Privacy Policy
Your privacy and the security of your personal and sensitive information are paramount at iDox.ai. This Privacy Policy details how we collect, process, store, and protect your information specifically in relation to the iDox.ai Privacy Scout service. You are responsible for checking this policy from time to time as the list of products and services, along with the policy as a whole, may change from time to time.
This policy applies explicitly to users of the iDox.ai Privacy Scout, a comprehensive data discovery, classification, and protection service designed to safeguard privacy and sensitive information.
1. Responsible body
Responsible body for the collection, processing, and use of your personal data on this website is iDox.ai
41841 Albrae Street
Fremont, CA 94538
United States
Email: [email protected]
For any questions about privacy in connection with our products and services or the use of our website, you can always contact our data protection officer.
41841 Albrae Street
Fremont, CA 94538
United States
Email: [email protected]
2. General collection, processing and use of personal data in the context of the using Privacy Scout
When you use Privacy Scout, the following information may be collected (i) when you send us such information, or (ii) depending on the activity, without your active participation, and will be stored until automated deletion:
- Documents containing personally identifiable information (PII).
- Documents containing sensitive data, such as financial records, medical records, and proprietary business information.
- Your computer's IP address;
- The date and time of access;
- The website from which the access takes place (i.e. referrer URL);
- The browser and operating system of your computer as well as the name of your access provider.
- Time spent on each website page;
- Your pattern of use;
- Any feedback you send us;
- Any other information to provide identification that helps us provide the service and comply with the law.
The data we collect is processed by us for the following purposes:
- Ensuring a smooth connection to the website;
- Ensuring a great user experience of our website;
- Evaluation of system security and stability;
- Identifying and classifying sensitive and privacy-related data;
- Applying protective measures (encryption, anonymization, tokenization, and redaction);
- Monitoring data transmission to prevent unauthorized disclosures;
- Ensuring compliance with regulations such as GDPR, HIPAA, and CCPA.
In no scenario will we use any non anonymized data for the purpose of drawing conclusions about you.
If you register on the website to download software, view a webinar, get pricing, have a salesperson contact you, or other reasons, the following information will be collected based on your input:
- First and last name;
- Company;
- Email;
- Telephone;
- Number of licenses required;
- Or other information, depending on the nature of your inquiry.
The data mentioned is processed by us for the following purposes:
- For sales and marketing purposes to follow up on your request and to provide additional information or to answer questions.
- For responding to inquiries and to otherwise correspond with you;
- For managing our relationship with you;
- For communicating with you;
- For supplying you the purchased software service;
- For keeping proper records of transactions with you;
- For meeting legal obligations.
The legal basis for the data processing described in this section is the fulfillment of our contractual obligations or the implementation of pre-contractual measures.
3. Third-Party data processing in the context of contract execution
We collect and process your data for the entire process of your purchase or your subscription, including possibly in the context of later warranties for our services and for technical administration. This affects the following data:
- Your name;
- Your email address.
- Payment information, such as your bank account or credit card information (if applicable).
Your personal data will only be passed on to third-parties or otherwise transmitted if this is necessary for the purpose of contract execution or billing or if you have previously consented. For example, in the context of order processing, the service providers used here (such as PayPal or banks) the necessary data to handle the order and order process. The data transmitted in this way may only be used by our service providers to fulfill their task. Any other use of the information is not permitted. We need your email address so that we can confirm the order and communicate with you. Furthermore, you will receive the order confirmation and invoice via your email address. Data processed via Privacy Scout may occasionally involve third-party services strictly limited to necessary operational functions (e.g., secure storage solutions). No data is shared for marketing or non-service-related purposes. The legal basis for the data processing described in this section is the fulfillment of our contractual obligations or the implementation of pre-contractual measures.
4. Account Creation and Access Management
Creating an account for Privacy Scout may require your name, email, and related credentials to manage data securely. The creation of a Privacy Scout account is required and optional to download and order products. However, a Privacy Scout account allows you to download free trial versions, view your previous online orders, manage your subscriptions, and use iDox.ai cloud service and web applications. Proper credential management is your responsibility to maintain account security. The legal basis of the processing is your consent.
5. Use of Privacy Scout Cloud Services
Privacy Scout's cloud services allow for secure, monitored storage and handling of sensitive data. Files uploaded to Privacy Scout Cloud Services are securely stored and encrypted, and strictly managed in accordance with your compliance needs. All the files you upload to Privacy Scout's cloud services and data you created using the Privacy Scout service are stored on an appropriate server infrastructure for processing. Unless you choose to store the files and data on server for a later usage, all these files your uploaded will not be retained once procession is completed. We keep the files for the sole purpose of giving you the access to the files and data for as long as you need them. During that time, we don't look at the files or mine any data from them. No backups are made of any transitional uploaded files nor their processed output, neither are the contents monitored without the explicit permission of user. The legal basis of the processing is your consent.
