Privacy Policy

Introduction

DocNexus is a revolutionary SaaS platform designed to transform how businesses across all sectors create professional documents. Through the advanced use of artificial intelligence, DocNexus makes document creation not only more accessible but also more efficient, allowing our users to focus on what truly matters for their business.

At DocNexus, we understand the crucial importance of personal data protection. That's why we have committed to placing the security and confidentiality of our users' data at the heart of our priorities. We are committed to maintaining total transparency in the processing of personal data, thus ensuring the respect of each of our users' privacy. Our platform is rigorously designed to comply with international standards and current regulations, including the GDPR (General Data Protection Regulation) in Europe, as well as relevant laws in the United States, reflecting our commitment to the European and American markets.

This privacy policy aims to inform you clearly and precisely about how your personal data is collected, used, shared, and protected by DocNexus. It also highlights your rights as a user and the measures we put in place to ensure the protection of your data. We invite you to read this document carefully to understand our privacy practices and how they contribute to making DocNexus a safe and reliable platform for everyone.

Data Collection

The Data Collection section details the methods and categories of data that DocNexus gathers to provide and improve its services. It highlights our commitment to respecting user privacy while ensuring a personalized and effective user experience.

Personal Information

DocNexus places paramount importance on the privacy and security of its users' personal information. As part of its commitment to offering a personalized and effective user experience, DocNexus collects specific personal data necessary for the provision of its services.

The personal information collected includes, but is not limited to, name, email address, phone number, as well as company data related to the user. This information allows DocNexus to personalize the user experience, improve the quality of its services, and facilitate billing processes. In addition, service preferences and interactions with the platform are also collected to offer services more tailored to the specific needs of each user.

User consent is a priority for DocNexus. It is obtained transparently through a checkbox during registration or before submitting online forms. This approach ensures that users are fully informed and consent to the collection and processing of their personal data.

DocNexus also offers its users the ability to manage or modify their preferences regarding the collection of personal information. Users can access their account settings at any time to adjust their preferences, including disabling the collection of certain data like cookies, or changing their marketing communication preferences.

The protection and minimization of collected data are at the heart of DocNexus's concerns. Personal information is protected by state-of-the-art security systems and regular employee training on best practices for data privacy and security. DocNexus commits to not collecting any additional data without a justified need, thereby ensuring respect for user privacy while providing quality services.

Behavioral and Usage Data

As part of its commitment to providing an optimal user experience, DocNexus pays special attention to the collection and analysis of behavioral and usage data. This data, essential for understanding and improving user interaction with the platform, includes:

  • Navigation data: such as the most visited pages, time spent on the site, and navigation paths used. This information allows DocNexus to identify the most appreciated features and those needing improvement.
  • On-site actions: including clicks on specific buttons, use of features, and responses to surveys or online forms. This data helps to understand how users interact with the different elements of the platform.
  • User preferences: regarding the interface and features, deduced from the analysis of site usage and user feedback. This allows DocNexus to further personalize the user experience.
  • Use of cookies and other trackers to personalize content and advertisements, provide social media features, and analyze site traffic. User consent is obtained transparently, ensuring respect for their privacy.

The collection of this data is carried out via third-party services such as Google Analytics, always in strict compliance with GDPR. DocNexus ensures that these third-party services comply with data protection standards, thus guaranteeing the security and confidentiality of the information collected. User consent is obtained separately for each third-party service, reinforcing user transparency and control over their data.

The retention period for behavioral and usage data is limited to 1 year, after which it is deleted or anonymized. This period allows DocNexus to perform longitudinal analyses to continuously improve the platform, while respecting the principle of data minimization.

Technical Data

As part of its commitment to providing an optimal and secure user experience, DocNexus pays special attention to the collection of technical data. This data, essential for ensuring the compatibility and efficiency of the platform, includes:

  • Operating System: Knowing the user's operating system allows DocNexus to optimize its services for different environments, thus ensuring a smooth and seamless user experience.
  • Browser Type and Version: This information is crucial for ensuring that DocNexus functions correctly on different browsers and their versions, allowing for the identification and correction of potential compatibility issues.
  • Access Logs: Logs, including the date, time, and duration of sessions, are analyzed to understand platform usage and identify potential technical problems. This data is essential for maintaining the performance and security of DocNexus.
  • Screen Resolution and Preferred Languages: This information allows DocNexus to improve the display of its platform and make it as accessible as possible to an international audience, by adapting the user interface to language preferences and the specifics of display devices.

The collection of this technical data is carried out in strict respect of user privacy and in accordance with current regulations, notably GDPR. DocNexus commits to using this data solely for the purpose of improving the quality of its services and ensuring a secure and personalized user experience.

The protection of this data is ensured by advanced security measures, including SSL/TLS encryption for data transmissions and intrusion detection systems to prevent any unauthorized access. DocNexus commits to retaining this technical data only for the duration strictly necessary to achieve the aforementioned objectives, after which it is deleted or anonymized.

Data Collected via Third Parties

As part of its commitment to providing an enriched and personalized user experience, DocNexus collaborates with third parties to collect additional data. This collaboration allows for the enrichment of available user information and the optimization of the services offered. The specific sources of third-party data used by DocNexus include:

  • Social Media Platforms: Platforms such as Facebook or LinkedIn are used to retrieve demographic information and interests. This data allows DocNexus to further personalize its services and marketing communication, thus offering a more targeted and relevant experience for the user.
  • Google Analytics: This web analytics tool is used to understand user behavior on the DocNexus site. The information collected helps to optimize the user experience by identifying user journeys, the most visited pages, and the most used features.
  • Business Database Providers: For corporate clients, DocNexus enriches its information through specialized databases. This allows for the personalization of offers based on the industry and size of the company, thus ensuring a more adapted and relevant value proposition.
  • Survey and Polling Tools: The direct collection of feedback from users via surveys and polls significantly contributes to the continuous improvement of DocNexus services. These tools allow for the gathering of opinions and suggestions directly from users, thus enriching the knowledge base on customer needs and preferences.
  • Targeted Advertising Services: To refine its marketing campaigns, DocNexus uses services specialized in targeted advertising. These services allow for the delivery of more relevant marketing messages, based on users' online habits and their interests.

DocNexus is committed to respecting the confidentiality and protection of personal data in all its interactions with third parties. Explicit user consent is obtained before any data collection via these external sources, in accordance with current regulations, notably GDPR. Users have the ability to manage their preferences and withdraw their consent at any time, thus ensuring full control over their personal data.

The security of data collected via third parties is a priority for DocNexus. Confidentiality agreements and appropriate security measures are in place with each partner to ensure the protection of data against any unauthorized access or inappropriate use.

Use of Data

The Use of Data section details how DocNexus uses the collected information to enrich the user experience and improve the quality of its services. It is divided into several key aspects, ranging from user interface optimization to service personalization, including statistical analysis and targeted marketing communication initiatives. Each subsection highlights our commitment to using data responsibly and innovatively, always with the aim of best meeting the needs of our users.

Improving User Experience

Improving the user experience is at the heart of DocNexus's concerns. By using the collected data, our platform strives to provide a highly personalized and intuitive user experience. Behavioral and usage data are analyzed to understand the specific needs of our users, thus allowing DocNexus to adapt and optimize its interface and features accordingly.

  • Intuitive User Interface: Through the analysis of user interactions with our platform, DocNexus dynamically adjusts its interface to meet individual preferences, making navigation and use of the platform as smooth as possible.
  • Advanced Integration Features: The collected data allows DocNexus to understand which tools and platforms are most used by its clients. This helps us develop advanced integrations, simplifying business workflows by allowing DocNexus to easily connect to other essential systems.
  • Artificial Intelligence: The use of artificial intelligence is a pillar of the continuous improvement of the user experience on DocNexus. By analyzing thousands of professional documents, our AI offers suggestions for improvement and adjustment, making document creation not only faster but also more accurate.
  • Collaborative Review: Data on how teams interact with documents allows us to optimize our collaborative review feature. This facilitates effective communication and real-time collaboration, essential in a dynamic professional environment.

In summary, DocNexus uses the collected data to continuously refine its offering, ensuring that each user benefits from a highly personalized and effective experience. Our commitment to improving the user experience is a testament to our dedication to providing a platform that not only meets expectations but exceeds them.

Personalized Services

DocNexus offers personalized services to its users, effectively leveraging collected data to create a tailored experience. This personalization manifests in several ways, all designed to maximize the utility and efficiency of our platform for each user.

  • Personalized Suggestions: Based on the history of design and document content preferences, DocNexus automatically adjusts the user interface and available options. This makes the experience more intuitive and aligned with the specific needs of each user. Suggestions for templates or features are generated based on usage history and previous interactions with the platform, thus ensuring that recommendations are relevant and useful.
  • Targeted Communication: Users are regularly informed of new personalized services or suggestions that might interest them, based on their preferences and usage history. These communications are made by email, including direct links to new features or suggestions. DocNexus actively encourages user feedback via online forms, allowing for continuous improvement of the personalized experience.

Statistical Analysis

Statistical analysis helps DocNexus to offer a better user experience by constantly improving technical performance. These analyses also allow DocNexus to detect usage trends, which are used to adapt and evolve our services.

  • Identification of Usage Trends: Through an analysis of behavioral and usage data, DocNexus can identify emerging trends among its users. This includes the most popular features, frequently used document templates, and interface preferences.
  • Optimization of Technical Performance: Statistical analysis helps in resolving technical issues. By monitoring platform performance and analyzing data related to server load, DocNexus can optimize its resources to ensure a smooth and responsive user experience. This includes adjusting server capacities based on activity peaks and proactively fixing bugs to minimize service interruptions.
  • Continuous Improvement: The information obtained through statistical analysis fuels a cycle of continuous improvement at DocNexus. By regularly evaluating the effectiveness of changes made and measuring the impact on the user experience, our platform ensures that each update contributes positively to user satisfaction.

Marketing Communication

The marketing communication of DocNexus notably enables new customer acquisition, brand awareness increase, and retention of existing customers. By using a combination of channels and strategies, DocNexus ensures it effectively communicates its values, updates, and innovations to its target audience.

  • Emailing: DocNexus regularly sends newsletters and updates on new features directly to users. These emails are designed to be informative, relevant, and personalized.
  • Social Networks: DocNexus uses social networks such as Facebook, LinkedIn, and X to share news, usage tips, and to interact with the community.
  • Webinars and Trade Shows: Participation in webinars and trade shows offers DocNexus a unique opportunity to interact directly with potential and existing customers.

Data Sharing

In this section, we address the methods of data sharing collected by DocNexus. We detail with whom and under what circumstances this information may be shared, emphasizing our commitment to ensuring the security and respect for the confidentiality of your personal data.

With DocNexus Employees

DocNexus places paramount importance on the confidentiality and security of its users' personal data. In this regard, access to personal data by DocNexus employees is strictly regulated and subject to rigorous access control procedures.

  • Authorized Employee Categories: Only members of the Technical and Customer Support teams are authorized to access users' personal data, and only for maintenance and assistance purposes. Managers and the Data Protection Officer (DPO) have full access to the data, while other employees have access on a need-to-know basis.
  • Access Control Procedures: To ensure data security, DocNexus has implemented multi-factor authentication for all employees with access to personal data. Access is managed by a role-based access control system, ensuring that each employee only accesses the data necessary to perform their tasks. Furthermore, every access to data is recorded in an activity log, which is regularly audited to prevent any unauthorized access or inappropriate use of the data.
  • Employee Training: DocNexus is committed to regularly training its employees on personal data protection and GDPR compliance. An annual online training is provided to all employees with access to personal data, covering GDPR awareness and best practices in data security. This training is supplemented by skills validation tests to ensure the understanding and application of data protection principles by all employees.

