Last updated: July 31, 2023
Readdle Limited (“Readdle” or “we”) welcomes you. We provide you with our iOS and macOS application “Documents” (“App” or “Documents”) under the Terms of Service.
This Privacy Notice describes which of your personal data the Documents collects, how stores, processes, and uses it, and what happens when you use the App.
We collect your personal data according to this Privacy Notice when you use the App. When you use our website, available following the link https://readdle.com/documents (“Website”), your personal data is processed in accordance with the Privacy Notice for the Website.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.
Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.
| Name | Readdle Limited |
|---|---|
| Registration number | 630281 |
| VAT | IE 3560869EH |
| Address | Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland. |
| rdsupport@readdle.com – for general inquiries dpo@readdle.com – for privacy inquiries |
When you use Documents, you become our user.
| Data subject | Description |
|---|---|
| User | any person who uses the App. |
| Free User | User that uses the App with certain functionality limits on a free basis. |
| Paying User | User that uses the App on a paid basis or via a trial of the paid version. |
| Feedback Provider | User who provides feedback about the App to us directly or via a third-party platform. |
| Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us. | |
We receive data about you when you download our App and interact with it, depending on your actions in the App.
We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
To process your personal data, we rely on the following legal bases:
Please pay attention. We knowingly do not process the data from users below 16 years of age without a legal representative’s consent. If you are such a user or the user’s legal representative, please inform us by email at dpo@readdle.com.
We collect your personal data according to this Privacy Notice when you use the App. Some of the data we collect automatically, such as the country the App is used in: we get this data based on the IP address or from the AppStore (we receive this information in a generalized form).
Generally, all the data provided to us can either be linked to you or not (i.e., anonymized data).
When you use our App, we may collect some technical data. Pay attention to the fact that we collect your device’s name for security purposes.
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Device info (device type, name, local time, other characteristics). | Improvement of our App. | Legitimate interest. |
| Email hash. | Analytics. | Legitimate interest. |
| Data storage | ||
| We store the data during your use of the App and 1 year after the termination of the agreement between Readdle and you. | ||
All the data you can use through our App is stored on Google Drive, iCloud, Dropbox, Box, WebDAV, etc. process right on the device, via SDKs, and we don't have access to these files.
Overall function:
| Data we have and see | Data you see on your device |
|---|---|
| First App download | |
|
|
| Opening the App | |
|
|
| Receiving emails with tips | |
| Usage | |
|
|
| Settings | |
|
|
| Transfer between devices | |
|
|
| Upgrade to Documents subscription | |
|
|
Receipt is an electronic document provided by Apple about your payment. It is stored on your device. We receive only hash (electronic value) to verify the transaction.
We understand that you might wish to know the details about our privacy practices. We grouped our data privacy processes by features.
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Email. | To send you tips about the usage of the App | Consent. |
| Data storage | ||
| We store data until you withdraw your consent. | ||
You are charged through the App Store.
To track and issue invoices on time, we process your receipt. The receipt is stored on your device. We receive only a hash (electronic value) to verify the transaction.
We also keep the history of payments, as this is a legal requirement, and we cannot delete this information until the filing of the annual accounts expires.
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
Subscription and payment information:
| Confirming the payment for compliance with the applicable law. | Legal obligation. |
| Confirming the payment for providing you with the paid features of the App. | Performance of the contract. | |
| Data storage | ||
| We store the data during your use of the App and 6 years after the termination of the agreement between Readdle and you. | ||
We provide you with the functionality for data transfer. Wi-Fi Transfer is the easiest way to transfer files and photos from a computer to your iPhone or iPad and vice versa. All you need to do is open an App on your phone.
We would like to clarify some important details:
In other words, we are not aware of what exactly you transfer. We only know about the fact of this connection.
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Any data you may transfer | Providing you with the functionality of the App | Performance of the contract |
We provide you with the possibility to link accounts from third-party services for integration and synchronization of data.