6. Cookies and Tracking Technologies
Privacy Scout may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a user – places on the user's device to remember information about the user, such as the user's language preference or login information.
This type of cookie is set by us and is referred to as a "first-party cookies." We uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.
Privacy Scout may employ essential cookies to improve your user experience and ensure session security. Non-essential tracking or marketing cookies are not utilized for Privacy Scout.
DAA and NAI
Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain self-regulatory programs along with websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization's respective participating companies, visit the DAA's opt-out portal available at http://optout.aboutads.info/, or visit the NAI's opt-out portal available at http://optout.networkadvertising.org/?c=1.
- To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA's AppChoices mobile application opt-out offering found here: https://youradchoices.com/appchoices.
Non-Participant Opt Out Options
- Some of our vendors do not participate in the DAA or NAI self-regulatory programs for online behavioral advertising or have developed their own processes for allowing consumers to opt-out: https://branch.app.link/optout
- Some devices and apps do not have access to web-based browser cookie opt-outs. To learn more about the advertising opt-outs provided by your mobile device's operating system (like iOS and Android) or the device manufacture, click here.
You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:
- Safari
- Microsoft Edge
- Google Chrome
- Mozilla
Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals.
7. Use of web analytics and additional services
Web analytics and the other named services in this section are used for the continuous optimization of our website. The tracking provides a statistically record of the use of our website and to evaluate it for the purpose of optimizing our offer to you. The respective data processing purposes and data categories can be found in the corresponding listed below and tracking tools. Legal basis for the data processing described in the following section is our authorized interest in the needs-based design and continuous optimization of our website. For further details of our legitimate interest, reference is made to the description in the following services.
a. Google Analytics
For the purpose of the customized design and continuous improvement of our website we use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; in following "Google"). In this context, pseudonymized usage profiles are created and cookies (see Section 5) are used. Information generated by the cookies about your use of this website include:
- Browser type / version;
- Operating system;
- Referrer URL (the previously visited page);
- IP address of the accessing computer;
- Time of server request;
- Pages visited.
This information is transmitted to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data in the order. The data accumulated in this context is transmitted by Google for evaluation to a server in the USA and stored there. In the event that personal data is transferred to the USA, Google is subjected to the EU-US Privacy Shield. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible.
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on( https://tools.google.com/dlpage/gaoptout?hl=en ). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics. An opt-out cookie will be set which will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must reset the opt-out cookie again. For more information about privacy related to Google Analytics, see the Google Analytics Help Center ( https://support.google.com/analytics/answer/6004245?hl=en ).
b. Stripe
iDox.ai uses online payment management services from Stripe (Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA). The service allows iDox.ai to record process monthly and annual subscription purchases for iDox.ai products and stores the necessary billing information provided by the customers to successfully process each transaction. Your data is hosted by Stripe in the United States. The data processing by Stripe takes place partly on servers in the USA. In the event that personal data is transferred to the USA, Stripe is subjected to the EU-US Privacy Shield. The use of an external payment service provider is based on our legitimate interest to you with offering Stripe as an additional payment option. For more information about Stripe, visit https://stripe.com/us/privacy.
c. Mailgun Technologies, Inc.
Some iDox.ai cloud services use Mailgun email services from Mailgun Technologies, Inc. ("Mailgun") to send emails on behalf of iDox.ai and to deliver the service and account management notice to You. Mailgun collects information that your browser sends whenever you fill in a sign up or contact form on their website or send Foxit an email. This data may include Your personal information (i.e., Your name, company name, email address) and your non-personal information. For further information regarding Mailgun, visit their privacy policy https://www.mailgun.com/privacy-policy.
d. Third Party Cloud Storage Services
We may provide third party cloud storage services in our products and services for your convenience at your choice, such as Google Drive, Microsoft OneDrive, Dropbox, or others to you. You acknowledge and understand that the data collection of such cloud storage services shall be governed by the privacy policy provided by such third parties.
e. iDox.ai Dashboard
For the purpose of improving product quality and features, we may process how you use some of our products and services ("Usage Data") with our internal system iDox.ai Dashboard. You have the option to share the following data about how you use and interact iDox.ai products and services:
- iDox.ai product information, such as product name, version, language;
- Information about your documents, such as number of pages, and unique document identifiers, (but not the content in your documents);
- Document usage information such as how many times you open a document; and
- How you interact with iDox.ai products and services, including the features you use and the options you select.
