Privacy Policy

Effective Date: May 24, 2025

Bluedot Technology, LLC ("Bluedot," "we," "us," or "our"), a Delaware limited liability company, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, docupal.io (the "Website"), and use our DocuPal AI-assisted document writing tool and related services (collectively, the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

This Privacy Policy is incorporated by reference into our Terms of Service, available at https://docupal.io/legal/terms-of-service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service depends on the content and materials you use, and includes:

  • Personal Data You Provide to Us:
    • Account Registration: When you register for an account, we collect your name and email address.
    • Full Access & Profile Information: For full access to features or specific subscription tiers, we may collect additional information you voluntarily provide, such as your business name, business address, business logo, and other details relevant to your use of DocuPal for document creation (e.g., industry, company size, preferences).
    • Payment Information: For paid subscriptions, we use third-party PCI DSS certified payment processors to collect and process your payment information. We do not store your full payment card details on our systems.
    • Communications: If you contact us directly (e.g., via email for support or legal inquiries), we may receive additional information about you such as your name, email address, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
    • User Content: We collect and store the documents, images, and other data you upload, import, or generate using the Service ("User Content"). This may include personal data if you choose to include it in your documents (e.g., names, contact details in a job offer letter).
  • Automatically Collected Information:
    • Log and Usage Data: When you access the Service, our servers automatically record information that your browser or device sends. This log data may include your Internet Protocol (IP) address, browser type and settings, the date and time of your request, user agent, how you interacted with our Website and Service, and cookie data.
    • Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.
      • Functional Cookies: We use cookies for essential site functionality, such as session management and remembering user preferences.
      • Analytics and Marketing Cookies (Public Pages Only): On our public-facing Website pages (before you log in), we use third-party services like Google Analytics and Facebook Pixel. These services may use cookies and other tracking technologies to collect information about your online activities over time and across different websites to help us analyze how users use the public portions of our Website and for marketing purposes. We do not use these tracking technologies within the logged-in portion of the Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
  • Information from Third-Party Authentication Services:
    • If you choose to register or log in to our Service using third-party authentication services such as Google Sign-In or GitHub Sign-In, we may collect personal information from these services, such as your name and email address, as permitted by your privacy settings on those services.

We do not purchase data from data brokers nor do we sell your personal information to data brokers or other third parties.

2. How We Use Your Information

We use the information we collect for various purposes, including:

  • To Provide and Maintain Our Service:
    • To create and manage your account.
    • To enable you to create, store, and share documents.
    • To provide the AI-assisted document generation features, which may involve processing User Content (including any personal data contained therein) through third-party Large Language Model (LLM) APIs.
  • To Improve and Personalize Our Service:
    • To understand how users interact with our Service to enhance user experience.
    • To develop new features, products, and services.
    • To tailor document suggestions or templates based on information you provide (e.g., industry, business details).
  • To Communicate With You:
    • To send you transactional communications, including account verification, confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
    • To respond to your comments, questions, and requests, and provide customer service.
    • To send you marketing and promotional communications related to DocuPal that we believe may be of interest to you, where permitted by law and with your consent if required. You may opt-out of receiving these communications as described in Section 6.
  • For Billing and Account Management:
    • To process payments and manage your subscriptions.
  • For Security and Fraud Prevention:
    • To monitor and analyze usage to prevent fraudulent activity and ensure compliance with our Terms of Service.
    • To protect the rights, property, or safety of Bluedot, our users, or others.
  • For Legal Compliance:
    • To comply with applicable laws, lawful requests, and legal processes, such as responding to subpoenas or requests from government authorities.
  • Aggregated or De-Identified Data:
    • We may de-identify or aggregate your information and use it for our own internal analytics, research, and service improvement purposes. We do not share this aggregated or de-identified data with third parties.

We do not use User Content (documents you create or upload) to train our own AI models or the AI models of third-party LLM providers. Our agreements with third-party LLM providers stipulate that data sent via their enterprise APIs is not used for training their models.

3. How We Share and Disclose Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • With Third-Party Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as:
    • Payment processors (e.g., Stripe, PayPal) to facilitate payments.
    • Cloud hosting providers (e.g., AWS, Google Cloud) for data storage and infrastructure.
    • Analytics providers (Google Analytics, Facebook Pixel for public pages only) to help us understand the use of our public Website.
    • Email service providers for sending communications.
    • Customer support platform providers.
    • Third-party authentication service providers (e.g., Google, GitHub) if you use them to log in. These service providers are contractually obligated to use your personal information only to provide services to us and to protect it.
  • With Large Language Model (LLM) API Providers: To provide the AI-assisted document writing features, we send the content of your documents (which may include personal data if you've included it, such as in a job offer letter) and necessary contextual information (like brand details or the purpose of the document) to third-party LLM providers (e.g., OpenAI, Google, Grok) via their enterprise APIs. We do not send your IP address or other direct user identifiers along with this content to the LLM providers. These providers have policies stating they do not use API-submitted data for training their models.
  • For Legal Reasons: We may disclose your information if we believe it's reasonably necessary to:
    • Comply with a valid legal process (e.g., subpoenas, court orders, or other lawful government requests) where such requests are authentic and reasonable.
    • Enforce our Terms of Service or other agreements.
    • Protect the rights, property, or personal safety of Bluedot Technology, LLC, our users, or the public.
  • In Connection with a Business Transfer: If Bluedot Technology, LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be sold or transferred as part of that transaction. We will notify users before personal information is transferred and becomes subject to a different privacy policy.
  • With Your Consent or at Your Direction: We may share your information with third parties when we have your explicit consent to do so, or when you direct us to share it (e.g., by using a feature to share a document via a unique link).

