Privacy Policy
Last updated: June 2026
1. Introduction
Life Orbit Labs LLC ("Life Orbit Labs", "we", "us", or "our") operates DocuMindly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, name, password
- Profile Information: Optional profile details you choose to add
- Documents: Files and content you upload to the service
- Payment Information: Processed securely by Stripe (we never store your full credit card details)
- Communications: Messages you send to our support team
2.2 Automatically Collected Information
- Usage Data: Features used, time spent, actions taken
- Device Information: IP address, browser type, operating system
- Cookies: Small files stored on your device (see our Cookie Policy)
- Analytics: Aggregated usage statistics
3. How We Use Your Information
We use your information to:
- Provide the Service: Store, process, and deliver your documents
- AI Features: Analyze documents for insights, dates, and reminders
- Communication: Send service updates, security alerts, and support responses
- Improvement: Analyze usage to enhance features and performance
- Security: Detect and prevent fraud, abuse, and security threats
- Compliance: Meet legal obligations and enforce our terms
4. Legal Basis for Processing (GDPR)
We process your personal data based on:
- Contract: To provide the service you signed up for
- Consent: Where you have given explicit permission (e.g., AI features)
- Legitimate Interest: To improve and secure our service
- Legal Obligation: To comply with applicable laws
5. How We Share Your Information
We do NOT sell your personal information. We may share data with:
5.1 Service Providers and Data Processors
We share data with carefully selected third parties under strict GDPR-compliant data protection agreements:
- Cloud Infrastructure and Hosting: Secure cloud database, storage, authentication, and hosting services (EU/US regions)
- Payment Processing: Stripe - PCI-DSS Level 1 certified (never stores full card details)
- AI Services: OpenAI API (US-based) - API data is not used for model training per provider's standard terms; OCR processing (local/cloud-based)
- Communications: Push notification services for mobile and web alerts
A complete list of current service providers is available upon request at privacy@documindly.com
5.2 Legal and Business Sharing
- Legal Requirements: When required by law, court order, or to protect rights and safety
- Business Transfers: In case of merger, acquisition, or asset sale (you will be notified)
All third-party processors are required to maintain equivalent security standards and may not use your data for their own purposes.
5.3 Third-Party Service Terms
Our service providers maintain their own data processing and privacy terms. While we carefully select providers that commit to strong data protection practices (including not using API data for training purposes), we are not responsible for changes to their policies.
We will notify users of any material changes to third-party service providers or their data processing practices that may affect your privacy rights. You can review the current list of service providers by contacting privacy@documindly.com
6. Data Security
We implement industry-standard security measures:
- Encryption in transit (TLS/SSL) and at rest (AES-256)
- Secure authentication with password hashing
- Regular security audits and updates
- Access controls and monitoring
- Backup and disaster recovery procedures
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6.1 Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms:
- We will notify affected users within 72 hours of becoming aware of the breach
- Notification will include: nature of the breach, categories of affected data, likely consequences, and protective actions you should take
- We will also notify relevant data protection authorities as required by law (GDPR Article 33 & 34)
- Notification will be sent via email to your registered address and posted on our service
7. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate information
- Erasure: Delete your account and data ("right to be forgotten")
- Data Portability: Export your data in a machine-readable format
- Objection: Object to certain types of processing
- Restriction: Limit how we use your data
- Withdraw Consent: Opt out of optional features like AI analysis
To exercise these rights, contact us at privacy@documindly.com
8. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Detailed retention periods:
- Account Data: Until account deletion + 30 days
- Documents and Files: Until manual deletion or account termination + 30 days
- AI Analysis Results: Until manual deletion or account termination + 30 days
- Analytics Data (anonymized): Up to 2 years for service improvement
- Security Logs: Up to 1 year for fraud prevention and security monitoring
- Backups: Automatically purged after 90 days (documents may exist in backups during this period)
- Payment Records: Retained for 7 years as required by financial regulations
- Legal Hold: Data may be retained longer if required by law, ongoing litigation, or regulatory investigation
After these periods, data is permanently and securely deleted from all systems including backups.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards through:
- Standard Contractual Clauses (SCCs)
- Data processing agreements with service providers
- Compliance with applicable transfer regulations
10. Children's Privacy
DocuMindly is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.
11. Third-Party Links
Our service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the service. The "Last updated" date at the top indicates when changes were made.
13. Contact Us
For privacy-related questions or to exercise your rights:
- Privacy Email: privacy@documindly.com
- General Support: support@documindly.com
- Company: Life Orbit Labs LLC, Delaware, USA