Privacy Policy
Effective Date: April 15, 2026 · Last Updated: April 15, 2026
1. Introduction
MyDocuva (“we,” “us,” or “our”) operates the MyDocuva platform at mydocuva.com and related services (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
MyDocuva is built on a zero-knowledge architecture. We cannot access, read, or share the content of your encrypted documents. Your privacy is not just a policy — it is enforced by our cryptographic design.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (used for authentication and account recovery)
- Full name (optional, for your profile display)
- Country of residence (optional, for customs form defaults)
- Authentication method (email/password, Google, Apple, or Facebook OAuth)
2.2 Subscription and Billing
If you subscribe to a paid plan, payment processing is handled by Stripe, Inc. We do not store your credit card number, CVV, or full billing details on our servers. We retain only a Stripe customer identifier and subscription status to manage your plan.
2.3 Encrypted Document Data
All documents, photos, and files you upload are encrypted on your device before transmission to our servers. We store only the encrypted ciphertext. We cannot decrypt, view, or analyze the content of your files. Unencrypted metadata we store includes:
- File size (for storage quota calculation)
- Upload timestamp
- Content type (e.g., image/jpeg, application/pdf) for display purposes
- Item titles, categories, and descriptions as entered by you
We treat all user data, including metadata, with the highest level of security. We do not use item metadata for profiling, automated decision-making, or any purpose other than providing the Service.
2.4 OCR Processing
We offer optional OCR (Optical Character Recognition) to extract text from document images. OCR processing occurs entirely on your device using Tesseract.js; no unencrypted image or text data is sent to our servers for OCR purposes. Any extracted text that you choose to save is encrypted using the same dual-key model as your other data.
2.5 Usage Data
We collect limited usage data to operate and improve the Service:
- Login timestamps and session activity (for security and audit logging)
- Device information (browser type, operating system) from session records
- IP address at login (stored in audit logs with a 3-year retention period)
- Feature usage patterns (aggregated, non-personally identifiable)
2.6 Cookies and Local Storage
We use the following browser storage mechanisms:
- Authentication tokens — stored in localStorage, required by AWS Amplify for session management. Cleared on logout.
- Passphrase session cookie — an HMAC-signed HttpOnly cookie that verifies your passphrase session without storing the passphrase itself. Expires when you close the browser or after the configured session duration.
- Theme preference — stored in localStorage for dark/light mode. Persists indefinitely.
All storage mechanisms used by MyDocuva are strictly necessary for the operation of the Service. We do not use any advertising, analytics, or non-essential cookies or third-party tracking pixels.
3. How We Use Your Information
We use your information solely to:
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your sessions
- Process subscription payments through Stripe
- Send transactional emails (password resets, sharing notifications, expiry alerts, legacy vault triggers)
- Enforce subscription plan limits (item count, storage quota)
- Maintain audit logs for your account security
- Respond to your support requests
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Encryption and Zero-Knowledge Architecture
MyDocuva employs a dual-key encryption model:
- Your passphrase is used to derive a User Key via PBKDF2 (100,000 iterations) on your device
- A Platform Key is managed by AWS Key Management Service (KMS)
- Both keys are required to encrypt and decrypt your documents using AES-256-GCM
Your passphrase is never transmitted to or stored on our servers. If you lose your passphrase, we cannot recover your encrypted data. This is a fundamental security guarantee, not a limitation.
5. Data Storage and Security
Your data is stored on Amazon Web Services (AWS) infrastructure in the United States (us-east-1 region):
- Encrypted files — Amazon S3 with server-side encryption (SSE-KMS), in addition to client-side encryption
- Database records — Amazon DynamoDB with encryption at rest using AWS-managed KMS keys and Point-in-Time Recovery (PITR)
- Authentication — Amazon Cognito with secure credential management
- Content delivery — Amazon CloudFront with signed URLs for media access
- Data in transit — all communications are encrypted via TLS 1.2+
We implement security best practices including Content Security Policy (CSP) headers, input sanitization, rate limiting on sensitive endpoints, and multi-factor authentication (MFA) support.
