Legal
Privacy Policy
Effective date: January 1, 2026 · Last updated: June 1, 2026
Overview
Docura, Inc. ("Docura", "we", "our", or "us") operates the Docura document signing platform available at docura.cloud. This Privacy Policy explains what information we collect, how we use it, and the choices you have in relation to that information. By using the Service you agree to this policy.
Information we collect
Account information. When you create an account we collect your name, email address, and a hashed password.
Document content. When you upload a PDF template or send a document for signing, that file is stored in our infrastructure. We access document content only to provide the signing service and do not read or analyse your documents for any other purpose.
Signer information. We collect name and email address for each signer you invite. We also record the signer's IP address, browser user-agent, and a timestamp for each signing event to generate the audit trail.
Usage data. We log which features you use, page visits, and error events to improve the product. This data is aggregated and not tied to identifiable individuals beyond your account.
Payment information. If you subscribe to a paid plan, payment is processed by Stripe. We store only the last four digits of your card and your Stripe customer ID — we never see or store full card numbers.
How we use your information
We use the information we collect to:
• Operate and deliver the Docura service
• Generate legally-compliant audit trails for signed documents
• Send transactional emails (signing invitations, completion notifications, receipts)
• Detect and prevent fraud and abuse
• Improve and develop new features
• Comply with applicable legal obligations
We do not sell your personal information or use it to train AI models.
Data sharing
We share your data only in limited circumstances:
Service providers. We use third-party vendors to deliver the service: AWS (document storage), Resend (transactional email), Stripe (billing), and Sentry (error monitoring). Each has a Data Processing Agreement with us and is prohibited from using your data for other purposes.
Signers. When you send a document for signing, the signer's name and email are shared with you as the template sender.
Legal requirements. We may disclose information if required to do so by law or in response to valid requests from public authorities.
Business transfers. In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you before any such transfer.
Data retention
We retain your account data for as long as your account is active. Signed documents and their audit trails are retained for 7 years by default to meet legal retention requirements. You can request earlier deletion — see "Your rights" below.
When you delete your account, we delete all personal data within 30 days, except where we are required to retain it by law.
Your rights
Depending on your location, you may have the right to:
• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Delete your data (subject to legal retention requirements)
• Restrict processing of your data
• Port your data in a machine-readable format
• Object to our processing on legitimate-interest grounds
To exercise any of these rights, email privacy@docura.cloud. We will respond within 30 days.
Security
We protect your data with industry-standard measures:
• All data encrypted in transit with TLS 1.3
• Documents encrypted at rest with AES-256
• Access to production systems restricted by role with MFA enforced
• Regular third-party penetration testing
• SOC 2 Type II certified
No method of transmission or storage is 100% secure. If you discover a vulnerability please report it to security@docura.cloud.
Contact us
If you have questions about this policy or our data practices, contact us at:
Docura, Inc.
privacy@docura.cloud
We will respond to all enquiries within 30 days.