Legal
Privacy Policy
Last updated: March 23, 2026
DocChase (“we,” “us,” or “our”) is operated by SC Delirium Development SRL, a company registered in Romania (VAT: RO40159995). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use docchase.app and related services (the “Service”).
1. Information We Collect
1.1 Account Information
When you create an account we collect your name, email address, and firm name. If you subscribe to a paid plan we collect billing information through our payment processor (Stripe). We do not store credit card numbers on our servers.
1.2 Client Information
Bookkeepers using DocChase add client names and email addresses to send document requests. This information is provided by the bookkeeper and used solely to deliver the Service.
1.3 Uploaded Documents
Clients upload financial documents (receipts, bank statements, invoices, and similar files) through our upload portal. These files are stored encrypted at rest and in transit. We do not access, read, or process the content of uploaded documents except as required to provide the Service (for example, generating file previews).
1.4 Usage Data
We collect anonymous, aggregated analytics through Vercel Analytics (a privacy-friendly, first-party analytics service that does not use cookies and does not track individual users across sites). This includes page views, referrer information, and device type.
1.5 Log Data
Our servers automatically record information such as IP address, browser type, operating system, referring URLs, and timestamps when you access the Service. This data is used for security, debugging, and performance monitoring and is retained for up to 90 days.
2. How We Use Your Information
- To provide, maintain, and improve the Service
- To send document request emails and reminders on behalf of bookkeepers
- To process payments and manage subscriptions
- To send transactional emails (account confirmation, password resets, billing receipts)
- To respond to support requests
- To detect and prevent fraud, abuse, or security incidents
- To comply with legal obligations
We do not sell your personal information. We do not use uploaded documents for advertising, training, or any purpose other than delivering the Service.
3. Data Sharing
We share information only in the following circumstances:
Service providers
We use third-party services to operate DocChase, including Supabase (database and file storage), Vercel (hosting), and Stripe (payments). These providers process data solely on our behalf and under contractual obligations to protect it.
Between bookkeepers and their clients
When a bookkeeper sends a document request, the client receives an email with a link. Uploaded documents are accessible to the bookkeeper who created the request. Clients can only see their own requests.
Legal requirements
We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers
If DocChase is acquired or merged, your information may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.
4. Data Retention
We retain your account data for as long as your account is active. Uploaded documents are retained for as long as the bookkeeper's account is active or until the bookkeeper deletes them. When an account is closed, we delete all associated data within 90 days, except where we are required by law to retain it longer.
5. Data Security
We implement industry-standard security measures:
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Upload links are unique, time-bound, and verified via email code
- Access controls restrict data to authorized users only
- We conduct regular security reviews of our infrastructure
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
Access
the personal data we hold about you
Correct
inaccurate or incomplete data
Delete
your personal data ("right to be forgotten")
Export
your data in a portable format
Object to
or restrict certain processing
Withdraw
consent where processing is based on consent
To exercise any of these rights, contact us at support@docchase.app. We will respond within 30 days.
7. GDPR
If you are located in the EEA, UK, or Switzerland:
- Our legal basis for processing account and billing data is contractual necessity (we need it to provide the Service).
- Our legal basis for usage analytics is legitimate interest (improving the Service). Vercel Analytics is cookie-free and does not track individuals across sites.
- Our legal basis for sending reminders on behalf of bookkeepers is legitimate interest of the bookkeeper (their client relationship). Bookkeepers are responsible for ensuring they have a lawful basis to share client contact information with DocChase.
- You may lodge a complaint with your local data protection authority.
SC Delirium Development SRL is established in the European Union (Romania) and is directly subject to the GDPR. Our hosting infrastructure (Vercel, Supabase) may process data in the United States and other regions. Where data is transferred outside the EEA, we rely on standard contractual clauses and the data processing agreements of our service providers.
8. Children
DocChase is a business tool and is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or our data practices: