Privacy Policy

Effective date: May 14, 2026 · Last updated: May 14, 2026

This policy explains what data DocRocket collects, how we use it, and the choices you have.

1. Who we are

DocRocket is operated by EptAI, Inc. ("DocRocket," "we," "us," or "our"), a company incorporated in the United States. We provide an AI-connected branded document generation service accessible at docrocket.ai and app.docrocket.ai (the "Service").

Questions or requests regarding this policy: hello@docrocket.ai.

2. Information we collect

Account and registration data

When you create a DocRocket account we collect your name, email address, company name, and any other information you voluntarily provide during signup or profile updates.

Payment and billing data

Payments are processed by Stripe. DocRocket receives a tokenized representation of your payment method (last four digits, card type, expiry) and billing address. We do not store full card numbers on our servers.

Usage and product data

When you use the Service we collect information about how you interact with it, including:

  • Documents and templates you create, edit, and generate
  • Brand profiles you add (URLs, extracted logos, colors, fonts)
  • API/MCP requests and responses, including request payloads and generated document content
  • Feature usage, settings, and in-app actions
  • Error logs and diagnostic data

Technical and device data

We automatically collect certain technical data when you visit our site or use the Service:

  • IP address and approximate geographic location (country/region)
  • Browser type and version, operating system
  • Pages visited, referrer URL, time spent
  • Unique device or session identifiers

Communications

If you contact us by email or through in-app support, we retain those communications to respond to you and improve the Service.

Information about your end-customers

DocRocket is a B2B tool. When you use DocRocket to generate documents for your customers, you may submit data about those end-customers (company names, brand assets, document content). You remain the data controller for that information; DocRocket processes it only on your behalf and under your instruction.

3. How we use your information

We use the data we collect to:

  • Provide and operate the Service — authenticate users, generate documents, serve PDFs and shareable web views
  • Process billing — charge you for paid plans and manage subscription state
  • Communicate with you — send transactional emails (account confirmations, password resets, invoices), product updates, and support responses
  • Improve and develop the Service — analyze aggregated usage patterns, debug issues, prioritize features
  • Ensure security and prevent abuse — monitor for fraudulent or malicious use, enforce our Terms of Service
  • Comply with legal obligations — respond to lawful requests from courts or regulatory authorities

We do not use your document content or your customers' content to train third-party AI models or any DocRocket AI models.

4. Legal basis for processing (EEA / UK users)

If you are in the European Economic Area or United Kingdom, we rely on the following legal bases under GDPR:

  • Contract performance — processing necessary to deliver the Service you signed up for
  • Legitimate interests — security monitoring, product analytics, fraud prevention (where those interests are not overridden by your rights)
  • Legal obligation — compliance with applicable laws
  • Consent — for optional marketing communications, where required by law

5. Sharing your information

We do not sell your personal data. We share it only in these circumstances:

  • Service providers — third-party vendors who help operate the Service (cloud hosting, payment processing, analytics, email delivery). These providers are contractually bound to process data only for the purposes we specify.
  • AI model APIs — document generation may involve calling AI APIs (e.g., OpenAI). Your content is transmitted to these providers' APIs under their data processing agreements; it is not used for their model training by default under our agreements.
  • Business transfers — if DocRocket is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
  • Legal requirements — we may disclose data if required by law, court order, or to protect the rights, property, or safety of DocRocket, our users, or the public.

6. Data retention

We retain account and profile data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes. Generated documents are retained to serve PDF and web view URLs; you may request deletion at any time by contacting us.

Aggregated or anonymized usage data that cannot identify you may be retained indefinitely.

7. Cookies and similar technologies

We use cookies and similar technologies on this marketing site and in the web application for the following purposes:

  • Essential — session management, authentication tokens, CSRF protection
  • Analytics — understanding how visitors navigate the site (e.g., page views, referrers). We use privacy-focused analytics and do not share individual browsing data with advertising networks.
  • Preferences — remembering settings you have chosen

You can control cookies through your browser settings. Disabling essential cookies may prevent you from logging in or using the Service.

8. Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is completely secure; if you discover a security issue, please contact hello@docrocket.ai.

9. Your rights and choices

Depending on where you live, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Correction — request that we fix inaccurate data
  • Deletion — request that we delete your data ("right to be forgotten"), subject to certain legal exceptions
  • Portability — receive your data in a structured, machine-readable format
  • Objection / restriction — object to or restrict certain types of processing
  • Opt out of marketing — unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us
  • California residents (CCPA/CPRA) — right to know, right to delete, right to opt out of sale (we do not sell personal data), and right to non-discrimination

To exercise any of these rights, email hello@docrocket.ai. We will respond within 30 days.

10. International data transfers

DocRocket operates in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the United States or other countries where our service providers operate. Where required by law (e.g., EEA/UK transfers), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.

11. Children's privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Third-party links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to this policy

We may update this policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice in the Service. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact us

For privacy questions, data subject requests, or to report a concern:

Terms of Service → · ← Back to home