4. Data Security

We implement a variety of security measures designed to maintain the safety of your personal information and User Content. These measures include:

  • Encryption: Data in transit between your device and our servers is protected using SSL/TLS encryption. We also implement measures for encryption of data at rest where appropriate.
  • Access Controls: We use access controls to limit access to personal information to authorized personnel.
  • Secure Infrastructure: Your data is stored on secure database servers.
  • Regular Backups: We perform regular backups of our system to prevent data loss.
  • Employee Training: Our employees receive training on data privacy and security practices.
  • Incident Response: We have procedures in place to respond to data security incidents.
  • Vulnerability Management: We work to identify and remediate vulnerabilities in our systems.

While we take reasonable steps to protect your personal information, no security system is impenetrable, and we cannot guarantee the absolute security of your data.

5. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law.

  • Account Information: We retain your account information as long as your account is active or as needed to provide you with the Service.
  • User Content:
    • Active Accounts: User Content associated with active paid accounts is retained as long as the account is active or until you request its deletion.
    • Inactive Free Accounts: We may delete User Content and/or the account if a free account remains inactive for a continuous period of two (2) years.
    • Deletion Requests: We will delete your User Content upon your verified request, as detailed in Section 6.
  • We may also retain certain information for legitimate business purposes such as record-keeping, to comply with our legal obligations, resolve disputes, and enforce our agreements.

6. Your Data Privacy Rights and Choices

Depending on your location and applicable law (such as GDPR for individuals in the European Economic Area or CCPA/CPRA for California residents), you may have certain rights regarding your personal information. These rights may include:

  • Access: You have the right to request access to the personal information we hold about you.
  • Correction (Rectification): You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can often update your account information directly through your account settings on our Website.
  • Deletion (Erasure): You have the right to request the deletion of your personal information, subject to certain exceptions. Deletion requests must be sent from the email address associated with your account for verification purposes.
  • Objection to Processing (GDPR): Where we process your information based on legitimate interests, you may have the right to object to this processing.
  • Restriction of Processing (GDPR): You may have the right to request that we restrict the processing of your personal information under certain circumstances.
  • Data Portability (GDPR): You may have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Opt-Out of "Sale" or "Sharing" (CCPA/CPRA): Bluedot Technology, LLC does not "sell" personal information as traditionally defined. We also do not "share" your personal information for cross-context behavioral advertising. Therefore, we do not offer a specific "Do Not Sell or Share" opt-out link.
  • Right to Non-Discrimination (CCPA/CPRA): We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time.

Exercising Your Rights: To exercise any of these rights, please contact our Data Protection Officer, Ismail Hossain, at legal@bluedot.ltd. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request, which may require you to contact us from the email address associated with your account. We only process requests from the user themselves, not from representatives, unless legally mandated.

Marketing Communications Opt-Out: You can opt-out of receiving promotional emails from us by following the unsubscribe link provided in those emails or by contacting us at help@docupal.io. Please note that even if you opt-out of marketing communications, we may still send you transactional or administrative messages, such as those related to your account or service updates.

Cookie Management: You can manage your cookie preferences through your web browser settings. Most browsers allow you to block or delete cookies. Please note that if you disable cookies, some features of our Service may not function properly.

Do Not Track: Some web browsers may transmit "Do Not Track" (DNT) signals. At this time, we do not take action in response to DNT signals because there is no universally accepted standard for how to respond to DNT signals.

7. International Data Transfers

Your information, including personal data, is primarily processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

Data protection laws in the United States may differ from those in your country of residence. For transfers of personal data from the European Economic Area (EEA), the UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. All data transfers are conducted over SSL/TLS encrypted connections.

8. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or a higher age threshold as required by applicable law in certain jurisdictions, e.g., 16 for GDPR purposes in some cases). We do not knowingly collect personal information from children under these age limits. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child under the relevant age, please contact us at legal@bluedot.ltd.

9. Third-Party Websites and Services

Our Service may contain links to other websites or services not operated or controlled by us (e.g., links in generated documents, third-party authentication services). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service before providing any information to or through them.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We may also provide notice to you through email (if you have provided us with your email address) or via a prominent notice on our Website prior to the change becoming effective. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us / Data Protection Officer

If you have any questions or concerns about this Privacy Policy, our data practices, or if you wish to exercise your data privacy rights, please contact our Data Protection Officer:

Ismail Hossain
Data Protection Officer
Bluedot Technology, LLC
Registered Address: 131 Continental Dr, Suite 305, Newark, DE 19713
US Office Address: 45,43 42nd Street, Suite 3B, Long Island City, NY 11104 USA
Email: legal@bluedot.ltd

For general support inquiries, please contact help@docupal.io.