Cookie Usage

We use cookies to ensure you get the best experience on our website. By continuing, you accept our use of cookies, privacy policy y terms of service.

Newsletter image

Subscribe to our newsletter

Get the latest product updates and document security tips.

No spam. Unsubscribe at any time.

Get started

Privacy Policy

PrivyDocs Privacy Policy

1. Introduction

Omniatix ("Omniatix", "PrivyDocs", "we", "us", "our") takes your privacy seriously. This Privacy Policy applies to all visitors and users of PrivyDocs' services, websites, and applications, available at https://privydocs.com.

By accessing or using any part of the Service, you acknowledge that you have been informed of and consent to our practices regarding your information and personal data.

1.1. To whom does it apply?

This Policy applies to the processing of personal data of:

  • Customers (Users): Individuals or companies that contract and use PrivyDocs services.
  • Team Users: Individuals working for the Customer and accessing under their account.
  • Viewers: Individuals who access shared documents via Share Links.
  • Website Visitors: Individuals browsing the PrivyDocs website.

Important: PrivyDocs acts as a Data Controller for the data of Customers, Team Users, and Visitors. For Viewers' data, PrivyDocs acts as a Data Processor, with the Customer being the Data Controller. PrivyDocs assumes that the Customer already has the implicit or explicit consent of the Viewer to track their activity.

2. Personal Data

2.1. Purpose of Processing

We collect and process personal data to:

  • Provide, manage, and improve the offered services.
  • Facilitate secure document distribution and access management.
  • Provide viewing analytics and engagement metrics to Customers.
  • Ensure the security, integrity, and operation of the Service.
  • Comply with legal and regulatory obligations.
  • Develop and improve the Service through statistical analysis.

2.2. Types of Processed Data

Customer Data:

  • Account information: First name, last name, email address, password (hashed), company information.
  • Billing information: Managed by our authorized payment processor. PrivyDocs DOES NOT store credit cards.
  • Usage data: Activity logs, uploaded documents, created Share Links, settings.
  • Communications: Correspondence logs, support requests, feedback.

Viewer Data (as Data Processor):

  • Identity and contact: Email address, WhatsApp number (when required by the Share Link).
  • Viewing data: Pages viewed, time spent, number of views, access dates.
  • Technical data: IP address, approximate location, browser type, operating system, device.
  • Behavioral data: Focus loss events, downloads made, failed access attempts.

Website Visitor Data:

  • Technical information (IP, browser, operating system), browsing data, form information.

2.3. Legal Basis for Processing

  • Contractual execution: Provision of the Service, account management, billing.
  • Legitimate interest: Improving the Service, platform security, fraud prevention.
  • Consent: Marketing, commercial communications, non-essential cookies.
  • Legal compliance: Applicable legal obligations.

For Viewer data, the legal basis must be established by the Customer (Data Controller), who is responsible for adequately informing Viewers and obtaining necessary consents.

3. Personal Data Processing

3.1. How do we collect information?

  • Directly: When registering, filling out forms, uploading documents, or contacting support.
  • Automatically: Technical and usage data during interaction (IP, browser, viewed pages).
  • From Viewers: Data through their interaction with Share Links (email, WhatsApp, viewing, IP).
  • From third parties: Data from business partners in compliance with legislation.

3.2. How do we use the information?

Customer and Team User Data: Provision and improvement of the Service, billing, support, communications, marketing (with consent), and security.

Viewer Data (as Processor): Exclusively according to Customer instructions: verifying identity (email/WhatsApp OTP), recording and providing viewing analytics, managing contacts, and applying dynamic watermarks ({email}, {ip}, {date}).

Visitor Data: Analyzing traffic, managing form requests, measuring campaigns, and ensuring site security.

3.3. Data Retention

  • Customer Data: During the contractual relationship and up to 5 years thereafter for legal reasons.
  • Team User Data: While they have active access and up to 1 year after deactivation.
  • Viewer Data: According to Customer instructions. By default, viewing data for 2 years.
  • Visitor Data: Technical information up to 2 years. Contact forms up to 1 year.