These measures demonstrate DocNexus's commitment to maintaining the confidentiality and security of its users' personal data, in accordance with the highest data protection standards.

With Subcontractors and Service Providers

DocNexus works closely with subcontractors and service providers to improve and secure the user experience on its platform. The selection of these partners is guided by rigorous criteria, ensuring strict compliance with GDPR and a high level of information security.

  • Types of Data Shared: Technical and behavioral data are shared with our partners for the specific purpose of improving the performance and features of the platform. This data is essential for optimizing the user experience and ensuring the fluidity of the services offered.
  • Selection Criteria: Our subcontractors and service providers are chosen for their ability to meet our high data protection requirements. Their experience in secure data processing, their compliance with GDPR, and their commitment to a high level of information security are determining factors in our selection process.
  • Specific Security Procedures: To ensure the protection of shared data, DocNexus requires the signing of a Data Processing Agreement (DPA) with each subcontractor and service provider. This agreement includes strict clauses on data protection and mandates the conduct of regular security audits to ensure continued compliance with security standards.

These measures demonstrate DocNexus's commitment to maintaining the confidentiality and security of its users' personal data, in collaboration with its partners. We ensure that each subcontractor and service provider shares our vision of data protection and commits to respecting the same high standards that we impose on our own internal processes.

With Regulatory Authorities

DocNexus maintains a proactive cooperative relationship with regulatory authorities to ensure full compliance with GDPR standards and United States regulations. This collaboration is manifested in several specific scenarios:

  • In response to legal or judicial requests: When DocNexus receives court orders, warrants, or any other specific legal request, the platform proceeds with the sharing of necessary personal data in strict compliance with legal procedures. This sharing is done with the utmost care to ensure the protection of user rights.
  • In the context of regulatory audits: DocNexus actively participates in regulatory audits to demonstrate its compliance with GDPR standards and United States regulations. These audits may involve sharing certain data with authorities to prove the effectiveness of the security and data protection measures put in place.
  • Proactive initiative by DocNexus: The platform may also take the initiative to report suspicious activities or personal data breaches to regulatory authorities. This approach is part of DocNexus's commitment to transparency and data security, aiming to strengthen user trust and contribute to a safer digital environment.

DocNexus ensures that any data sharing with regulatory authorities is carried out in compliance with applicable laws and regulations, by implementing strict procedures to protect users' personal information.

User Rights

In this essential section, we address the fundamental rights that our users have regarding the management of their personal data. We highlight how DocNexus allows each user to exercise their right of access, modification, deletion of their account, as well as the export of their data, thus ensuring complete control over their personal information.

Access and Modification

DocNexus recognizes the importance of allowing users to control their personal data. That's why we offer the ability to access and modify the personal information we hold about them.

To request access or modification of your personal data, users can use a specific online form, available in their personal space on the DocNexus platform. Alternatively, requests can be sent directly by email to our Data Protection Officer (DPO) at the following address: dpo@docnexus.com.

Once the request is submitted, DocNexus commits to processing and finalizing each request within 30 days of its receipt.

Account Deletion

DocNexus places great importance on the right of its users to manage their personal data. This includes the ability to delete their account on the platform. Here are the steps and consequences associated with deleting an account:

To delete your account, please follow these steps:

  1. Go to account settings on the DocNexus platform.
  2. Select the "Delete my account" option.
  3. You will receive a confirmation email to confirm this action.

Consequences of deletion:

  • Your account deletion is temporary for a period of 30 days, during which you can reactivate your account by contacting our support.
  • After this period, the deletion becomes irreversible, and all your personal data will be immediately deleted from our systems.

Exceptions to immediate data deletion:

  • Transaction and billing information is retained for 5 years for tax compliance reasons.
  • Activity logs and security data are retained for 1 year to assist in case of a security audit or legal compliance.

