Legal

Privacy Policy

Last updated: June 12, 2026

DocChase (“we,” “us,” or “our”) is operated by SC Delirium Development SRL, a company registered in Romania (VAT: RO40159995). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use docchase.app and related services (the “Service”).

1. Information We Collect

1.1 Account Information

When you create an account we collect your name, email address, and firm name. If you subscribe to a paid plan we collect billing information through our payment processor (Stripe). We do not store credit card numbers on our servers.

1.2 Client Information

Bookkeepers using DocChase add client names and email addresses to send document requests. This information is provided by the bookkeeper and used solely to deliver the Service.

1.3 Uploaded Documents

Clients upload financial documents (receipts, bank statements, invoices, and similar files) through our upload portal. These files are stored encrypted at rest and in transit. We do not access, read, or process the content of uploaded documents except as required to provide the Service (for example, generating file previews).

1.4 Usage Data

We use two analytics tools. PostHog (hosted in the EU) collects product usage events. In your browser it runs only if you accept analytics in our consent banner, stores data in local storage instead of cookies, and for logged-in users links events to your account (user ID and email address). We also record key product events on our servers for logged-in users (for example, when a document request is created). In addition, Vercel Analytics collects anonymous, aggregated page statistics (page views, referrers, device type) without cookies and without tracking individuals across sites.

1.5 Log Data

Our servers automatically record information such as IP address, browser type, operating system, referring URLs, and timestamps when you access the Service. This data is used for security, debugging, and performance monitoring and is retained for up to 90 days.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To send document request emails and reminders on behalf of bookkeepers
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmation, password resets, billing receipts)
  • To respond to support requests
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

We do not sell your personal information. We do not use uploaded documents for advertising, training, or any purpose other than delivering the Service.

3. Data Sharing

We share information only in the following circumstances:

Service providers

We use third-party services to operate DocChase, including Supabase (database and file storage), Vercel (hosting and anonymous page analytics), Stripe (payments), Brevo (sending transactional emails, document requests, and reminders), and PostHog (product analytics, hosted in the EU). These providers process data solely on our behalf and under contractual obligations to protect it.

Between bookkeepers and their clients

When a bookkeeper sends a document request, the client receives an email with a link. Uploaded documents are accessible to the bookkeeper who created the request. Clients can only see their own requests.

Legal requirements

We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If DocChase is acquired or merged, your information may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.

4. Data Retention

We retain your account data for as long as your account is active. Uploaded documents are retained for as long as the bookkeeper's account is active or until the bookkeeper deletes them. When an account is closed, we delete all associated data within 90 days, except where we are required by law to retain it longer.

5. Data Security

We implement industry-standard security measures:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Upload links are unique, time-bound, and verified via email code
  • Access controls restrict data to authorized users only
  • We conduct regular security reviews of our infrastructure

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access

the personal data we hold about you

Correct

inaccurate or incomplete data

Delete

your personal data ("right to be forgotten")

Export

your data in a portable format

Object to

or restrict certain processing

Withdraw

consent where processing is based on consent

To exercise any of these rights, contact us at support@docchase.app. We will respond within 30 days.

7. GDPR

If you are located in the EEA, UK, or Switzerland:

  • Our legal basis for processing account and billing data is contractual necessity (we need it to provide the Service).
  • Our legal basis for browser-based product analytics (PostHog) is consent, which you give or decline in our consent banner and can withdraw at any time. Our legal basis for server-side product events and for Vercel's anonymous, aggregated page statistics is legitimate interest (improving the Service).
  • Our legal basis for sending reminders on behalf of bookkeepers is legitimate interest of the bookkeeper (their client relationship). Bookkeepers are responsible for ensuring they have a lawful basis to share client contact information with DocChase.
  • You may lodge a complaint with your local data protection authority.

SC Delirium Development SRL is established in the European Union (Romania) and is directly subject to the GDPR. For account, billing, and analytics data we act as a data controller. For client contact details and uploaded documents we act as a data processor on behalf of the bookkeeping firm, which remains the data controller; our data processing agreement is published at docchase.app/dpa. Our hosting infrastructure (Vercel, Supabase) may process data in the United States and other regions. Where data is transferred outside the EEA, we rely on standard contractual clauses and the data processing agreements of our service providers.

8. Children

DocChase is a business tool and is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices:

SC Delirium Development SRL

CIF: RO40159995 · Reg. com. (J): J08/2695/2018 · Str. Ioan Popasu 48, Brașov, Romania

support@docchase.app