This policy describes how RepoDoc, the mobile application and related services, handles information when your organization uses the product. The organization that licenses RepoDoc for its users is the primary controller of business data, while technical hosting and email delivery are handled by configured subprocessors.
What we do not do
- We do not sell your personal information.
- We do not use report content, form fields, signatures, PDFs, or related business data for advertising, marketing, profiling, or any purpose unrelated to the product's intended operation.
- We do not use your data for automated decision-making about credit, employment, housing, or similar high-risk purposes.
What data is collected and why
Depending on how your organization configured RepoDoc, the system may process the following categories of data:
| Category | Examples | Purpose |
|---|---|---|
| Account | Email address, user identifier, organization membership | Sign-in, access control, audit |
| Operational | Templates, field values, signatures, generated PDFs, report metadata | Create, store, sync, and display reports |
| Technical | IP address, device or browser signals, logs | Security, reliability, abuse prevention |
| Email delivery | Recipient address for send PDF flows, send status | Delivering report PDFs when requested |
Exact fields depend on your templates and what users enter.
Where data is hosted
RepoDoc is hosted on Supabase for database storage, authentication, file storage for PDFs and related assets, and application APIs.
- Supabase for database, authentication, file storage, and application APIs.
- Transactional email providers may be used when the product sends a report PDF or related notifications to an address the user supplied.
These service providers process data only to support the app's intended functionality. Reports and related data are stored so authorized users can view, search, sync, and manage them inside the product.
Retention
Retention follows your organization's settings, legal requirements, and the policies of the hosting providers. Draft and finalized reports may be kept until deleted according to organization rules or product capabilities.
Security
Industry-standard measures apply at the infrastructure layer, including encryption in transit and access controls. No method of transmission or storage is 100% secure, and organizations should protect accounts and devices.
Your rights
Depending on your location, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. Contact your organization's administrator for requests related to RepoDoc data for your organization.
Children's privacy
RepoDoc is intended for organizational use and is not directed at children. Organizations should not use it to collect data from children without appropriate consent and legal basis.
Changes
This policy may be updated when the product or legal requirements change. Material changes should be communicated by your organization or in release notes.
Contact
For help specific to your organization's use of RepoDoc, contact your organization administrator.
For product design or brand inquiries: GentleReminder.in, as shown in the in-app About screen.