For any questions or concerns, do not hesitate to contact our Data Protection Officer (DPO) at dpo@docnexus.com.

Data Export

DocNexus respects the users' right to data portability. This means you have the ability to export your personal data that we hold, in a structured, commonly used, and machine-readable format.

To export your data, please follow these steps:

  1. Log in to your account on the DocNexus platform.
  2. Go to your account settings.
  3. Select the "Export my data" option.
  4. A file in JSON format containing your personal data will be generated.
  5. You will receive an email within 48 hours of your request, containing a link to download the file.

6 Data Security

Data security is a top priority for DocNexus. This section details the rigorous measures we implement to protect personal information from unauthorized access or inappropriate use, thus ensuring the confidentiality, integrity, and availability of our users' data.

6.1 Information Systems Security

Information systems security at DocNexus is an absolute priority, ensuring the protection and confidentiality of our users' personal data. To achieve this goal, several specific measures are implemented:

  • Rigorous Access Management: Access to information systems is strictly controlled. We implement multi-factor authentication for all important access, limiting data access to only those employees who need this information to perform their tasks.
  • Regular Penetration Testing and Code Security Reviews: To proactively identify and correct vulnerabilities, we conduct regular penetration tests and code security reviews.

These measures are supplemented by continuous monitoring and regular security audits performed by specialized providers, thus ensuring that our information systems remain secure against emerging threats. In the event of a security incident impacting personal data, DocNexus reacts quickly to assess the extent of the incident and informs the affected users within 48 hours by email, providing them with advice on how to secure their accounts.

Employee Training

Employee training is essential in our data security strategy. Every member of our team participates in an annual training program aimed at strengthening the protection and confidentiality of our users' personal data. The main topics covered during this training include:

  • General GDPR Awareness: A comprehensive introduction to the General Data Protection Regulation, explaining its importance, its fundamental principles, and its application in our daily operations.
  • User Rights: A detailed review of the rights granted to users by the GDPR, such as the right of access, rectification, erasure, and data portability, as well as how these rights can be exercised.
  • Employee Responsibilities: Clear guidelines on the individual responsibilities of each employee to ensure compliance with current regulations, including procedures to follow in case of a user's data access request or a data breach.

Security Audits

Security audits are an essential pillar of our data protection strategy at DocNexus. These audits are conducted on an annual basis, ensuring a comprehensive assessment of our systems and security practices.

  • Frequency and Methodology: Audits are performed annually, encompassing penetration tests and code security reviews. This methodical approach allows for the proactive identification of potential vulnerabilities and ensures that our systems are up-to-date with the best security practices.
  • Specialized Partners: To conduct these audits, DocNexus engages an external cybersecurity firm recognized for its expertise. This collaboration ensures an objective and thorough evaluation of our infrastructure and applications.
  • Corrective Actions: Following the audit results, immediate implementation of security patches is carried out for any identified vulnerability. In addition, a plan for regular code reviews is established for areas deemed at risk, thereby reinforcing our commitment to the security of our users' data.

These security audits are a key element of our commitment to maintaining our users' trust and ensuring the protection of their personal data against emerging threats. DocNexus is committed to following the recommendations from these audits and to continuously improving its security practices to meet the highest standards.

Changes to the Privacy Policy

DocNexus is committed to keeping its privacy policy up-to-date to reflect changes in our data processing practices, as well as changes in applicable laws and regulations. For this reason, we reserve the right to modify this privacy policy at any time.

When changes are made to this policy, DocNexus will send an email to all registered users 30 days before the changes take effect. This email will provide a summary of the major changes and a link to the full text of the updated policy on our website.

Users have several options when they receive notification of the changes:

  • Accept the changes: Users can choose to accept the changes by continuing to use the platform after the changes come into effect.
  • Contact the DPO for clarification: If questions or concerns arise, users are encouraged to contact our Data Protection Officer (DPO) at dpo@docnexus.com for clarification.
  • Refuse the changes: If users refuse to accept the new terms, they can close their account.