Privacy Policy

Last updated: March 05, 2026

In a nutshell

  • When you use the DocuSapiens.ai platform, we collect account data through GitHub or Google OAuth, as well as service-related data such as repository URLs, site configurations, and billing information.
  • We use Google Tag Manager on the landing page for analytics purposes. A cookie consent mechanism is in place.
  • IP addresses and user-agent strings may be logged for security and operational purposes.
  • We share data with third-party service providers (GitHub, Google, Stripe, Supabase) as necessary to deliver our services. Some of these providers are located outside the European Economic Area.
  • You can request full account deletion and data erasure at any time.

1. Data Controller

The Data Controller corresponds to the owner of this website, whose complete details are provided in the Legal Notice.

2. Data processed, purposes and retention periods

2.1 Data processed:

  • a) Account Data: When you sign up via GitHub OAuth, we collect your GitHub username, email address, and GitHub user ID. We also store a GitHub access token to access repositories on your behalf. When you sign up via Google OAuth, we collect your Google name, email address, and Google user ID.
  • b) Payment and Billing Data: When you purchase credits, we create a Stripe customer profile linked to your account. We store your Stripe customer ID, transaction history (including amounts, descriptions, and Stripe session IDs), and your current credit balance. Full payment card details are processed and stored exclusively by Stripe and are never stored on our servers.
  • c) Service Data: When you use the platform, we collect repository URLs, repository names, site subdomain choices, branch and path configurations, build records (including status and error details), and whether your repositories are public or private.
  • d) Usage Metrics: We track platform usage metrics associated with your account to monitor service performance and resource consumption.
  • e) Technical Data: Our servers automatically log IP addresses, user-agent strings, request paths, HTTP status codes, and timestamps for each request. This data is used for security monitoring and operational purposes.
  • f) Analytics Data: On the landing page, Google Tag Manager is used to collect browsing behaviour data such as page views and interactions. This is subject to your cookie consent preferences.
  • g) Contact Data: If you contact us via email or contact forms, we collect the data you provide (email address, name, message content) for the purpose of responding to your enquiry.

2.2 Purposes: The data collected is used for the following purposes:

  • Account management: To create and maintain your user account, authenticate your identity, and provide access to the platform.
  • Service provision: To build, host, and maintain your documentation sites, and to provide AI-powered documentation search capabilities.
  • Billing: To process credit purchases, maintain transaction records, and manage your credit balance.
  • Platform improvement: To analyse usage patterns and improve the service.
  • Security: To detect and prevent abuse, fraud, and unauthorised access.
  • Contact: To respond to questions and requests submitted via email or contact forms.

2.3 Retention: The retention periods are as follows:

  • Account Data: Retained for as long as your account is active. Upon account deletion, your data is removed along with all associated sites, builds, metrics, and transactions, except where retention is required by law.
  • Payment and Billing Data: Transaction records are retained for the period required by applicable tax and accounting legislation.
  • Service Data: Retained for as long as your account is active and deleted upon account deletion.
  • Technical Data (logs): Retained for a limited period for security and operational purposes.
  • Analytics Data: Subject to Google Tag Manager's data retention policies.
  • Contact Data: Deleted once your enquiry has been processed and answered.

3. Legal basis for processing

The legal bases for processing your data are:

  • Performance of a contract: Processing of Account Data, Service Data, and Payment Data is necessary to provide the services you have requested (Article 6(1)(b) GDPR).
  • Legitimate interest: Processing of Technical Data and Usage Metrics is based on our legitimate interest in maintaining the security and performance of our platform (Article 6(1)(f) GDPR).
  • Consent: Processing of Analytics Data via Google Tag Manager is based on your consent, which you can withdraw at any time via the cookie consent mechanism (Article 6(1)(a) GDPR). Processing of Contact Data is based on your consent given by submitting the contact form.
  • Legal obligation: Retention of billing records is necessary to comply with tax and accounting obligations (Article 6(1)(c) GDPR).

4. Third-party service providers

We use the following third-party services to deliver and operate the platform:

  • GitHub (Microsoft Corporation, USA): OAuth authentication and repository access. When you connect your GitHub account, we use your access token to clone and build documentation from your repositories. GitHub's privacy policy applies to your use of their service.
  • Google Cloud Platform (Google LLC, USA): OAuth authentication (Google sign-in), Cloud Storage (hosting your built documentation sites), and Cloud Build (building documentation sites). Data is processed in the europe-west1 region where available.
  • Stripe (Stripe, Inc., USA): Payment processing for credit purchases. Stripe processes your payment card details directly. We only store your Stripe customer ID and transaction references. Stripe's privacy policy applies to payment data.
  • Supabase (Supabase, Inc.): Database hosting for all platform data (user accounts, sites, builds, transactions, and metrics).
  • Google Tag Manager (Google LLC, USA): Analytics and tracking on the landing page, subject to your cookie consent.

5. International data transfers

Some of our third-party service providers are located in the United States (GitHub, Google, Stripe). Data transfers to these providers are carried out in compliance with applicable data protection legislation, including the use of Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by the GDPR.

6. Cookies and tracking technologies

  • Authentication tokens: We use JSON Web Tokens (JWT) stored in your browser to maintain your authenticated session on the platform.
  • Google Tag Manager: Used on the landing page for analytics purposes. This may set cookies to track browsing behaviour. A cookie consent mechanism is provided, and you may decline non-essential cookies.
  • No other tracking cookies are used by the platform itself beyond what is necessary for authentication and the analytics described above.

7. Account deletion and data erasure

You have the right to request the deletion of your account and all associated data. Upon deletion:

  • Your user account and all personal data (including OAuth tokens) will be permanently removed.
  • All sites, builds, and usage metrics associated with your account will be deleted.
  • Your hosted documentation sites will be taken offline.
  • Transaction records may be retained for the period required by applicable tax and accounting legislation.

To request account deletion, contact us at the email address provided in the Legal Notice.

8. Exercise of rights

Under applicable data protection legislation (including the GDPR), you have the right to:

  • Access your personal data and obtain a copy of the data we hold about you.
  • Rectification of inaccurate or incomplete personal data.
  • Erasure of your personal data (see Section 7 above).
  • Restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Data portability to receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent (e.g., analytics cookies), without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, send a written communication to the email address provided in the Legal Notice, including documentation to verify your identity.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es) or your local supervisory authority.