account information (processed securely through third-party payment processors).

2.2 Document Input Data

When you use our AI-powered document generation tools, you may provide sensitive and detailed information that will be incorporated into your documents. This may include:

• Personal identifiable information (names, addresses, etc.)
• Financial information and business data
• Legal information and circumstances
• Employment and professional information
• Any other data you choose to input for document customization

Please be mindful of the information you provide and only submit data that you are comfortable sharing with us and our AI service providers for the purpose of document generation.

2.3 Automatically Collected Information

When you access and use the Service, we automatically collect certain technical information about your device and usage:

• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers.
• Usage Data: Pages visited, features used, time spent on pages, click data, date and time of visits, referring/exit pages, documents generated.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior and preferences. See Section 10 for more details.
• Location Data: General geographic location inferred from your IP address (city, state, country level, not precise location).

2.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Authentication Services: If you choose to sign up or log in using third-party services (e.g., Google, Facebook), we may receive information from those services such as your name, email address, and profile information.
• Payment Processors: Transaction information and payment status from our payment service providers.
• Analytics Providers: Aggregated usage statistics and insights from analytics services we use to improve the Service.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• Provide and Maintain the Service: To create your Account, process your document generation requests, store and manage your documents, and deliver the core functionality of our platform.
• Process AI-Generated Documents: To send your inputs to AI service providers (such as Google Gemini) for document generation and to return the generated documents to you.
• Improve and Optimize the Service: To analyze usage patterns, identify trends, test new features, and enhance the performance and user experience of our platform.
• Communicate with You: To send you technical notices, updates, security alerts, support messages, account notifications, and responses to your inquiries.
• Process Payments: To process transactions, send receipts, and manage billing for paid services.
• Ensure Security and Prevent Fraud: To detect, prevent, and address technical issues, fraudulent activity, security threats, and violations of our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Marketing and Promotional Communications: With your consent where required, to send you promotional materials, newsletters, and information about new features or services. You may opt out at any time.
• Research and Development: To conduct research, develop new products or features, and improve our AI models (using aggregated, anonymized data where possible).

4. Legal Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (i.e., providing the Service you requested).
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving the Service, ensuring security, and conducting analytics, provided these interests are not overridden by your data protection rights.
• Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
• Consent: You have given explicit consent for processing your personal data for specific purposes (e.g., marketing communications). You may withdraw your consent at any time.

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share your information with carefully selected third-party service providers who assist us in operating the Service, including:

• AI Model Providers: We use third-party AI services such as Google Gemini to process your document inputs and generate documents. Your input data is transmitted to these providers for processing. We require our AI providers to handle your data securely and in accordance with applicable privacy laws.
• Cloud Hosting and Infrastructure: Providers that host our servers, databases, and application infrastructure.
• Payment Processors: Third-party payment services that process transactions on our behalf. We do not directly store your complete credit card information.
• Analytics and Monitoring Services: Tools that help us understand how users interact with the Service and identify technical issues.
• Customer Support Tools: Services that help us manage and respond to your support inquiries.
• Email and Communication Services: Providers that deliver transactional and marketing emails on our behalf.

These service providers are contractually obligated to use your information only for the purposes of providing their services to us and to maintain appropriate security measures.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• To comply with a subpoena, court order, or other legal process
• To respond to government or law enforcement requests
• To enforce our Terms of Service or other agreements
• To protect our rights, property, or safety, or that of our users or the public
• To investigate potential violations of law or our policies

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your information may be transferred or disclosed as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so for a specific purpose.

5.5 Aggregated Data

We may share aggregated, de-identified, or anonymized information that does not directly identify you with third parties for research, analytics, marketing, or other purposes.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

• Account Information: We retain your Account information for as long as your Account is active or as needed to provide you the Service. If you delete your Account, we will delete or anonymize your information within a reasonable timeframe, unless retention is required for legal, regulatory, or security purposes.
• Document Data: Generated documents and associated inputs are stored as long as you maintain your Account. You may delete documents at any time through your Account settings.
• Usage and Log Data: Technical logs and usage data are typically retained for a limited period (e.g., 12-24 months) for security, troubleshooting, and analytics purposes.
• Legal and Compliance: We may retain certain information for longer periods when required by law, to resolve disputes, enforce our agreements, or protect our legal rights.

