docdev

This is a template. Replace bracketed placeholders (e.g. [Company Legal Name]) and have it reviewed by legal counsel before relying on it in production.

Privacy Policy

Last updated: 2026-05-02

This Privacy Policy explains how [Company Legal Name] (“DocDev”, “we”, “our”) collects, uses, and shares information when you use our service at [docdev.app](the “Service”).

1. Information we collect

We collect the following categories of information:

  • Account information. Email address, agency name, and a hashed password when you sign up.
  • Profile and settings. Optional information you provide such as website, phone, location, tone-of-voice preferences, and tech-stack defaults.
  • Project content. Client briefs, transcripts, and any files you upload, plus the AI-generated insights, discovery answers, challenges, and proposals derived from them.
  • Usage data. Basic request metadata (IP address, user-agent, timestamps) and rate-limit counters used to protect the Service from abuse.

2. How we use information

  • To provide, operate, and improve the Service.
  • To process the briefs you submit and generate proposals using third-party AI providers (see “Subprocessors” below).
  • To authenticate you and protect your account.
  • To communicate with you about the Service (account notifications, security alerts, and important product updates).
  • To detect, prevent, and respond to fraud or abuse.

3. Legal bases (UK / EU users)

We rely on the following legal bases under UK GDPR and EU GDPR: performance of a contract (to deliver the Service you signed up for), legitimate interests (to secure and improve the Service), consent (where required, e.g. non-essential cookies), and legal obligation.

4. Subprocessors

We share data only with the third-party providers necessary to operate the Service:

  • Supabase — authentication, database, and file storage (data hosted in [region]).
  • Anthropic— the brief content you submit is sent to Anthropic’s Claude API to generate insights and proposals. Anthropic does not train models on inputs sent through their API.
  • [Hosting provider, e.g. Vercel] — application hosting and edge delivery.

5. Data retention

We retain your account and project data for as long as your account is active. If you delete your account, we delete or anonymise your data within 30 days, except where we are required to retain it for legal, accounting, or fraud-prevention purposes.

6. Your rights

Depending on your location you may have the right to access, correct, export, or delete your personal data, restrict or object to processing, and lodge a complaint with a supervisory authority. To exercise these rights, contact us at [support@example.com].

7. Security

We use industry-standard measures including TLS in transit, encryption at rest, role-based access controls, and row-level security to protect your data. No system is perfectly secure, but we work to mitigate risk and respond promptly to incidents.

8. International transfers

Your data may be processed in countries outside your own (notably the United States, where Anthropic is based). Where required, we rely on standard contractual clauses or equivalent safeguards.

9. Children

The Service is not directed to anyone under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy from time to time. Material changes will be notified via email or an in-product notice at least 14 days before they take effect.

11. Contact

Questions about this policy: [support@example.com]. Postal address: [Registered Address].