Privacy Policy

Last updated: April 6, 2026

1. Introduction

Doxxiom ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our document collection platform (the "Service"). This policy applies to all users, including professionals and their clients.

2. Information We Collect

We collect information you provide directly, such as your name, email address, and company name when you create an account. When clients use the portal, we collect their email address for authentication. We also collect the documents and files you upload to the Service. Additionally, we automatically collect basic usage data such as browser type, IP address, and pages visited to help operate and improve the Service.

3. How We Use Your Information

We use your information to: (a) provide, maintain, and improve the Service; (b) authenticate users and manage accounts; (c) process document requests and file transfers; (d) send transactional emails such as document request notifications and upload confirmations; (e) process payments through Stripe; and (f) comply with legal obligations. We do not sell your personal information or use it for advertising.

4. Third-Party Integrations

Doxxiom offers optional integrations with Google Drive, Microsoft OneDrive, Dropbox, and Box. When you connect a cloud storage account, we request only the permissions necessary to sync your collected documents to your chosen provider. We access your cloud storage solely to create folders and upload files as directed by you. We do not read, scan, index, or retain copies of files already in your cloud storage. OAuth tokens are encrypted at rest and you may revoke access at any time from your account settings or from the third-party provider's security settings. When you use the e-signature feature, your documents are temporarily transmitted to DocuSeal (docuseal.com), a SOC 2 and HIPAA-compliant e-signature provider, solely for the purpose of collecting signatures. DocuSeal processes the document during the signing ceremony only. Once all parties have signed, the completed documents are automatically downloaded to our secure storage and permanently deleted from DocuSeal's servers. No document data is retained by DocuSeal after this process.

5. Data Storage & Security

Documents are stored in private, access-controlled cloud storage buckets. All data is transmitted over TLS and encrypted at rest. We use row-level security to isolate data between organizations. Authentication is handled via magic links and secure session tokens through Supabase Auth. Documents sent for e-signature are temporarily processed by DocuSeal; once signing is complete, files are stored exclusively on our infrastructure and permanently removed from DocuSeal. We regularly review our security practices, but no system is 100% secure — we cannot guarantee absolute security.

6. Data Retention

We retain your account information and uploaded documents for as long as your account is active or as needed to provide the Service. When you delete a document or your account, we remove the associated data from our active systems within 30 days. Backups may retain data for an additional period before being purged.

7. Your Rights

Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to or restrict processing of your data; and (e) request a portable copy of your data. To exercise any of these rights, contact us at info@doxxiom.com.

8. Cookies & Analytics

Doxxiom uses essential cookies for authentication and session management. We do not use third-party advertising cookies. We may use privacy-respecting analytics to understand aggregate usage patterns. You can control cookies through your browser settings.

9. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at info@doxxiom.com.