Last Updated: February 17, 2026

Privacy Policy

This Privacy Policy describes how DocsLine collects, uses, and protects your personal data.

Data We Collect

Account Information

Email address
Name (optional)
Company name (optional)
Authentication credentials (securely hashed)

Invoice Data

Uploaded invoice files (PDFs, images)
Extracted invoice data (amounts, dates, vendors)
Categories and tags you assign

Usage Data

Feature usage patterns (anonymized)
Error logs for debugging

How We Use Your Data

Process and extract data from your invoices using our private OCR engine

Provide analytics and insights about your financial data

Improve our service and fix bugs

Send you important service updates (you can opt out of marketing emails)

Data Storage & Security

EU-Only Storage

All your data is stored exclusively on servers located in Nuremberg, Germany and Paris, France.

Infrastructure Partners (2026)

Supabase

Service: Database & file storage
Location: West EU (Paris, France - AWS eu-west-3)
What we store: Account data, invoice files (PDFs/images), extracted data
DPA: supabase.com/legal/dpa

Hetzner Cloud

Service: Backend API hosting & OCR processing
Location: Datacenter nbg1-dc3 (Nuremberg, Germany)
What runs there: Backend API, Frontend, private OCR engine for invoice processing
DPA: hetzner.com/legal

Clerk

Service: Authentication
Location: EU servers
What we store: Email, encrypted password
DPA: clerk.com/legal/dpa

Brevo (Sendinblue)

Service: Transactional email delivery (invoice notifications, payment reminders)
Location: Paris, France (EU)
Data sent: Recipient email, invoice number, vendor name, amount, due date — only when you use email notifications
DPA: brevo.com/legal/dpa

* Exchange rates provided by frankfurter.app (European Central Bank data). No personal data is transmitted.

Security Measures

Encryption at rest (AES-256)

Encryption in transit (TLS 1.3)

Regular security audits

Access controls & logging

Private OCR engine (runs on Hetzner EU)

Privacy-First Processing

Our invoice processing uses a private OCR engine and local AI extraction model, both hosted exclusively on Hetzner Cloud (Nuremberg, Germany).

Your invoice data is NEVER sent to:

OpenAI (ChatGPT, GPT-4)

Anthropic (Claude)

Google Gemini

Any third-party service

All processing happens on our own servers in the EU. No invoice data leaves our infrastructure.

Google API Services User Data Policy

Docsline's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What we access from Gmail

Attachment files only (PDFs, images) — the email body text is never fetched or stored

Files are stored in your inbox but OCR extraction only runs when you explicitly open a document

Limited Use Commitments

Gmail data is NEVER used to train, retrain, or fine-tune our AI models

Gmail data is never sold to third parties or used for advertising

No Docsline employee can access your raw Gmail data. Human access is strictly prohibited unless you explicitly authorize it for a support request, or it is required for security or legal compliance.

All processing occurs on GDPR-compliant EU servers (Hetzner, Nuremberg, Germany), cryptographically isolated per user via JWT authentication

Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all your personal data

Right to Rectification

Correct any inaccurate personal data

Right to Erasure

Request deletion of your personal data

Right to Portability

Export your data in a portable format

Right to Object

Object to processing of your personal data

Exercise Your Rights

Contact Us

Data Protection Officer:
dpo@docsline.eu

Privacy Inquiries:
privacy@docsline.eu

General Support:
support@docsline.eu