You can choose not to share Usage Data by setting your preferences on your products or services page.
f. Azure Open AI
Some iDox.ai cloud services use Azure Open AI service from Microsoft (Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA). The AI Assistant feature is placed in our Services to help you to summarize and rewrite the content you choose. You acknowledge and agree that Microsoft will process the text prompts, queries and responses. For more information about the data processing, visit https://learn.microsoft.com/en-gb/legal/cognitive-services/openai/data-privacy?context=%2Fazure%2Fcognitive-services%2Fopenai%2Fcontext%2Fcontext.
g. Google reCAPTCHA
This website uses Google reCAPTCHA Enterprise to help prevent fraud and spam. reCAPTCHA Enterprise collects hardware and software information, such as device and application data, and sends it to Google for purposes of providing, maintaining, and improving reCAPTCHA Enterprise and for general security purposes. More information can be found in the Privacy Policy from Google at https://policies.google.com/privacy?hl=en-US. Your use of reCAPTCHA Enterprise is subject to Google's Terms of Use and Privacy Policy.
h. Hubspot
iDox.ai uses the services of HubSpot (HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA) to manage online marketing, sales and customer service. HubSpot allows iDox.ai to record and analyze user behavior on our website in order to provide a more personalized user experience and improve our products and services. In addition, HubSpot helps us with customer relationship management, storing necessary contact information to support transaction processing.
Your data is processed by HubSpot on servers in the United States. To the extent personal data is transferred to the United States, HubSpot complies with the EU-US Privacy Shield. Choosing to use external service providers such as HubSpot is based on our legitimate business interests and is designed to provide you with better service options and experience. To learn more about HubSpot's privacy policy, please visit https://www.hubspot.com/legal/privacy-policy.
8. Server location
Your data processed through Privacy Scout is securely stored primarily on servers in the United States and other jurisdictions compliant with relevant data protection standards, including the use of Standard Contractual Clauses (SCCs) for data transfers.The servers on which user data is collected, stored and used are located in the United States. For customers from the European Economic Area, the UK, or Switzerland, your information will be stored on the servers located in UK. If you use the Privacy Scout, you allow us to transmit, store and process your information in the United States, UK and possibly in other countries. The laws of these countries may differ from the laws of your place of residence. By taking advantage of Privacy Scout, you consent to the transmission of your data to these countries. In the event that personal data is to the other countries or regions from the EU, we rely upon the European Commission's Standard transferred Contractual Clauses (SCCs) for transfers of online advertising, measurement, and personal data out of the European Economic Area, the UK.
9. Registration
For all website registrations, we use the so-called double opt-in procedure in the European Union only. After registration on the website, we will then send you a notification email asking you to confirm that you wish to receive additional information from iDox.ai by clicking on a link in this email. The link will bring you to a preferences manager where you may choose what type(s) of information you would like to receive.
If you no longer wish to receive information via email from us, you can unsubscribe at any time without incurring any costs other than the transmission costs according to the basic rates. You will find an unsubscribe link in iDox.ai emails, and if you chose to unsubscribe, we will then delete your email address from our mailing list.
10. Affected rights for European Union website visitors via GDPR
In connection with the data processing presented here, you have the right to:
- Request information about your personal data processed by us. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of the right to complain, the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
- Demand the correction of incorrect or complete personal data stored with us;
- Demand the deletion of your personal data stored by us, unless we require the data for processing for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of Legal claims;
- Demand the restriction of the processing of your personal data. Dispute the accuracy of the data that the processing is unlawful, or whether we continue need the data.
- Dispute the accuracy of the data or assert that the processing is unlawful, or whether we continue need the data;
- Receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another person responsible;
- Revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent cancellation;
- Contact the supervisory authority of your usual place of residence or workplace or our Contact in CA, United States.
You can exercise a defense of your legal claims where you have objected to any data processing in accordance with Art. 21 GDPR.
11. Withdrawal and Rights
You have the right to object to the processing of your personal data provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.
You also have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. By the revocation of the consent, the legality the processing on the basis of the consent until the revocation is not affected.
If you would like to exercise your right to revocation or objection, please send an email to [email protected].
12. Registration Data in the European Union
In accordance with GDPR, European Union website visitors have the opportunity to order our newsletter, register for product downloads, and/or other registrations, in which we regularly inform you about news about our products and promotions.
For these registrations we use the so-called Double Opt-in method. We will only send you e-mail if you confirm by clicking on a link in our notification e-mail that you are the owner of the given e-mail address. If you confirm your e-mail address, we will save your e-mail address and the time of registration until you unsubscribe. The sole purpose of the storage is to send you information via e-mail and to prove your registration. You can unsubscribe from e-mail at any time. A corresponding unsubscribe link can be found in every e-mail. A message to the above or in the specified contact information (e.g. by e-mail or letter) is also sufficient. Legal basis of processing is your consent in accordance with. Art. 6 para. 1 lit of the GDPR.
