Privacy Policy

How we handle your data

We collect only what we need, protect it with encryption, and never sell it. Here's the full picture.

Last updated: March 13, 2026

Information We Collect

Account Information

  • Full name and email address
  • Company / organization name
  • Industry selection
  • Password (salted hash — never stored in plaintext)

Client Portal Data

  • Files uploaded through the portal
  • Text responses to form fields
  • Date and time of submissions
  • Browser and device info for security logging

Usage Data

  • Pages visited and features used
  • IP address (country/region level)
  • Browser type, OS, and device type
  • Referral source

Payment Information

Payments are processed by Stripe. We never store credit card numbers or CVVs. We retain only your Stripe customer ID and subscription status.

How We Use Your Information

Provide, operate, and maintain BopDocs
Send document requests and automated reminders on your behalf
Process payments and manage subscriptions
Send transactional emails (confirmations, resets, receipts)
Improve our product and develop new features
Detect, prevent, and address security issues
Comply with legal obligations

How We Share Your Information

We do not sell your personal information. Ever.

Service providers

Supabase (database), Stripe (payments), Resend (email), and Vercel (hosting) process data on our behalf under contractual obligations.

Your organization

Team members in your BopDocs workspace can view shared templates, requests, and submissions.

Your clients

Clients see your organization name, logo, and the checklist you created. They cannot see other clients' data.

Legal requirements

We may disclose information if required by law, subpoena, or court order, or to protect the rights and safety of our users.

Data Storage & Security

AES-256 encryption

All data encrypted at rest

TLS 1.2+

All connections over HTTPS

Isolated storage

Files in access-controlled buckets

Row-Level Security

Orgs can only see their own data

Bcrypt hashing

Passwords with per-user salts

SOC 2 infrastructure

Supabase + Vercel compliance

For more details, see our Security page.

Data Retention

Active accounts

Data retained for as long as your account is active.

Deleted accounts

Personal data and uploaded files removed within 30 days. Anonymized usage data may be retained.

Client submissions

Retained as long as the request exists. Organization owners can delete requests and submissions at any time.

Backups

Encrypted backups retained for up to 30 days, then automatically purged.

Your Rights

Depending on your jurisdiction, you have the right to:

AccessRequest the personal data we hold about you
CorrectFix inaccurate or incomplete data
DeleteRemove your account and associated data
ExportReceive your data in a portable format
ObjectObject to certain processing activities
Withdraw consentWhere processing is based on consent

To exercise any of these rights, email privacy@bopdocs.com.

Cookies

We use cookies to maintain your authentication session and remember preferences. For full details, see our Cookie Policy.

Children's Privacy

BopDocs is not intended for anyone under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

International Data Transfers

BopDocs is operated from the United States. If you access our service from outside the US, your information may be transferred to and processed in the US. We ensure appropriate safeguards are in place for such transfers.

Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes by email or by posting the updated policy here. Continued use of BopDocs after changes constitutes acceptance.

Contact Us

Questions? Email privacy@bopdocs.com

Ready to stop chasing?

Join professionals who’ve automated document collection and reclaimed their time.

Start Free — No Credit CardAlready have an account? Log in