Privacy Policy

How GJSDocs collects, uses, and protects your data when you use our services.

This Privacy Policy explains how GJSDocs ("we", "us", "our") collects, uses, discloses, and protects information when you access our website, dashboard, document editor, and related APIs (collectively, the "Service"). By using the Service, you agree to the practices described below.

1. Information We Collect

We collect information you provide directly, information generated as you use the Service, and information from third parties you choose to connect.

  • Account information: name, email address, password hash, workspace settings, membership plan, and role.
  • Document and template content: documents, templates, variables, blocks, and metadata you create, upload, or generate through the editor.
  • Integration data: tokens, configuration, and metadata for third-party services you connect (for example, cloud storage or e-signature providers). Credentials are stored encrypted.
  • API usage: API key identifiers, request counts, last-used timestamps, and rate-limit state used for security and billing.
  • Billing information: plan, billing interval, and payment status. Card details are processed by Stripe; we do not store full card numbers on our servers.
  • Technical and log data: IP address, browser and device information, referrer, timestamps, error logs, and security events.
  • Cookies and similar technologies: session cookies, authentication tokens, and limited analytics identifiers used to operate and improve the Service.

2. How We Use Information

  • Provide, maintain, and improve document automation, templates, and editor features.
  • Authenticate users, enforce access controls, and detect or prevent abuse and fraud.
  • Process payments, manage memberships, and apply usage limits associated with your plan.
  • Operate integrations you have explicitly connected and route data only as you configure.
  • Send transactional messages (account, billing, security) and, where permitted, product updates.
  • Comply with legal obligations and respond to lawful requests.

We do not sell your personal data. We do not use your document content to train third-party AI models without your explicit consent.

3. Legal Bases for Processing

Where the GDPR or similar laws apply, we process personal data on the basis of: (a) performance of our contract with you to deliver the Service; (b) our legitimate interests in operating, securing, and improving the Service; (c) compliance with legal obligations; and (d) your consent, where required — for example, optional analytics or marketing communications. You may withdraw consent at any time.

4. How We Share Information

We share information only as needed to operate the Service or as required by law:

  • Service providers: hosting, database, email delivery, error monitoring, customer support, and payment processing (Stripe). These providers may only process data on our instructions.
  • Integrations you enable: when you connect a third-party service, data flows between GJSDocs and that service per your configuration. Their privacy practices are governed by their own policies.
  • Legal and safety: when required by law, court order, or to protect rights, safety, and integrity of users or the Service.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, with notice where required.

5. Data Retention

We retain personal data while your account is active and for as long as needed to provide the Service, comply with legal and tax obligations, resolve disputes, and enforce agreements. Documents and templates you create remain available until you delete them or close your account. Backups containing deleted data are rotated on a defined schedule and then removed. You can request account deletion through the contact page.

6. Security

We apply technical and organizational safeguards designed to protect data in transit and at rest, including TLS for network traffic, encrypted storage of integration credentials, scoped API keys, hashed passwords, role-based access controls, and monitoring for unauthorized activity. No system is completely secure; please use a strong, unique password and protect access to your account and any API keys you generate.

7. International Data Transfers

GJSDocs and our service providers may process data in countries other than the one where you reside. When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

8. Your Rights

Depending on where you live, you may have rights to access, correct, export, restrict, or delete your personal data, to object to certain processing, and to lodge a complaint with a supervisory authority. California residents have additional rights under the CCPA/CPRA, including the right to know and the right to delete. To exercise these rights, contact us through the contact page; we will verify your request and respond within the timeframe required by law.

9. Cookies and Tracking

We use strictly necessary cookies for authentication and session management, and limited analytics to understand aggregate product usage. You can control cookies through your browser settings; disabling required cookies may break sign-in and core functionality.

10. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices, the Service, or applicable law. Material changes will be communicated through the Service or by email where appropriate. The "Last updated" date below indicates when this policy was most recently revised.

12. Contact

For privacy questions, data-subject requests, or legal notices, please reach out via the contact page and include enough detail to verify your request.

Last updated: May 7, 2026