Privacy Policy

Your privacy is important to us

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.

This privacy policy covers the information we collect about you when you use our products or services, or otherwise interact with us, unless a different policy is displayed. We offer a range of products and services and refer to all of these products, services, and websites as "Services" in this policy.

This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.

Where we provide the Services under contract with an organization (for example, your employer), that organization controls the information processed by the Services. For more information, please refer to our Notice to End Users below.

Information we collect about you

We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.

Information you provide to us

We collect information about you when you input it into the Services or otherwise provide it directly to us.

Account and profile information

We collect information about you when you register for an account, create or modify your profile, set preferences, or sign up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You may have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.

Content you provide through our products

The Services include the RocketDocs products you use, where we collect and store content that you post, send, receive, and share. This content includes any information about you that you may choose to include. Examples of content we store include: attributes added to a content or dashboard record, files and links you upload to the Services, and any feedback you provide to us.

If you use an on-premises version of the Services, we do not host, store, transmit, receive, or collect information about you (including your content), except in limited cases where permitted by your administrator. We collect feedback you provide directly to us through the product. We collect content using analytics techniques that hash, filter, or otherwise scrub the information to exclude information that might identify you or your organization. We collect clickstream data about how you interact with and use features in the Services.

Content you provide through our websites

The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, including social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, webinars, promotions, activities, or events.

Information you provide through our support channels

The Services also include our customer support channels, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a single point of contact, open a support ticket, speak to one of our representatives directly, or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots, or information that would be helpful in resolving the issue.

Payment information

We collect certain payment and billing information when you register for paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You may also provide payment information, such as payment card details, which we collect via secure payment processing services.

Your use of the Services

We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use, the links you click on, the type, size, and filenames of attachments you upload to the Services, frequently used search terms, and how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them. If you use a server or data center version of the Services, the information we collect about your use of the Services is limited to clickstream data about how you interact with and use features in the Services. On-premises installations are not included in this use of services.

Device and connection information

We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring and exit pages, device identifiers, and crash data. We use your IP address and country preference to approximate your location and provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. On-premises installations are not included in this use of services.

Information we receive from other sources

We receive information about you from other Service users, from third-party services, from our related companies, and from our business partners.

Other users of the Services

Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned in a support issue opened by someone else. We also receive your email address from other Service users when they provide it to invite you to the Services.

Other services you link to your account

We receive information about you when you or your administrator integrate or link another service with our Services. For example, if you log in to an account using single sign-on, we receive your name and email address as permitted by your single sign-on settings to authenticate you. The information we receive when you link or integrate a third-party service with our Services depends on the settings, permissions, and privacy policy controlled by that third-party service.

Partners

We work with partners who provide other services around our products. Some of these partners also help us to market and promote our products and generate leads for us. We receive information from these partners, including billing information, billing and technical contact information, company name, the products you have purchased or may be interested in, evaluation information you have provided, events you have attended, and the country you are in. We also receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners.

How we use information we collect

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

To provide the Services and personalize your experience

We use information about you to provide the Services to you, including to authenticate you when you log in, provide customer support, and operate and maintain the Services. We also use information about you to connect you with other team members seeking your subject matter expertise.

For research and development

We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, and areas for integration and improvement of the Services. We may apply these learnings across our Services to improve and develop similar features.

To communicate with you about the Services

We use your contact information to send transactional communications via secure email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions, and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages.

To market, promote, and drive engagement with the Services

We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you. These communications are aimed at driving engagement and maximizing what you get out of the Services. You can control whether you receive these communications as described under "Opt out of communications" below.

Customer support

We use your information to resolve technical support issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.

For safety and security

We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity, and to identify violations of Services policies.

To protect our legitimate business interests and legal rights

Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.

With your consent

We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer case studies to promote the Services, with your permission.

Legal bases for processing (for EEA users)

If you are an individual in the European Economic Area (EEA), we are compliant with the EU General Data Protection Regulation 2016/679, more commonly known as the GDPR. We collect and process information about you only where we have legal bases for doing so under applicable EU laws.

• We need it to provide you the Services, including to operate the Services, provide customer support, provide personalized features, and protect the safety and security of the Services
• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services, and to protect our legal rights and interests
• You give us consent to do so for a specific purpose
• We need to process your data to comply with a legal obligation

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

How we share information we collect

We may share information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.

Sharing with other Service users

When you use the Services, we share certain information about you with other Services users for collaboration purposes, including content you create and grant permission to others to see, share, edit, copy, and download.

Managed accounts and administrators

If you register or access the Services using an email address with a domain that is owned by your employer or organization, certain information about you, including your name, profile picture, contact information, content, and past use of your account, may become accessible to that organization’s administrator and other Service users sharing the same domain.

Sharing with third parties

We share information with third parties that help us operate, provide, improve, integrate, customize, and support our Services.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent. This information will not be shared with any third parties.