6. Data Sharing and Disclosure
We may share your information only in the following circumstances:
- With your consent — when you use our Sharing feature to create time-limited, password-protected links to specific items
- Family Plan members — items marked as “Family” visibility are accessible to members of your Family Plan
- Legacy Vault disclosure — when a Legacy Vault trigger is activated (per your configured inactivity period), designated nominees receive access to allocated items through a secure portal
- Service providers — we maintain Data Processing Agreements with all providers who process personal data on our behalf, including Amazon Web Services (S3, DynamoDB, Cognito, KMS, SES, CloudFront, Lambda), Stripe (payments), and Vercel (web hosting)
- Legal requirements — we may disclose account metadata (not encrypted content, which we cannot decrypt) if required by law, subpoena, or court order
7. Data Retention
- Account data — retained for the lifetime of your account
- Deleted items — moved to a recovery bin for 30 days, then permanently deleted
- Audit logs — retained for 3 years from the date of the event, then automatically purged. Audit logs may be exempt from individual deletion requests where retention is necessary for security monitoring or the establishment, exercise, or defense of legal claims
- Session records — retained for security monitoring; older sessions are periodically cleaned
- Account deletion — when you delete your account, all associated data (items, documents, encrypted files, family associations, and metadata) is permanently removed within 30 days
8. Your Rights and Choices
You have the following rights regarding your data:
- Access — you can view all your stored data within the app at any time
- Export — you can export all your data (items, documents, metadata) via Settings > Data Export
- Correction — you can update your profile, items, and documents at any time
- Deletion — you can delete individual items (30-day recovery) or request full account deletion
- Portability — your exported data is provided in standard formats (JSON, PDF, original file formats)
- MFA control — you can enable or disable multi-factor authentication at any time via Settings > Security
- Notification preferences — you can control which email notifications you receive via Settings > Preferences
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with additional rights regarding your personal information.
Categories of Personal Information Collected
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Email address, name, IP address | Account authentication, security |
| Commercial Information | Subscription plan, payment history (via Stripe) | Billing, plan enforcement |
| Internet Activity | Login timestamps, browser type, session data | Security monitoring, audit trails |
| Encrypted Content | Documents, photos, files (encrypted, inaccessible to us) | Secure storage on your behalf |
Your California Rights
- Right to Know — request what personal information we collect, use, and disclose
- Right to Delete — request deletion of your personal information
- Right to Correct — request correction of inaccurate personal information
- Right to Non-Discrimination — we will not discriminate against you for exercising your rights
We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We do not use your personal information for cross-context behavioral advertising.
To submit a verifiable consumer request, contact us at support@mydocuva.com. We will verify your identity before processing your request and respond within 45 days.
10. Additional Rights for EEA, UK, and Swiss Users
If you are located in the European Economic Area, United Kingdom, or Switzerland, the following additional provisions apply:
Legal Basis for Processing
- Contract performance — processing your account data, subscription, and encrypted files to provide the Service
- Legitimate interest — security monitoring, audit logging, and fraud prevention
- Legal obligation — compliance with applicable tax, anti-money-laundering, or law enforcement requirements
Additional Rights
In addition to the rights in Section 8, you also have the right to:
- Restrict the processing of your personal data
- Object to processing based on legitimate interest
- Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, or your national data protection authority)
International Data Transfers
Your data is stored and processed in the United States. International transfers of personal data from the EEA/UK to the United States are conducted pursuant to Standard Contractual Clauses (SCCs) adopted by the European Commission, as implemented in our agreements with infrastructure providers (AWS, Stripe, Vercel).
As a supplementary measure, our zero-knowledge encryption architecture ensures that the content of your documents transferred to US servers is encrypted with keys that we do not possess. Even in the event of a lawful data access request by a US authority, we are technically unable to provide the unencrypted content of your files.
11. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users by email and/or in-app notification within 72 hours of becoming aware of the breach, or as required by applicable law.
Due to our zero-knowledge architecture, a breach of our servers would not expose the content of your encrypted documents, but could affect account metadata such as email addresses, item titles, and usage data. We will clearly communicate the nature and scope of any breach in our notification.
12. Children's Privacy
MyDocuva is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 13 as defined by COPPA. If you believe a child has provided us with personal information, please contact us and we will promptly delete such information.
13. US State Privacy Rights
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with consumer privacy laws may have additional rights similar to those described in the California section above, including the right to access, delete, and correct personal information, and the right to opt out of the sale of personal information. We do not sell personal information under any state's definition.
To exercise any rights under your state's privacy law, contact us at support@mydocuva.com.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last Updated” date. For significant changes, we may also send an email notification to the address associated with your account.
15. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Email: support@mydocuva.com