Privacy Policy
Legal
Privacy Policy
Last updated: May 10, 2025 · Docufast Technologies Ltd
Docufast Technologies Ltd ("Docufast", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it.
This policy applies to our website at docufast.ai, our Chrome extension, and all related services (collectively, the "Services").
Data Controller
Docufast Technologies Ltd
11-13 Georgiou Karaiskaki Street, Carisa Salonica Court, Office/Flat 102
7560 Pervolia, Larnaca, Cyprus
privacy@docufast.ai
1. What information we collect
Account information
When you create a Docufast account, we collect your name, email address, and — where applicable — your company name. You can sign up via email and password, Google, or Microsoft.
Payment information
Payments are processed by Stripe. We do not store your credit card details. Stripe may collect and process your billing name, email, and payment method. See Stripe's Privacy Policy for details.
Content you create
When you use Docufast to record and document workflows, we process:
Screenshots and screen recordings captured during your session
Browser activity on the active tab while recording is enabled
Text and inputs visible on the web pages you choose to record
Important: Only record on pages and workflows you are authorised to capture. Docufast does not actively monitor the content of your recordings. You are responsible for ensuring that any personal data captured during recordings is handled in accordance with applicable law.
Usage data
We automatically collect information about how you use our Services, including pages visited, features used, actions taken, session duration, IP address, browser type, and device information.
Communications
If you contact us by email or through our support chat, we store the content of that communication and your contact details.
2. How we use your information
Purpose | Legal basis |
|---|---|
Providing and operating the Services | Contract (Art. 6(1)(b) GDPR) |
Account management and authentication | Contract (Art. 6(1)(b) GDPR) |
Processing payments | Contract (Art. 6(1)(b) GDPR) |
Sending transactional emails (onboarding, password reset, billing) | Contract (Art. 6(1)(b) GDPR) |
Sending product updates and newsletters | Consent (Art. 6(1)(a) GDPR) |
Analytics and product improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
Security, fraud prevention, and abuse detection | Legitimate interests (Art. 6(1)(f) GDPR) |
Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
3. Chrome Extension — special notice
Our Chrome extension only activates when you explicitly start a recording. It does not run in the background, track your general browsing activity, or collect data from pages where recording is not active.
Content captured during a recording (screenshots, page text, browser activity) is transmitted to our servers solely to generate your guides, videos, and Teach Me walkthroughs. This content is stored in your account and is not used for any other purpose, including advertising or training AI models, without your explicit consent.
4. Third parties we share data with
We do not sell your personal data. We share data only with the following service providers, who process it on our behalf:
Provider | Purpose | Location |
|---|---|---|
Stripe | Payment processing | USA (SCCs in place) |
Google Analytics | Website analytics | USA (SCCs in place) |
Mixpanel | Product analytics | USA (SCCs in place) |
Intercom | Customer support chat | USA (SCCs in place) |
OpenAI | AI-generated step descriptions and narration | USA (SCCs in place) |
Google (Gemini) | AI-generated step descriptions | USA (SCCs in place) |
Cloudflare | Security, DNS, CDN | USA (SCCs in place) |
We may also disclose your information if required to do so by law, court order, or governmental authority.
5. Marketing and outreach emails
We send the following types of emails:
Transactional emails (onboarding, password reset, billing receipts) — sent as part of our contractual relationship. You cannot opt out of these while your account is active.
Product updates and newsletters — sent with your consent. You can unsubscribe at any time via the link in any email.
Cold outreach — we may contact potential business customers whose contact details are obtained through legitimate B2B sources (e.g. LinkedIn, Apollo). This is done on the basis of legitimate interests. Recipients can opt out at any time by replying or clicking the unsubscribe link.
6. How long we keep your data
Data type | Retention period |
|---|---|
Account data | For the duration of your account, plus 30 days after deletion |
Recordings, guides, and videos | For the duration of your account, deleted upon account deletion |
Payment records | 7 years (legal and tax obligation) |
Analytics data | 26 months (Google Analytics default) |
Support communications | 3 years |
7. International data transfers
Docufast Technologies Ltd is based in Cyprus and operates within the European Union. Some of our service providers (see Section 4) are located outside the EEA, primarily in the United States. For all such transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives equivalent protection.
8. Your rights
As a user in the EEA or UK, you have the following rights under the GDPR:
Access — Request a copy of the personal data we hold about you.
Rectification — Ask us to correct inaccurate or incomplete data.
Erasure — Ask us to delete your personal data ("right to be forgotten").
Restriction — Ask us to pause processing of your data in certain circumstances.
Portability — Receive your data in a structured, machine-readable format.
Objection — Object to processing based on legitimate interests or for direct marketing.
Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing.
Lodge a complaint — Contact the Cyprus Commissioner for Personal Data Protection at dataprotection.gov.cy.
To exercise any of these rights, email us at privacy@docufast.ai. We will respond within 30 days.
9. Security
We take the security of your data seriously. Our measures include encrypted data transmission (TLS), encrypted storage, access controls, and regular security reviews. However, no system is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@docufast.ai.
10. Children
Our Services are not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Cookies
We use cookies and similar tracking technologies on our website. For full details, see our Cookie Policy.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or via a notice in the product. The current version is always available at docufast.ai/privacy-policy.
13. Contact
For any questions or requests regarding this Privacy Policy:
Docufast Technologies Ltd
11-13 Georgiou Karaiskaki Street, Carisa Salonica Court, Office/Flat 102
7560 Pervolia, Larnaca, Cyprus
privacy@docufast.ai
© 2025 Docufast Technologies Ltd. All rights reserved.
© 2026 Docufast. All rights reserved.