Privacy Policy

Version 2.2 | Last Updated: June 14, 2026

Summary

DocsOrb processes the data needed to run its business policy platform: account access, policy and board content, training and acknowledgment records, integrations, billing, and support. We use that data to deliver the service, secure it, power requested AI features, and meet legal and operational obligations.

Key Points

Business policy platform dataWe process policy text, attached documents, board settings, ownership, audience, and workflow data because those are core parts of the product.
Compliance records are part of the serviceAcknowledgments, approvals, reminders, signatures, and activity logs are stored so teams can prove completion and maintain an audit trail.
AI uses policy-related inputsWhen users trigger AI features, DocsOrb may process prompts and policy content needed to generate drafts, overviews, and key points.
Processors support core operationsWe rely on services such as Supabase, Stripe, Resend, Crisp, and selected AI providers to authenticate users, store data, send emails, provide support, and handle billing.

DocsOrb UG (haftungsbeschränkt) ("DocsOrb", "we", "our", "us") provides a business policy management platform for creating, distributing, acknowledging, and tracking company policies. This policy explains what personal data we process, why we process it, and what rights you have.

Who we are

DocsOrb UG (haftungsbeschränkt)
Haymannstraße 3
85764 Oberschleißheim
Germany

Registered at Amtsgericht München, HRB 302694
Email: sk@docsorb.com

We act as the controller for personal data processed in connection with our website, our own customer relationships, and the operation of the DocsOrb platform.

What data we collect

Depending on how DocsOrb is used, we may process:

  • Account and profile data, such as name, work email, login method, and organisation membership
  • Workspace and policy data, such as policy text, uploaded or imported documents, board configuration, categories, tags, owners, reviewers, and audience settings
  • Training and compliance records, such as policy completion, acknowledgments, signatures, deadlines, reminders, approvals, and activity logs
  • Integration and sync data, such as connected storage provider metadata, external document references, and sync history
  • Usage and technical data, such as device/browser information, IP-derived security logs, error logs, and feature usage events
  • Billing and transaction data, such as plan, company subscription status, and Stripe customer references
  • Contact data, when you contact us for support, sales, or legal/privacy questions

How we use your data

We use personal data to:

  • Provide and secure the DocsOrb service, including authentication, authorisation, audit logging, and organisation-level access control
  • Store, import, display, and manage policy content and related documents
  • Generate AI-assisted outputs such as policy drafts, summaries, and key points when requested by the user
  • Run training, acknowledgments, approvals, reminders, and compliance tracking workflows
  • Manage subscriptions, payments, customer support, and account administration
  • Monitor performance, troubleshoot problems, prevent abuse, and improve the platform

Legal bases

Where GDPR applies, we typically process data because it is necessary to perform a contract, comply with legal obligations, pursue our legitimate interests in operating and securing the service, or because consent has been given where required.

Third-party services and processors

We use trusted service providers to run DocsOrb, which may include:

  • Supabase for authentication, database, and storage
  • Stripe for subscription and billing operations
  • Resend for transactional email such as invites and reminders
  • Crisp for live chat and customer support messaging
  • AI providers used through our AI infrastructure when users request AI-assisted features
  • Clay for business-to-business market research and contact enrichment used in our outbound sales activities

We use Crisp.chat to provide live chat on our website. If you use the chat widget, Crisp may process data needed to operate the chat, such as cookies or similar session identifiers, IP address, device/browser information, pages visited during the chat session, and the content of your messages. Crisp states that chatbox cookies are used to restore chat sessions and messages, not for tracking purposes, and that its core user data is stored in Europe. You can read Crisp's privacy policy at crisp.chat/en/privacy .

For our outbound sales and marketing, we use Clay's market research tool to identify and research relevant business contacts and companies. In this context, Clay may process business contact information (such as name, professional role, business email, and company details) sourced from publicly available and third-party data providers, which we rely on based on our legitimate interest in reaching potential business customers. We only process such data for legitimate B2B outreach, and you can object to this processing or request deletion at any time by contacting us. You can read Clay's privacy policy at privacy.clay.com/policies .

We may also process information from customer-connected integrations such as Google Drive, SharePoint, OneDrive, Notion, Confluence, or public URLs when a customer chooses to import policy content from those sources.

Where data is stored

Policy content and platform data may be stored in DocsOrb-managed infrastructure and, where chosen by the customer, linked external systems. Some data may be transferred outside your country of residence. Where required, we use appropriate safeguards for international data transfers.

How long we keep data

We retain data for as long as needed to provide the service, maintain security and auditability, comply with legal obligations, and resolve disputes. Retention can vary depending on the account, subscription, workspace activity, and applicable law.

Your rights

Depending on applicable law, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Request a copy of your data in a portable format

To exercise these rights, contact us at sk@docsorb.com. If your account is managed by your employer or organisation, some requests may need to be coordinated with that organisation first.

Children's privacy

DocsOrb is intended for business use and is not directed to children. We do not knowingly provide the service to users under 16.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page with the revised date.

Contact us

If you have any questions about this policy or our data practices, contact sk@docsorb.com.