Dossova
Effective · 04 Jul 2026v1.0Updated · 04 Jul 2026 UTC
ENES · soon

Privacy Policy

In short
Your data is stored at rest in the EU. Two processors handle data in transit only — OpenRouter and Vercel — both under Standard Contractual Clauses. Uploaded photos are purged within 24 hours. We use AI to produce a draft you review; a human is always in the loop, so there is no automated decision with legal effect. You can access, export, delete or restrict your data at any time. The English version controls.

1 · Who we are (controller & contact)

Dossova is the controller for the personal data described here. For any privacy question or to exercise a right below, contact us at privacy@dossova.com. We have not appointed a Data Protection Officer as we are not required to; this inbox is the point of contact for all data-protection matters.

2 · EU representative (Art. 27 GDPR)

We are appointing a representative in the EU under Article 27 GDPR ahead of public launch. Until the appointment is published, you can reach us directly on any data-protection matter at privacy@dossova.com.

3 · What we process (categories & sources)

We process the information you give us to run the service: your email and session for sign-in; the product data, materials and photos you enter to generate a draft; and payment metadata for billing. We also derive limited technical data (IP, request logs) to keep the service secure. Most data comes directly from you; payment confirmations come from our payment processor. The knowledge base we search contains public regulatory text only — not your personal data.

4 · Purposes, legal bases & retention

Each processing activity, its purpose, the categories of data, the legal basis under Article 6 GDPR and how long we keep it are listed below — a summary of our Record of Processing Activities (Art. 30 GDPR).

Record of Processing Activities summary
ActivityPurposeData categoriesLegal basisRetention
Account / authenticationMagic-link sign-in and sessionEmail, session tokenContract (Art. 6(1)(b))Session 30 days rolling; email until account closure
Gap-check (anonymous)Free scope / eligibility checkProduct identity, category hintsLegitimate interest (Art. 6(1)(f))Draft ≤ 30 days
Generation pipelineProduce the Technical File / Risk Assessment / DoC draftProduct data, uploaded photos (transient), materials / BoMContract (Art. 6(1)(b))Photos ≤ 24h (purged after vision); final PDF 10 years (GPSR Art. 9)
PaymentsCheckout and entitlement ledgerEmail, payment metadataContract (Art. 6(1)(b)) + legal obligation (Art. 6(1)(c), tax)Payment records 6–10 years (tax law)
Document deliveryDurable-medium copy of the generated documentEmail, document linkContract (Art. 6(1)(b))Email log per audit policy; PDF 10 years
Consent / HITL acceptanceImmutable consent and acceptance recordEmail, consent text hash, IP, locale, timestampLegal obligation (Art. 6(1)(c)) + consent (Art. 6(1)(a))Consent legal-hold ≥ 6 years (immutable)
ObservabilityOperational metrics, traces and errorsRedacted telemetry (no personal data)Legitimate interest (Art. 6(1)(f))Per Grafana / Sentry retention
Data-subject requests / consent withdrawalAccess, deletion and withdrawal rightsEmail + linked recordsLegal obligation (Art. 6(1)(c))Soft-delete + purge ≤ 30 days; 10-year archived PDF anonymised where a legal-retention exception applies

Retention schedule

Data retention periods
DataKept for
Account emailUntil you close your account
Session token30 days, rolling
Draft (product data, gap-check)≤ 30 days
Uploaded photos≤ 24 hours — purged after the vision step
Generated PDF10 years (GPSR Art. 9 record-keeping)
Consent & payment records≥ 6 years (legal / tax obligation)

5 · Email we send

We send transactional email only — no marketing email in the current release. Each type, its legal basis and whether you can opt out:

Email types and opt-out
EmailLegal basisOpt-out
Magic-link sign-inContract (Art. 6(1)(b))Required to sign in — cannot opt out while you have an account
Document delivery (durable-medium copy)Contract (Art. 6(1)(b))Part of the paid service
Critical billing / security noticeLegal obligation / legitimate interestCannot opt out — required to operate your account safely

6 · Sub-processors & international transfers

We store all customer data at rest in the EU. The only transfers outside the EU are to OpenRouter (customer content to the frontier model, in transit only, on a zero-retention route) and Vercel (front-end hosting, no data at rest) — both under the EU Standard Contractual Clauses and a Data Processing Agreement. Our recipients (all engaged under GDPR Art. 28):

Sub-processors
ProcessorPurposeRegionTransfer mechanism
NeonPrimary Postgres — accounts, SKUs, generations, documents, entitlement, payments, consent, audit logEUNone (EU → EU)
Qdrant CloudVector knowledge base (regulatory_text · recall_corpus · opss_guidance)EUNone (EU → EU)
Upstash RedisJob broker + session / entitlement cacheEUNone (EU → EU)
Cloudflare R2Durable PDF store (10-year) + uploaded photos (short retention, purged after generation)EU (jurisdiction=EU)None (EU → EU)
StripeCheckout, billing and webhooks (EUR presentment)EU entity + DPAStripe DPA + SCC (Stripe-side transfers)
ResendTransactional email (magic-link, durable-medium document copy)EU-DPAResend DPA
OpenRouter (frontier providers: Anthropic, OpenAI, Google, Mistral)Frontier LLM / Vision / embeddings on a zero-retention routeUS transitSCC + DPA; per-request zero-data-retention + provider allowlist
VercelNext.js front hosting (server components + static + edge cache)US edgeSCC + DPA
Grafana CloudObservability (metrics / traces / logs)EUNone (EU → EU)
SentryError grouping / alertingEU-DSNNone (EU → EU)

The authoritative, always-current list is our sub-processor register.

7 · How AI processes your data

Your product data and photos are sent to a frontier large-language / vision model through OpenRouter over a zero-retention route: the content is processed in transit and is not used to train any model and not retained by the provider. Photo metadata (including EXIF) is stripped and the photos themselves are purged within 24 hours of the vision step. All storage is in the EU.

A human is always in the loop
Dossova produces a draft for you to review. There is no automated decision that produces a legal effect or similarly significantly affects you (Art. 22 GDPR): you review and sign off every document before it is used.

8 · Cookies

We use strictly-necessary cookies only — for sign-in, security and your theme preference. Because they are essential to provide the service you asked for, they need no consent and there is no consent banner to manage. Details are in our cookie notice.

9 · Your rights

You have the right to access, rectify, export (portability), delete, restrict and object to the processing of your personal data, and to withdraw consent at any time without affecting processing already carried out. If you used the free gap-check without an account, that data is anonymous to us (GDPR Art. 11) — clearing your browser data erases it.

To exercise a right, use our data-subject request form or email privacy@dossova.com. We respond within 30 days (GDPR Art. 12).

10 · Complaints & changes

You may lodge a complaint with your local supervisory authority — your EU Data Protection Authority, or, in the UK, the Information Commissioner's Office (ICO). If we make a material change to this policy we will update the version and effective date above; the English version is the authoritative one for readers in any locale (including CN / HK).

What Dossova is not
We are not a law firm and do not act as your legal representative. Dossova produces an AI-assisted draft for your review; it does not provide legal advice and does not guarantee acceptance by any marketplace. See our Terms of Service.