Privacy Policy
Last updated: April 19, 2026
Introduction
ShareDoc ("we", "us", or "our") operates a document sharing and collaboration platform (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use our Service.
By using the Service, you agree to the collection and use of information as described in this policy. This policy applies to all users, including those who connect third-party storage and productivity integrations.
If you have questions about this policy at any time, you can reach us at [email protected].
Definitions
- Service — The ShareDoc platform and associated websites.
- Personal Data — Any data that can identify you as a living individual, directly or indirectly.
- Usage Data — Automatically collected data about how you interact with the Service (e.g., page views, session duration).
- Integration Data — Content accessed through connected third-party services such as Dropbox , Google Drive etc.
- User Content — Documents, files, links, and any other content you upload or share through the Service.
- Data Controller — ShareDoc / Karman Analytics Pvt Ltd, which determines the purposes and means of processing your data.
- Sub-processor — A third-party service provider we engage to process data on our behalf.
Information We Collect
Account Information
When you register, we collect your name, email address, and password (hashed). If you sign up via OAuth (Google, GitHub), we receive only the profile data you authorize.
We use this information only to operate the Service (for example, authentication, billing where applicable, and support). We do not sell your account information to third parties, and we do not share it for third-party marketing or advertising.
Usage Data
We collect standard web analytics data including IP address, browser type, pages visited, and time on page. This helps us improve the Service and diagnose technical issues.
User Content
Documents, files, and links you upload or share are stored solely to provide the Service to you. We do not read, index, or analyze the content of your documents for any purpose other than rendering and delivering them to recipients you designate.
Integration Data
When you connect a third-party integration (e.g., Dropbox), we access only import files you explicitly select. See Section 5 for full details on how integration data is handled.
Payment Information
Billing is handled entirely by our payment processor (Stripe). We do not store credit card numbers or full payment details on our servers. We retain only transaction identifiers and subscription status.
Communications
If you contact our support team, we retain those messages to resolve your request and improve the Service.
How We Use Your Data
We use the data we collect strictly to operate and improve the Service. Specifically:
- To create and manage your account
- To deliver documents and track document engagement (views, time spent) on your behalf
- To process payments and manage subscriptions
- To send transactional notifications (e.g., document viewed alerts, billing receipts)
- To provide customer support
- To detect and prevent abuse, fraud, and security incidents
- To comply with legal obligations
- To improve product reliability and performance through aggregated, anonymized analytics
We do not use your data or content to train machine learning models. We do not profile you for advertising purposes.
Third-Party Integrations
ShareDoc allows you to connect cloud storage and productivity services to import and share documents directly. This section describes precisely how we handle data from those integrations.
Absolute commitment for all integrations
We do not sell, share, license, or otherwise transfer any data obtained through third-party integrations (including Dropbox, Google Drive, OneDrive, Box, or any other connected service) to any third party for commercial purposes. Integration data is used exclusively to provide the feature you enabled. Period.
What we access
When you connect an integration, we request only the minimum permissions necessary. We access files and folders you explicitly select — we do not scan your entire storage account.
What we store
We temporarily cache integration content to serve it reliably to your recipients. Cached data is deleted in accordance with your document's expiry settings or when you disconnect the integration, whichever comes first.
What we never do
- Read file contents for purposes other than rendering and delivery
- Retain integration credentials beyond the active session or OAuth token lifecycle
- Share, sell, or transfer integration data to any other party
- Use integration data to build advertising profiles or enrich third-party databases
- Train AI or ML models on your document content
Revoking access
You can disconnect any integration at any time from your account settings. Upon disconnection, we delete all cached content associated with that integration within 30 days. You can also revoke access directly from the third-party provider's settings (e.g., your Dropbox connected apps page).
Integration providers' own policies
When you connect a third-party service, that service's own privacy policy governs how they handle your data on their end. We encourage you to review those policies independently.
Data Sharing & Disclosure
We do not sell or rent your personal information. We share data only in the following limited circumstances:
Service providers (sub-processors)
Legal requirements
We may disclose information if required by law, court order, or valid governmental authority. We will notify you of such requests where legally permitted to do so.
Business transfers
In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity. We will notify you before that happens and your rights under this policy will continue to apply.
With your consent
We share data in any other circumstance only with your explicit consent.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. You can request deletion of your account and associated data at any time.
When you delete a document or disconnect an integration, associated content is removed from our active systems within 30 days. Backups are purged within 90 days. Usage logs used for security and fraud prevention may be retained for up to 12 months, after which they are anonymized or deleted.
We may retain certain data longer where required by law (e.g., billing records for tax compliance).
Security
We implement industry-standard measures to protect your data, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Access controls: only authorized personnel with a need to know can access user data
- Regular security audits and dependency scanning
- Incident response procedures with breach notification obligations
No system is 100% secure. If you believe your account has been compromised, please contact us immediately at [email protected].
Your Rights (GDPR)
If you are in the European Union or European Economic Area, you have the following rights under GDPR:
- Access
- Request a copy of the personal data we hold about you.
- Rectification
- Correct inaccurate or incomplete personal data.
- Erasure
- Request deletion of your personal data ("right to be forgotten").
- Restriction
- Ask us to limit how we process your personal data.
- Portability
- Receive your data in a structured, machine-readable format.
- Objection
- Object to processing based on legitimate interests.
- Withdraw Consent
- Where processing is consent-based, withdraw at any time.
- Lodge a Complaint
- Contact your local Data Protection Authority.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before processing the request.
Data transfers outside the EEA are governed by Standard Contractual Clauses where applicable.
California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know
- You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purpose, and the categories of third parties we share it with.
- Right to delete
- You may request deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale
- We do not sell your personal information to any third party. This applies to account data, usage data, user content, and any data accessed via connected integrations. There is nothing to opt out of — we do not engage in this practice.
- Right to non-discrimination
- We will not discriminate against you for exercising any of your CCPA rights.
To submit a request, email [email protected]. You may submit up to two requests per 12-month period.
Children's Privacy
The Service is not directed at children under 16 years of age. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and — for material changes — notify you by email or a prominent notice in the Service at least 14 days before the change takes effect.
Your continued use of the Service after any update constitutes acceptance of the revised policy. If you disagree with a change, you may close your account before it takes effect.
Contact Us
For any privacy-related questions, requests, or concerns, contact our privacy team:
- Email: [email protected]
- Response time: within 5 business days for general enquiries, 30 days for data rights requests