Legal
Privacy Policy
Last updated: February 2026
1. Who we are
FolioDoc ("we", "us", "our") is a document collection platform. We act as a Data Processor (GDPR Art. 28) on behalf of our customers ("Data Controllers") who use FolioDoc to collect documents from their clients.
2. What data we collect
Account holders: Email address, full name, company name, hashed password, brand logo, and accent color.
Recipients (third parties): Name, email address, phone number (optional), uploaded documents, and text responses — as directed by the account holder.
3. Lawful basis for processing
Account holders: We process your personal data on the basis of contract performance (GDPR Art. 6(1)(b)) — processing is necessary to provide the FolioDoc service.
Recipients: The customer (Data Controller) is responsible for establishing and communicating a lawful basis for processing recipient data. FolioDoc processes recipient data solely on the Controller's documented instructions.
4. Data retention
Completed and expired requests are automatically purged based on your plan:
- Free plan: 14 days after request completion or expiry
- Pro plan: Up to 365 days (configurable by the account holder)
Account holders can delete individual requests or their entire account at any time. Automatic purge runs at least once per day. Deletion removes all associated data including uploaded files, recipient data, and notification history. Every deletion is recorded in an immutable audit log. Backups are retained only as necessary for operational recovery.
5. Sub-processors
We use the following third-party sub-processors to deliver the service:
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Hetzner Online GmbH | Application hosting, database, file storage | All personal data | EU (Germany) |
| Mailgun (Sinch Email) | Transactional email delivery | Recipient names, email addresses | EU |
| Sentry (Functional Software Inc.) | Error monitoring and alerting | Error metadata only (PII scrubbed) | USA |
| Stripe, Inc. | Subscription billing and payment processing | Workspace owner email, name, plan selection | USA (EU data via Stripe EU infrastructure) |
| Google LLC (Google Analytics 4) | Website analytics (marketing pages only) | Anonymized IP, page views, device type (only with consent) | USA |
We notify customers by email at least 30 days before adding or replacing a sub-processor.
6. Data residency
Personal data is currently processed and stored in the EU (Hetzner, Germany). If we add regions in the future, we will update this policy.
7. Your rights (GDPR)
If you are in the EU/EEA, you have the following rights:
- Right of access (Art. 15): Account holders can access their data via the dashboard and per-request exports. Recipients should contact the account holder (Controller).
- Right to rectification (Art. 16): Account holders can update their profile in Settings. Recipients should contact the Controller.
- Right to erasure (Art. 17): Account holders can delete individual requests or their entire account via Settings. Recipients should contact the Controller.
- Right to portability (Art. 20): Account holders can export all their data via Settings → Data Export in JSON or CSV format. Per-request exports (CSV and file ZIP downloads) are also available from the request detail page.
- Right to object / restrict processing: Contact privacy@foliodoc.com.
We respond to all data subject requests within 30 days.
8. Security of processing
FolioDoc implements the following technical and organizational measures to protect personal data in accordance with GDPR Art. 32:
- All connections encrypted via HTTPS/TLS 1.2+ with modern cipher suites (ECDHE, AES-GCM/CHACHA20) and HSTS preloading
- Browser security headers: strict CSP (no unsafe-eval), X-Content-Type-Options, X-Frame-Options (DENY), Permissions-Policy, Referrer-Policy (no-referrer)
- Role-based access control with owner, admin, and reviewer roles per workspace
- JWT authentication with 15-minute access tokens, 7-day refresh rotation, and blacklisting on logout
- Optional TOTP-based two-factor authentication (2FA) via authenticator apps
- Passwords hashed with PBKDF2, minimum 10 characters required, and length-limited to prevent algorithmic complexity attacks
- Magic link tokens generated with cryptographically secure random generator and stored as SHA-256 hashes only
- Optional access-code verification for recipient portal with rate limiting and lockout protection
- File uploads validated across 5 layers: size, content-type, extension, magic-byte, and per-recipient quotas
- SHA-256 file integrity checksums stored on upload with periodic verification
- Per-user, per-IP, and per-endpoint rate limiting with X-Forwarded-For spoofing protection
- Login event audit logging: login attempts, document submissions, and data deletions recorded with timestamps
- Audit logs available via dashboard and exportable as CSV with formula injection prevention
- Immutable deletion audit trail for GDPR traceability
- Secure deletion workflows with retry mechanisms for failed file removals
- Error monitoring with PII scrubbing (no request bodies, tokens, or credentials transmitted)
- Admin access restricted to whitelisted IPs in production
- Encryption at rest via Hetzner encrypted volumes
- Uploaded files are automatically scanned for viruses using ClamAV; users remain responsible for verifying downloaded files
9. Cookies and tracking
Essential cookies: FolioDoc uses essential cookies for session management and CSRF protection. These are strictly necessary for the platform to function and do not require consent.
Analytics cookies (optional): On our public marketing pages only (homepage, pricing, security, and legal pages), we use Google Analytics 4 to understand how visitors interact with our website. GA4 is loaded only after you explicitly consent via our cookie banner. If you decline, no analytics cookies are set and no data is sent to Google.
When analytics is enabled, Google Analytics collects:
- Pages visited and time on page
- Anonymized IP address (IP anonymization is enabled)
- Device type, browser, and operating system
- Referring website
Google Analytics does not run on the authenticated application (dashboard, settings, request pages) or the recipient portal.
You can withdraw consent at any time by clearing your browser cookies and revisiting the site. You may also opt out of Google Analytics entirely by installing the Google Analytics Opt-out Browser Add-on.
10. Breach notification
In the event of a personal data breach, FolioDoc will notify affected Controllers without undue delay after becoming aware, aiming within 72 hours. Notification includes the nature of the breach, categories of data affected, and measures taken or proposed.
11. Contact
For privacy inquiries, contact us at: privacy@foliodoc.com