Working draft — under legal review.
This document is a good-faith working draft. Final binding terms will be published before paid plans launch. If anything here is material to your decision to use Doctriever, please email hello@doctriever.com and we'll confirm in writing.
Legal
Privacy policy
How Doctriever handles personal data on behalf of accounting firms and the clients they serve.
Last updated: 4 May 2026
1. Who we are
Doctriever is operated by [Legal entity name — needs registration], registered at [Registered address], company number [Company registration number] (“Doctriever”, “we”, “us”). For privacy questions you can reach us at hello@doctriever.com.
2. Two relationships, two roles
Doctriever serves accounting firms (our customers) and the small businesses those firms work with (the firm's clients). Our role under data protection law depends on whose data is being processed.
- Accounting firm staff (the user signing in). When an accountant or bookkeeper signs up, signs in, or uses the dashboard, we are a data controller for the limited personal data needed to run their account.
- End-client documents and metadata.When the firm uses Doctriever to collect invoices, receipts, and bank statements about the firm's clients, we are a data processoracting on the firm's instructions. The firm is the controller of that data and signs a data processing agreement (DPA) with us before processing begins.
3. What data we collect
3.1 From the accounting firm (controller data)
- Email address, full name, and the firm name you provide at signup.
- Authentication metadata: hashed magic-link tokens, session identifiers, sign-in timestamps, IP address, and user agent for the device that signed in.
- Subscription and billing data once paid plans launch (handled by our payment processor — we do not store full card numbers).
- Support correspondence sent to hello@doctriever.com.
3.2 From the firm's clients (processor data)
- Documents the firm or its clients upload or forward: invoices, receipts, bank statements, and email attachments. These may contain personal data the firm's clients have decided to include.
- Extracted fields produced by our matching pipeline: supplier, transaction date, amounts, VAT, invoice number, currency.
- Email metadata for inbound forwarding: sender address, subject, timestamp, and attachment count.
- Optional client name and email if the firm chooses to add one to a client record so we can send the upload-link invite.
3.3 Visitors to the marketing site
- Waitlist submissions: email, optional firm name, optional client-count range, optional accounting-tool selection, IP address, user agent, and any UTM parameters that brought you to the site.
- Privacy-friendly aggregate analytics. We do not currently use third-party advertising trackers.
4. Why we use this data (lawful basis under GDPR)
- Contract. To provide the service the firm has signed up for — matching documents, generating reminders, producing month-end packages.
- Legitimate interest. To keep the service secure, prevent abuse, debug issues, and improve the product.
- Legal obligation. Tax, accounting, and record-keeping requirements that apply to us.
- Consent. For waitlist signup — you can withdraw at any time by replying “unsubscribe” to any message we send you.
5. Where data is stored
Documents and metadata are stored in secure regional data centres operated by our infrastructure providers, with per-firm tenant isolation. EU residency is the default region; US, UK, and APAC regions are available on request for firms with regional residency requirements.
Files are encrypted in transit (TLS 1.3) and at rest (AES-256 by the underlying storage provider). Access is restricted to the engineering staff who need it to operate the service; access events are logged.
6. Subprocessors we use
We use a small number of vendors to operate Doctriever. Each is contractually bound to security and privacy commitments at least as protective as the ones we make to you.
| Subprocessor | Purpose | Region (default) |
|---|---|---|
| Supabase | PostgreSQL database and document storage | EU (Frankfurt) |
| Vercel | Web application hosting and edge delivery | Global edge; primary EU |
| Mailgun | Outbound and inbound email delivery | EU |
| Anthropic | AI-assisted field extraction from documents | US (data not used for model training) |
| Inngest | Background job orchestration | US / EU |
| [Payment processor — e.g. Stripe] | Subscription billing | EU / US |
We update this list when subprocessors change. Firms on a paid plan will be notified of material changes before they take effect.
7. International transfers
Some subprocessors are based outside the EEA. Where personal data leaves the EEA, we rely on the European Commission's Standard Contractual Clauses and any supplementary measures the relevant subprocessor offers (such as EU-US Data Privacy Framework certification, where applicable).
8. AI processing
Doctriever uses large language models from Anthropic to extract structured fields (supplier, date, amount, VAT, invoice number) from uploaded documents and to draft polite reminder text. Documents are processed transiently and are not used to train Anthropic's models. The accountant is always the final reviewer — nothing is sent, posted, or filed without explicit accountant action.
9. How long we keep data
- Account data: for as long as the firm has an active subscription, plus 90 days after cancellation to allow account recovery and final exports.
- Client documents and metadata: per the firm's instructions, including any retention period the firm has configured. On cancellation, the firm can request export and deletion at any time within the 90-day window.
- Waitlist submissions: kept until you ask us to delete them, or 24 months from the last contact, whichever is sooner.
- Audit and security logs: 12 months.
10. Your rights
Depending on where you live (under GDPR, UK GDPR, CCPA / CPRA, or similar), you may have rights to access, correct, delete, restrict, port, or object to the processing of your personal data. To exercise any of these rights, contact hello@doctriever.com. If we are processing data on behalf of an accounting firm (most client-document data), we will route your request to that firm.
EU and UK residents may lodge a complaint with their national data protection authority. We will of course try to resolve any concerns directly first.
11. Cookies and similar technologies
We use a small number of strictly necessary cookies for authentication and security. The session cookie (doctriever_session) is HTTP-only, Secure, and SameSite=Lax. We do not use advertising or cross-site tracking cookies.
12. Security
We take technical and organisational measures appropriate to the risk, including encryption in transit and at rest, per-firm tenant isolation, single-use signed upload links, IP-based rate limiting, audit logging, and principle-of-least-privilege access controls. We are working towards [SOC 2 Type I — target H2 2026] and will share progress with pilot firms on request.
13. Children
Doctriever is a tool for accounting professionals. We do not knowingly collect personal data from children under 16. If you believe we have, please contact us so we can remove it.
14. Changes to this policy
If we make material changes, we'll update the “Last updated” date at the top and, for firms on paid plans, notify the primary contact by email at least 14 days before the change takes effect.
15. Contact
For privacy questions or to exercise any of your rights, please contact hello@doctriever.com.