1. Data controller
Dokta SAS, a simplified joint-stock company, is responsible for the processing of personal data collected via the Dokta platform.
2. Data collected
We collect the following data:
- Identification data — Company name, email, phone.
- Connection data — Email address, password (encrypted).
- Usage data — Uploaded documents, generated tasks, connection logs.
- Payment data — Managed exclusively by Stripe. We do not store any card numbers.
- Consents — Acceptance of ToS, communication preferences.
3. Purposes of processing
- Provision and management of the Service
- Billing and subscription management
- Service-related communications (notifications, alerts)
- Marketing communications (only with explicit consent)
- Service improvement and anonymized statistical analysis
4. Legal basis
- Contract performance — For the provision of the Service.
- Consent — For marketing communications.
- Legitimate interest — For Service improvement.
- Legal obligation — For invoice retention.
5. Retention period
- Account data — Duration of subscription + 3 years after deletion.
- Uploaded documents — Duration of subscription + 30 days after account deletion.
- Billing data — 10 years (legal obligation).
- Consents — 5 years from collection.
6. Subprocessors
- Amazon Web Services (AWS) — Hosting, storage, processing (eu-west-1 region, Ireland).
- Stripe — Payment management (PCI DSS Level 1 certified).
7. Your rights
In accordance with the GDPR, you have the following rights:
- Right of access to your data
- Right of rectification
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object
- Right to withdraw your consent at any time
To exercise these rights, contact us at dpo@dokta.io.
8. Security
We implement appropriate technical and organizational measures to protect your data: encryption in transit (TLS) and at rest (AES-256), strict access control, regular audits.