Privacy Policy
1 · Who we are (controller & contact)
Dossova is the controller for the personal data described here. For any privacy question or to exercise a right below, contact us at privacy@dossova.com. We have not appointed a Data Protection Officer as we are not required to; this inbox is the point of contact for all data-protection matters.
2 · EU representative (Art. 27 GDPR)
We are appointing a representative in the EU under Article 27 GDPR ahead of public launch. Until the appointment is published, you can reach us directly on any data-protection matter at privacy@dossova.com.
3 · What we process (categories & sources)
We process the information you give us to run the service: your email and session for sign-in; the product data, materials and photos you enter to generate a draft; and payment metadata for billing. We also derive limited technical data (IP, request logs) to keep the service secure. Most data comes directly from you; payment confirmations come from our payment processor. The knowledge base we search contains public regulatory text only — not your personal data.
4 · Purposes, legal bases & retention
Each processing activity, its purpose, the categories of data, the legal basis under Article 6 GDPR and how long we keep it are listed below — a summary of our Record of Processing Activities (Art. 30 GDPR).
| Activity | Purpose | Data categories | Legal basis | Retention |
|---|---|---|---|---|
| Account / authentication | Magic-link sign-in and session | Email, session token | Contract (Art. 6(1)(b)) | Session 30 days rolling; email until account closure |
| Gap-check (anonymous) | Free scope / eligibility check | Product identity, category hints | Legitimate interest (Art. 6(1)(f)) | Draft ≤ 30 days |
| Generation pipeline | Produce the Technical File / Risk Assessment / DoC draft | Product data, uploaded photos (transient), materials / BoM | Contract (Art. 6(1)(b)) | Photos ≤ 24h (purged after vision); final PDF 10 years (GPSR Art. 9) |
| Payments | Checkout and entitlement ledger | Email, payment metadata | Contract (Art. 6(1)(b)) + legal obligation (Art. 6(1)(c), tax) | Payment records 6–10 years (tax law) |
| Document delivery | Durable-medium copy of the generated document | Email, document link | Contract (Art. 6(1)(b)) | Email log per audit policy; PDF 10 years |
| Consent / HITL acceptance | Immutable consent and acceptance record | Email, consent text hash, IP, locale, timestamp | Legal obligation (Art. 6(1)(c)) + consent (Art. 6(1)(a)) | Consent legal-hold ≥ 6 years (immutable) |
| Observability | Operational metrics, traces and errors | Redacted telemetry (no personal data) | Legitimate interest (Art. 6(1)(f)) | Per Grafana / Sentry retention |
| Data-subject requests / consent withdrawal | Access, deletion and withdrawal rights | Email + linked records | Legal obligation (Art. 6(1)(c)) | Soft-delete + purge ≤ 30 days; 10-year archived PDF anonymised where a legal-retention exception applies |
Retention schedule
| Data | Kept for |
|---|---|
| Account email | Until you close your account |
| Session token | 30 days, rolling |
| Draft (product data, gap-check) | ≤ 30 days |
| Uploaded photos | ≤ 24 hours — purged after the vision step |
| Generated PDF | 10 years (GPSR Art. 9 record-keeping) |
| Consent & payment records | ≥ 6 years (legal / tax obligation) |
5 · Email we send
We send transactional email only — no marketing email in the current release. Each type, its legal basis and whether you can opt out:
| Legal basis | Opt-out | |
|---|---|---|
| Magic-link sign-in | Contract (Art. 6(1)(b)) | Required to sign in — cannot opt out while you have an account |
| Document delivery (durable-medium copy) | Contract (Art. 6(1)(b)) | Part of the paid service |
| Critical billing / security notice | Legal obligation / legitimate interest | Cannot opt out — required to operate your account safely |
6 · Sub-processors & international transfers
We store all customer data at rest in the EU. The only transfers outside the EU are to OpenRouter (customer content to the frontier model, in transit only, on a zero-retention route) and Vercel (front-end hosting, no data at rest) — both under the EU Standard Contractual Clauses and a Data Processing Agreement. Our recipients (all engaged under GDPR Art. 28):
| Processor | Purpose | Region | Transfer mechanism |
|---|---|---|---|
| Neon | Primary Postgres — accounts, SKUs, generations, documents, entitlement, payments, consent, audit log | EU | None (EU → EU) |
| Qdrant Cloud | Vector knowledge base (regulatory_text · recall_corpus · opss_guidance) | EU | None (EU → EU) |
| Upstash Redis | Job broker + session / entitlement cache | EU | None (EU → EU) |
| Cloudflare R2 | Durable PDF store (10-year) + uploaded photos (short retention, purged after generation) | EU (jurisdiction=EU) | None (EU → EU) |
| Stripe | Checkout, billing and webhooks (EUR presentment) | EU entity + DPA | Stripe DPA + SCC (Stripe-side transfers) |
| Resend | Transactional email (magic-link, durable-medium document copy) | EU-DPA | Resend DPA |
| OpenRouter (frontier providers: Anthropic, OpenAI, Google, Mistral) | Frontier LLM / Vision / embeddings on a zero-retention route | US transit | SCC + DPA; per-request zero-data-retention + provider allowlist |
| Vercel | Next.js front hosting (server components + static + edge cache) | US edge | SCC + DPA |
| Grafana Cloud | Observability (metrics / traces / logs) | EU | None (EU → EU) |
| Sentry | Error grouping / alerting | EU-DSN | None (EU → EU) |
The authoritative, always-current list is our sub-processor register.
7 · How AI processes your data
Your product data and photos are sent to a frontier large-language / vision model through OpenRouter over a zero-retention route: the content is processed in transit and is not used to train any model and not retained by the provider. Photo metadata (including EXIF) is stripped and the photos themselves are purged within 24 hours of the vision step. All storage is in the EU.
9 · Your rights
You have the right to access, rectify, export (portability), delete, restrict and object to the processing of your personal data, and to withdraw consent at any time without affecting processing already carried out. If you used the free gap-check without an account, that data is anonymous to us (GDPR Art. 11) — clearing your browser data erases it.
To exercise a right, use our data-subject request form or email privacy@dossova.com. We respond within 30 days (GDPR Art. 12).
10 · Complaints & changes
You may lodge a complaint with your local supervisory authority — your EU Data Protection Authority, or, in the UK, the Information Commissioner's Office (ICO). If we make a material change to this policy we will update the version and effective date above; the English version is the authoritative one for readers in any locale (including CN / HK).