In our email, we use commercially available technologies that measure the interactions with the e-mail (e.g. opening the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded in the e-mail (so-called pixels). The data is collected exclusively pseudonymized and also not linked with your other personal information. Legal basis for this is our aforementioned legitimate interest. Through our e-mail, we want to share content relevant to our customers and better understand what readers are actually interested in. If you do not want to analyze the usage behavior, you can unsubscribe from e-mails or deactivate graphics in your e-mail program by default. The data for the interaction with our e-mails are stored pseudonym for 30 days and then completely anonymized.
13. Storage time
As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
We may create reasonable technical limits on file size, storage space, processing capacity, and other technical limits. At the end of your license term, we will use commercially reasonable efforts to allow you to transition your Content out of the Services. You should download any Content that you have stored in the Services before your license ends. And we reserve the right to delete your Content.
For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest at this time.
Even after that, we sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from legal obligations. The common deadlines for storing documents in iDox.ai are seven years.
14. Data security
You should always keep your access information confidential and close the browser window when you stop communicating with us, especially if you share your computer with others. In addition, we use the popular SSL (Secure Socket Layer) method in connection with the highest encryption level supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead utilize 128-bit v3 technology. Whether a single page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser. We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Privacy Scout includes advanced security measures, such as:
- Real-time Transmission Monitoring
- Intelligent Anonymization and Tokenization
- Advanced Redaction
- Interactive Data Classification and Adjustment
Our security measures are continuously improved in line with technological developments.
15. Additional Rights under the GDPR, CCPA and CPRA
The General Data Protection Regulation of the EU (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights and Enforcement Act (CPRA) places obligations on organizations that collect personal information of California consumers. As a result, we've updated our Privacy Policy to include a description of additional rights granted by the GDPR, CCPA and CPRA to provide consumers with required disclosures about the collection of personal information.
15.1 Your GDPR Privacy Rights
For more details about the personal information we have collected, including the categories of data collected, how long we keep the data, the reasons we collect the data, please see Sections 2, 9, 10, and 11, above, along with other relevant sections.
15.2. Your California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the CCPA and CPRA.
For more details about the personal information we have collected, including the categories of sources, please see Section 2, 9, 10 and 11, above, titled "General collection, processing and use of personal data in the context of the use of the website," along with relevant other sections. We collect this information for the business and commercial purposes described above. We share this information with the categories of third parties described above (as such term is defined in the CCPA) the personal information we collect. We do not sell your personal information; and will not sell your personal information without providing you the ability to opt out. Please note that we do use third-party cookies for our advertising purposes as further described above.
Subject to certain limitations, the CCPA and CPRA provide California consumers the right to: (i) request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information); (ii) to delete their personal information from iDox.ai database, and upon request, to any third party with whom iDox.ai has shared your personal information; (iii) to opt out of any "sales" of their personal information that may be occurring, and to not be discriminated against for exercising these rights; (iv) the right to opt out of any profiling or automated processing of personal information done to evaluate personal aspects of an individual and to make predictions such as performance at work, economic situation, health, preferences, interests, reliability, behavior, location, or movements.
California consumers may make a request pursuant to their rights enumerated in this Privacy Policy by contacting us at
iDox.ai
41841 Albrae Street
Fremont, CA 94538
United States
Email: [email protected]
We will verify your request using the information associated with your account, including your email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
16. Use of Customer Data
iDox.ai is committed to safeguarding your data. Importantly, we do not utilize customer data for training our AI models. This means your information remains confidential and is not employed to develop or refine our artificial intelligence systems.
17. Data Breach Notification
In the unlikely event of a data breach that compromises your personal information, iDox.ai will take prompt action to inform you. We are dedicated to transparency and will provide timely notifications, outlining the nature of the breach, the data affected, and the measures we are implementing to address the situation. Our goal is to keep you fully informed and to mitigate any potential risks arising from such incidents.
These additions align with best practices in data privacy and demonstrate iDox.ai's commitment to protecting customer information. For instance, the Office of the Australian Information Commissioner emphasizes that organizations should not use personal information for AI model training without consent. Additionally, providing clear data breach notifications is a standard requirement under regulations like the GDPR.
By integrating these statements, iDox.ai reinforces its dedication to data privacy and compliance with relevant regulations.
18. Changing, downloading, and printing this Privacy Policy
This Privacy Policy may be updated periodically to reflect Privacy Scout feature updates, technological advancements, or changes in data protection laws. Significant changes will be communicated via email or service notifications.