4. Document Encryption and Security

4.1. End-to-End Encryption (E2EE)

E2EE is an optional feature that the Customer can enable when uploading a document. By default, documents are uploaded without E2EE.

When the Customer chooses to enable E2EE, documents are encrypted in the browser with AES-GCM 256-bit (PBKDF2 with 100,000 iterations). PrivyDocs DOES NOT have access to the encryption keys or the decrypted content.

Limitations when enabling E2EE: Certain functionalities are disabled, including thumbnail generation, AI content analysis, and any function requiring server-side access to the content.

4.2. General Security

We implement appropriate technical and organizational measures:

  • Data encryption in transit (TLS/HTTPS) and at rest.
  • Securely hashed user passwords (never in plain text).
  • Share Link passwords hashed on the server.
  • Access controls, robust authentication, and continuous monitoring.
  • Storage in S3-compatible infrastructure (Supabase Storage).

4.3. Data PrivyDocs CANNOT access (when using E2EE)

For E2EE encrypted documents, we cannot see the content, we cannot recover documents if you lose the keys, and we cannot decrypt them when facing legal requirements.

For documents without E2EE (default behavior), files are stored securely with encryption at rest, but PrivyDocs has the technical capability to access the content to provide features like thumbnail generation, AI analysis, and indexing.

5. Sharing Data with Third Parties

5.1. Payment Processor (Merchant of Record)

Our authorized payment processor acts as our Merchant of Record and official reseller. To manage purchases and subscriptions, they independently and securely handle payment processing, billing, and refunds. PrivyDocs DOES NOT collect, process, or store sensitive financial data such as credit card numbers. When making a purchase, your billing details are sent directly to our payment processor (who complies with strict PCI DSS security standards). The collection and processing of your financial data are entirely governed by the payment processor's Privacy Policy.

5.2. Service Providers

  • Hosting and storage: Supabase, cloud infrastructure providers.
  • Custom domains: Cloudflare for SaaS (TLS certificates, DNS).
  • WhatsApp verification: Meta/WhatsApp Business API (OTPs).
  • Email services: SMTP/API providers for notifications.
  • Analytics: Usage analysis tools.

All providers are contractually obligated to protect data and may only use it to perform services on our behalf.

5.3. Data Shared with Customers

As part of the Service, we provide Customers with information about their Viewers: email/WhatsApp, viewing data, IP and approximate location, access status, download events, and focus loss events. Customers are the Data Controllers of this data.

5.4. Legal Requirements

We may disclose information when required by court orders, government investigations, protection of our legal rights, or compliance with applicable laws.

Note: For documents with E2EE enabled, PrivyDocs cannot provide the decrypted content, even under legal requirement. For documents without E2EE, PrivyDocs may be compelled to provide access to the content under valid legal requests.

5.5. Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any changes.

6. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right of Access: Request information about what data we process about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data in certain circumstances.
  • Right to Restriction: Request that we limit the processing of your data.
  • Right to Data Portability: Request to receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing for certain purposes.
  • Right to Withdraw Consent: If processing is based on consent, you may withdraw it at any time.

To exercise these rights, please contact us at [email protected].

For Viewers: If you are a Viewer and wish to exercise your rights regarding data collected during document viewing, you must contact the Customer who shared the document, as they are the Data Controller.

7. International Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We implement appropriate safeguards such as standard contractual clauses and other recognized protective measures.

8. Minors

Our services are not directed at minors under 16. We do not knowingly collect data from minors without parental consent. If we discover that we have collected a minor's data, we will take steps to delete that information.

9. Cookies and Similar Technologies

We use cookies to: operate and administer the Service, remember user preferences (theme, language), analyze trends, and improve the browsing experience.

10. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via a notice on our website or by email. Continued use of the Service constitutes acceptance of the changes.

11. Contact

For any questions related to this Privacy Policy:

Last updated: 20 de febrero de 2026