Compliance with enforcement requests and applicable laws

In exceptional circumstances, with notification to you, we may share information about you with a third party if we believe that sharing is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request, enforce our agreements, protect the security or integrity of our products and services, protect RocketDocs, our customers, or the public from harm or illegal activities, or respond to an emergency that we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Sharing with affiliated companies

We share information we collect with affiliated companies and, in some cases, with prospective affiliates. The protections of this privacy policy apply to the information we share in these circumstances.

Business transfers

We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.

How we store and secure information we collect

Our production environment is hosted in enterprise-grade cloud infrastructure with redundant availability zones, automated failover, and continuous security monitoring.

We create a secure environment for every hosted customer with strict tenant isolation. No customer can access another customer’s data through any path. All data at rest is encrypted using AES-256 encryption. All data in transit is encrypted using TLS 1.2 or higher.

Penetration testing is performed regularly by independent third parties. The platform is SOC 2 Type II and ISO 27001 certified. For full security and compliance documentation, visit our Trust Center.

How long we keep information

Data ownership

You always own the data stored in RocketDocs. Upon termination, we will provide your data according to the terms of the subscription agreement. On-premises installations are excluded because all data resides on your servers.

Account information

We retain your general account information for as long as your subscription agreement is active and for a reasonable period thereafter in case you decide to reactivate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services.

Information you share on the Services

If your account is deactivated or disabled, some of your information and the content you have provided will remain to allow your team members or other users to make full use of the Services.

Managed accounts

If the Services are made available to you through an organization, we retain your information if required by the administrator of your account. For more information, see "Managed accounts and administrators" above.

AI and Large Language Model (LLM) privacy practices

At RocketDocs, we prioritize the security and privacy of data within our AI-powered solutions. This section outlines our commitments and practices regarding your data in relation to our AI and LLM technologies.

Private AI architecture

Our generative AI engine, Astro, runs on Llama 3.1 hosted privately inside our environment. Customer data is not sent to OpenAI, Anthropic, Google, or any other third-party model provider. The model runs on our infrastructure, not Meta’s, and Meta does not have access to your prompts, your responses, or your knowledge base.

Data security

Adhering to our AI Security Policy, we ensure the protection of your data through strong security measures, including AES-256 encryption for data at rest and in transit. We maintain the confidentiality and integrity of your data with strict controls to prevent unauthorized access. Compartmentalization of data ensures absolute segregation of data across different client environments to prevent any data crossover.

Customer consent and training data

We do not use customer data to train or enhance our AI systems without explicit authorization. Your data is processed solely for the purposes for which it was collected. Astro responses are generated only from your approved content; no cross-customer model exposure occurs.

Your rights

We acknowledge your rights over your personal data, including access, correction, and deletion. Our processes are designed for transparency, allowing you to exercise your rights effectively.

Transparency and updates

Our practices around AI and data usage are transparent. We commit to keeping you informed about any significant changes in our policies or practices.

How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them, and any limitations.

Your choices

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. You can exercise some of these choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator, you may need to contact your administrator to assist with your requests first.

Your request and choices may be limited in certain cases

Your options may be limited if fulfilling your request would reveal information about another person, or if you ask to delete information that we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work, or where you feel your rights were infringed.

Access and update your information

Our Services give you the ability to access and update certain information about you from within the Service. You can update your user account and profile information within your profile settings and modify content that contains information about you using the editing tools associated with the Services.

Deactivate your account

If you no longer wish to use our Services, your administrator may deactivate your Services account. Please contact your administrator to request deactivation.

Delete your information

Our Services give you the ability to delete certain information about you from within the Service. We may need to retain certain information for record-keeping purposes or to comply with our legal obligations.

Opt out of communications

You may opt out of receiving promotional communications from us by using the unsubscribe option within the email or by contacting us as provided below. Even after you opt out from receiving promotional messages, you will continue to receive transactional messages from us regarding our Services.

Cookies and tracking

Your privacy is important to us, and we believe in giving you full transparency over the use of cookies and other tracking technologies when you visit our websites or use our Services.

What are cookies

Cookies are small text files stored on your device when you visit certain websites. They are used to remember your preferences, help you navigate between pages more efficiently, understand how you interact with our Services, and improve your browsing experience.

Types of cookies we use

• Necessary cookies: essential for browsing our websites and using their features
• Performance cookies: collect information about how you use our websites to help optimize them
• Functionality cookies: allow our websites to remember choices you make while browsing

Do Not Track signals

Some browsers have incorporated Do Not Track features that can send a signal to the websites you visit. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals.

Notice to end users

Our products are intended for use by organizations. Where the Services are made available to you through an organization, that organization is the administrator of the Services and is responsible for the accounts and Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Our policy related to children

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.

Changes to our privacy policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page, and if the changes are significant, we will send a more prominent notice by sending designated contacts an email notification. We encourage you to review our privacy policy whenever you use the Services.