kitedoc

Privacy Policy

Last updated: February 20, 2026

1. Information We Collect

We collect the following types of information when you use Kitedoc:

  • Account information — name, email address, and password when you create an account
  • Documents — files you upload to the Service for sharing and conversion
  • Usage data — pages visited, features used, document views and analytics events
  • Device information — browser type, operating system, and country/region derived from your connection
  • Payment information — billing details processed securely by our third-party payment provider; we do not store your full card number

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process document uploads, conversions, and sharing
  • Generate view analytics and engagement metrics for document owners
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, password resets, billing)
  • Detect and prevent fraud, abuse, and violations of our Terms

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract performance — processing your account data, documents, payments, and transactional emails is necessary to provide the Service you have requested
  • Legitimate interest — anonymized analytics for document viewers, fraud prevention, and service improvement, balanced against your privacy rights

4. Document Privacy

Your documents are stored with private access controls. Documents are only accessible via the sharing links you create. We do not read, analyze, or use the content of your documents for advertising or any purpose other than providing the Service (e.g., format conversion, thumbnail generation).

5. View Analytics

When someone views a document you have shared, we collect anonymized data including timestamp, duration, approximate location (country/region), and device type. No IP addresses are stored — location is derived at request time and only the country/region is retained. Viewer tracking is session-scoped: a random identifier is generated per browser session and is not persisted across sessions. Viewers are not tracked across documents unless they are logged in. This data is provided to the document owner through the analytics dashboard.

6. Data Storage and Security

Documents are stored using encrypted cloud storage with private access controls. We use presigned URLs with expiration to grant temporary access to documents. All data is transmitted over HTTPS. We implement industry-standard security measures to protect your data.

7. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers — we use the following sub-processors to operate the platform:
    • Stripe — payment processing
    • Cloudflare — content delivery, DDoS protection, and document storage
    • Resend — transactional email delivery
    • OpenPanel — anonymized product analytics
  • Legal requirements — when required by law, regulation, or legal process
  • Business transfers — in connection with a merger, acquisition, or sale of assets

8. Cookies

We use strictly necessary cookies only for authentication and session management. These cookies are essential for the Service to function and do not require consent under GDPR. We do not use third-party advertising cookies, tracking cookies, or any non-essential cookies.

9. Data Retention

We retain your account data for as long as your account is active. Documents are retained until you delete them or your account is terminated. Upon account deletion, all documents and associated data are permanently removed after a 14-day grace period. No IP addresses are stored at any point. Analytics data is retained in anonymized form and cannot be traced back to individual viewers.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

You can delete your account and export your data directly from your account settings. For other requests, contact us at privacy@kitedoc.com.

11. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know — you can request details about the personal information we collect and how it is used
  • Right to delete — you can request deletion of your personal information
  • Right to opt-out of sale — we do not sell your personal information to third parties
  • Non-discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise these rights, use your account settings or contact us at privacy@kitedoc.com.

12. Children

Kitedoc is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

14. Contact

For privacy-related questions, contact us at privacy@kitedoc.com.