GDPR Compliance

DocVanta is committed to protecting the privacy and security of your personal data. We comply with the General Data Protection Regulation (GDPR), which governs how organizations collect, use, and protect personal data of individuals in the European Union (EU) and European Economic Area (EEA).

This page outlines your rights under GDPR and how DocVanta ensures compliance with these important data protection requirements.

Under GDPR, you have the following rights regarding your personal data:

Right to Access: You have the right to request a copy of the personal data we hold about you.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

Right to Erasure: You have the right to request that we delete your personal data under certain circumstances.

Right to Restrict Processing: You have the right to request that we limit how we use your personal data.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format.

Right to Object: You have the right to object to our processing of your personal data for certain purposes.

Right to Withdraw Consent: Where we rely on consent to process your data, you have the right to withdraw that consent at any time.

We process personal data only when we have a lawful basis to do so:

Contract Performance: Processing necessary to fulfill our contractual obligations to you.

Legitimate Interests: Processing necessary for our legitimate business interests, where these do not override your rights.

Legal Compliance: Processing necessary to comply with legal obligations.

Consent: Processing based on your explicit consent, which you may withdraw at any time.

DocVanta implements robust technical and organizational measures to protect your personal data:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Access Controls: Strict role-based access controls limit who can access personal data.

Regular Audits: We conduct regular security audits and vulnerability assessments.

Employee Training: All employees receive data protection and security awareness training.

Incident Response: We have procedures in place to detect, report, and investigate personal data breaches.

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for data transfers.

Adequacy Decisions: We transfer data to countries with EU adequacy decisions where applicable.

Additional Safeguards: We implement supplementary measures where required to ensure data protection.

For any questions about our GDPR compliance or to exercise your data rights, please contact us:

Email: privacy@docvanta.com Subject Line: GDPR Request

We aim to respond to all GDPR-related requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

When you use DocVanta to share documents with your customers or clients, you act as the Data Controller and DocVanta acts as a Data Processor. We provide:

Data Processing Agreement (DPA): Available upon request for enterprise customers.

Sub-processor List: A current list of our sub-processors is available upon request.

Processing Records: We maintain records of all processing activities as required by GDPR.