1) Who we are

Dokify is a service that lets users generate documents through a RESTful API. Controller/contact details:

• Controller: Dokify (insert legal entity name)
• Address: insert registered address
• Email: support@dokify.me

2) Scope

This policy covers our website, dashboard, and API endpoints (including /api/generate/pdf and /api/generate/doc). It does not cover third-party sites you may visit via links.

3) Information we collect

Account information

• Name, email address, password (hashed), email verification status.
• Profile settings and preferences.

Billing & wallet

• Top-up amounts, transactions, currency, timestamps.
• We do not store full payment card details; payments are processed by our payment provider.

API usage & logs

• Authentication token header (DikfyAuthorization), request/response timestamps, IP address, user agent, endpoint, HTTP status, processing time.
• Metadata such as document format, file size, and options used (e.g., margins, headers, watermarks). We do not use your content for training or profiling.

Document content

• HTML input and generated outputs are processed transiently to fulfill your request.
• If you opt to save to a temporary URL (e.g., S3), the file may be stored for up to 48 hours before automatic deletion.

Support & communications

• Emails and messages you send to support, plus diagnostic information you provide.

Website analytics

• Cookies or similar technologies for session management and optional analytics (see Cookies).

4) How we use your information

• To provide and maintain the service (authenticate requests, render documents, deliver outputs).
• To operate the dashboard (usage stats, API key management, balance and billing).
• To detect, prevent, and investigate fraud, abuse, or security incidents.
• To comply with legal obligations and enforce our Terms.
• To communicate about important changes, outages, or security notices.
• With your consent, to send product updates or surveys (you can opt out any time).

5) Legal bases for processing (EEA/UK)

• Contract: To deliver the services you request.
• Legitimate interests: Service security, fraud prevention, improvement, and analytics with minimal privacy impact.
• Consent: Optional marketing and certain cookie usage.
• Legal obligation: Compliance with tax, accounting, and regulatory requirements.

6) Sharing & processors

We do not sell your personal information. We share it only as needed with:

• Payment processors (e.g., Stripe) for top-ups and payments.
• Cloud infrastructure & storage providers (e.g., hosting, object storage for temporary files).
• Analytics & error monitoring tools (aggregated/limited data).
• Professional advisors (legal, accounting) under confidentiality duties.
• Law enforcement when required by law or to protect rights and safety.

All processors are bound by data processing agreements and act only on our instructions.

7) Cookies & tracking

Types

• Strictly necessary: Session/authentication cookies to keep you logged in and secure.
• Preferences: UI settings and locale.
• Analytics (optional): Measures usage to improve performance (you can opt out where required).

You can manage cookies in your browser settings. If you disable strictly necessary cookies, parts of the service may not function.

Do Not Track (DNT): our service does not currently respond to DNT signals due to industry standards variability.

8) Data retention

• Account data: Kept while your account is active and for a reasonable period thereafter (e.g., 24 months) for record-keeping/legal purposes.
• API logs: Retained for security and auditing typically up to 24 months unless a longer period is required by law or to resolve disputes.
• Generated documents: By default, delivered immediately and not stored. If you request a temporary download URL, files are auto-deleted after ~48 hours.
• Support records: Retained as long as necessary to address your inquiry and maintain service quality.

9) Security

• Transport encryption (HTTPS/TLS) for all dashboard and API traffic.
• Hashed passwords, scoped API keys, role-based access controls.
• Network and application monitoring, rate limiting, and abuse detection.
• Least-privilege access for staff and vendors.

No method of transmission or storage is 100% secure. If we become aware of a breach affecting you, we will notify you and regulators as required by law.

10) International data transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms to protect your information.

11) Your rights

Depending on your location, you may have rights to:

• Access, correct, or delete personal data we hold about you.
• Object to or restrict certain processing.
• Data portability.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise your rights, contact us at support@dokify.me. We may need to verify your identity. Some data may be retained where required by law or for legitimate business purposes.

12) Children’s privacy

Dokify is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, please contact us to request deletion.

13) Changes to this policy

We may update this policy from time to time. We will post the updated version here and, if changes are material, notify you via email or in-app notice. Please review it periodically.

14) Contact

If you have questions about this policy or our data practices, contact us:

• support@dokify.me
• Mangosoft Solutions Doo, 6330 Struga, North Macedonia