7. Data Security Measures

We take the security of your information seriously and implement reasonable administrative, technical, and physical safeguards to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

Our security measures include:

• Encryption of data in transit using industry-standard SSL/TLS protocols
• Encryption of sensitive data at rest
• Secure authentication and access controls for our systems
• Regular security assessments and vulnerability testing
• Restricted access to personal information on a need-to-know basis
• Employee training on data security and privacy practices
• Use of reputable third-party service providers with strong security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your Account credentials and should notify us immediately of any unauthorized access.

8. International Data Transfers

CreateMyDoc is based in the United States, and your information is processed and stored on servers located in the United States and potentially other countries where our service providers operate.

If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries that may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that international transfers of personal data are protected through appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with service providers that include appropriate data protection terms
• Other legally recognized transfer mechanisms under GDPR

By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

9. Your Privacy Rights

9.1 GDPR Rights (EEA, UK, Swiss Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

• Right of Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: You have the right to request that we limit the processing of your personal data under certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.
• Right to Object: You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

9.2 CCPA Rights (California Residents)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: You have the right to opt-out of the "sale" of your personal information. Note: We do not sell personal information as traditionally defined.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@createmydoc.com. We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR requests, 45 days for CCPA requests).

To protect your privacy and security, we may need to verify your identity before processing your request. In some cases, we may need to retain certain information for legal or administrative purposes, or we may be unable to fulfill your request due to legal obligations.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service and to improve your user experience.

10.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They allow websites to recognize your device and remember information about your visit.

10.2 Types of Cookies We Use

• Essential Cookies: Necessary for the Service to function properly, including authentication and security features. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings to enhance your user experience.
• Analytics Cookies: Help us understand how you use the Service, which pages are most popular, and identify technical issues. We use services like Google Analytics for this purpose.
• Marketing Cookies: Track your browsing across websites to deliver targeted advertising (if applicable and with your consent).

10.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable cookies, some features of the Service may not function properly.

You can also opt-out of certain third-party analytics cookies by visiting:

• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout

11. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no industry standard for how to respond to DNT signals, and our Service does not currently respond to DNT browser signals or mechanisms.

12. Children's Privacy

Our Service is not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18. If you are under 18, you should not use the Service or provide any personal information to us.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us at support@createmydoc.com.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect information from children under 13.

13. Third-Party Links

The Service may contain links to third-party websites, services, or resources that are not owned or controlled by CreateMyDoc. This Privacy Policy does not apply to third-party websites or services.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party websites you visit. Your interactions with third-party websites are governed solely by their privacy policies and terms of service.

14. AI and Document Processing Disclosures

Because we use AI technology to generate documents, we want to be transparent about how your data is processed:

• Third-Party AI Processing: When you generate a document, your input data is transmitted to third-party AI service providers such as Google Gemini for processing. These providers process your data to generate your requested documents.
• Data Usage by AI Providers: Our AI service providers may process your data according to their own privacy policies. We select providers who agree to handle data securely and in compliance with applicable privacy laws. However, we recommend reviewing the privacy policies of these providers, such as Google's AI/ML Privacy Policy.
• Model Training: We may use aggregated, anonymized, or de-identified usage data to improve our Service and AI models. We do not share your personally identifiable document inputs with AI providers for the purpose of general model training without your consent.
• Document Confidentiality: While we implement security measures, communications with AI services are not protected by attorney-client privilege. You should not rely on the Service to protect confidential or privileged information at the level required by legal professional obligations.

15. Data Breach Notification

In the event of a data breach that affects your personal information and poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

Our notification will include:

• The nature of the breach and the data affected
• The likely consequences of the breach
• The measures we have taken or propose to take
• Steps you can take to protect yourself from potential harm

We will make every effort to provide notification without undue delay and, where required by law, within 72 hours of becoming aware of the breach.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy.

For material changes that significantly affect your rights or how we handle your personal information, we will provide prominent notice through the Service or by email (if you have provided your email address).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

17. Contact Information and Data Protection Officer

If you have any questions, concerns, or complaints about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Email: support@createmydoc.com
Postal Address: [Your Company Address]
Data Protection Officer: For GDPR-related inquiries, you may contact our Data Protection Officer at support@createmydoc.com

We take all privacy concerns seriously and will make reasonable efforts to respond to your inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.