Privacy Policy

Last updated: 2026-04-25

DocBird ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at docbird.io. Please read this policy carefully.

1. Information We Collect

We collect the following categories of information:

Account & Identity Data

  • Name and email address (required for account creation)
  • Password (stored as a bcrypt hash; never stored in plaintext)
  • Company name and billing address (for paid subscribers)

Usage Data

  • Pages visited, features used, and documents generated
  • Browser type, operating system, and IP address
  • Referring URLs and session duration
  • Analytics via self-hosted Plausible (cookie-free, no cross-site tracking)

Document Content

  • Text inputs and parameters you provide to generate documents
  • Generated document content stored in your account

Communications

  • Support requests and feedback submitted to us
  • Email communications sent through our self-hosted mail server (Mox)

2. Payment Processing (Stripe)

Billing and payment processing is handled by Stripe, Inc., a PCI-DSS compliant payment processor. When you provide payment information, you submit it directly to Stripe. DocBird does not collect, store, or process your full payment card numbers.

DocBird receives limited data from Stripe including: subscription status, last four digits of your card, card brand, billing country, and transaction history for your account.

Stripe's collection and use of your payment data is governed by Stripe's Privacy Policy.

3. Email Communications (Self-Hosted Mox)

Transactional and marketing emails are delivered via our self-hosted email infrastructure (Mox). Email addresses and content are processed on our own mail servers and not transmitted to third-party email service providers.

Types of emails we send include: account verification, subscription confirmations, feature announcements, and product updates. You may opt out of marketing emails at any time using the unsubscribe link in any email. Transactional emails (receipts, password resets) cannot be opted out of while your account is active.

Your email data remains within DocBird's infrastructure and is not shared with external email service providers.

4. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Authenticate your identity and secure your account
  • Send transactional and marketing communications
  • Improve the Service through aggregated usage analytics
  • Respond to support requests and feedback
  • Comply with legal obligations and enforce our Terms of Service
  • Detect and prevent fraud, abuse, and security incidents

5. Data Sharing and Disclosure

We do not sell your personal information. We share data only in these circumstances:

  • Service Providers: Stripe (payments), cloud hosting providers — all bound by data processing agreements.
  • Legal Compliance: When required by law, subpoena, court order, or to protect our rights and the safety of others.
  • Business Transfer: In connection with a merger, acquisition, or sale of assets, with notice provided to you.
  • With Your Consent: In any other circumstances where you have given explicit consent.

6. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) afford you specific rights regarding your personal information:

Right to Know

You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the third parties with whom we share it.

Right to Delete

You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (e.g., information needed to complete a transaction or comply with a legal obligation).

Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt-Out of Sale

DocBird does not sell personal information. You do not need to opt out.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at privacy@docbird.io. We will respond to verified requests within 45 days.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention practices:

  • Active accounts: Data retained for the duration of the account lifecycle.
  • Inactive accounts: Accounts with no login activity for 90 consecutive days are subject to automated deletion of document content. Account credentials and billing records are retained for an additional 30 days before full deletion.
  • Cancelled subscriptions: Data is retained for 90 days post-cancellation to allow account reactivation, then deleted.
  • Legal holds: Data subject to a legal hold or compliance requirement will be retained until the hold is lifted.
  • Financial records: Transaction records are retained for 7 years as required by U.S. tax law.

You may request early deletion of your account and data by emailing privacy@docbird.io.

8. Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • TLS encryption for all data in transit
  • Passwords stored using bcrypt hashing with salting
  • Access controls limiting employee access to personal data
  • Regular security reviews and dependency audits

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

Contact Us

For privacy inquiries, CCPA requests, or data deletion requests, contact:
privacy@docbird.io