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Files on the cloud of the third-party service | Providing you with the functionality of the App | Performance of the contract |
| Data storage | ||
| We do not store the data | ||
We can send you small notifications to inform you about changes or updates via pushes from the App. You can allow or disable push notifications in the App Settings on your device
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Device info (including push-token) | Sending push notifications about the App | Consent |
| Data storage | ||
| We store the data during your use of the App. | ||
We can use Automated individual decision-making to customize your experience with our App.
| Type of data | The reasoning | Legal basis |
|---|---|---|
| Data on your interaction with music | Providing a service | Performance of the contract |
| Data storage | ||
| We store the data during your use of the App. | ||
For greater security and anonymity when using the Internet, we have added a VPN. With VPN enabled, your IP address will be changed. A connection server can be random, or you can choose some specific one.
| Type of data | The reasoning | Legal basis |
|---|---|---|
| Phone settings (for other applications), IP address | Providing you with the functionality of the App | Performance of the contract |
| Data storage | ||
| We store the data during your use of the App. | ||
In addition to the data set that we processed before, now we also store information that you have a subscription.
| Type of data | The reasoning | Legal basis |
|---|---|---|
| Information about the successful payment of the upgrade and extension to Documents subscription | Performance of the contract | Performance of the contract |
| Hash of the receipt | Providing a service | Legitimate interest |
| Data storage | ||
| We store the data during your use of the App and for 6 years after the termination of the Terms of Service between Readdle and you. | ||
In order to track and issue invoices on time, we process your receipt. We also keep the history of payments, as this is a legal requirement, and we cannot delete this information until the expiration of the filing of the annual accounts.
| Type of data | The reasoning | Legal basis |
|---|---|---|
| Data on previously purchased Document subscription | Compliance with legal obligation | Legal obligation |
| Receipt | Compliance with legal obligation | Legal obligation |
| Data storage | ||
| We store the data during your use of the App and for 6 years after the termination of the Terms of Service between Readdle and you. | ||
Here we described the data you see in our App.
| Type of data | The reasoning | Legal basis |
|---|---|---|
| Media-files and documents from Google Drive, iCloud, phone memory | Providing a service | Performance of the contract |
| Instructions for use App | Legitimate interest | |
| Your App settings | Providing a service | Legitimate interest |
| App usage data | Analytics, Statistics | Legitimate interest |
|
| Legitimate interest |
| User ID, open functionality subscription expiration date, availableDevices, APP_token | Provision of services | Performance of the contract |
| Data storage | ||
| Data that is processed based on performance of the contract | We store the data during your use of the App and for 6 years after the termination of the Terms of Service between Readdle and you. | |
| Data that is processed based on legitimate interest | We store the data during your use of the App and 2 years after. | |
When you address your request to support in the App, we collect some information to help you.
We may collect your detailed log files to help you with your problem. These log files may contain sensitive personal information and are connected to you.
Pay attention to our practice on the log files:
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Text of the request. | To fulfill your support request. | Performance of a contract. |
| Attached files. | To fulfill your support request. | Performance of a contract. |
| Logs. | To fulfill your support request. | Performance of a contract. |
| Data storage | ||
| We store the data during your use of the App and 3 years after the termination of the agreement between Readdle and you. | ||
When you submit your feedback about the App to us directly or via third-party platforms, we process personal data in your feedback, which may include your first and last name, username, the text of the feedback and/or any other information such as the feedback submission date, the rating which you assigned to the App, etc., contained in or related to the feedback.
| When | Type of data | Reasons for processing | Legal basis |
|---|---|---|---|
| You provided feedback to us directly. | Email. | To respond to your feedback and ask for your consent. | Consent. |
| First and last name or username. | To use your feedback in our marketing activities. | ||
| Text of the feedback. | To use your feedback in our marketing activities. | ||
| You provided feedback via a third-party platform. | First and last name or username. | To use your feedback in our marketing activities. | Legitimate interest. |
| Text of the feedback. | To use your feedback in our marketing activities. | ||
| Data storage | |||
| Data that is processed based on consent. | Stored for 5 years from feedback or the last communication on feedback. | ||
| Data that is processed based on legitimate interest. | Stored for 2 years from feedback or the last communication on feedback. | ||
We use the Amplitude service to gather statistics on the App usage. As a user, you will not see how this service operates. The Amplitude projects (statistics per specific user after combined into general groups via several criteria) are fully anonymized. This process does not involve personal data that we can access.
We use your personal data on the basis of the performance of the contract to provide services and communicate with the Users.
We share your data with the service providers (please, request Annex A. List of the processors to look through the list of service providers) and contractors to the extent necessary to provide services, technical and customer support, who, for example, help us:
In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third-party.
We can share your data on the following grounds: consent, legal obligation, and legitimate interest.
Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.
Consent. We may transfer your personal data based on your explicit consent.
Legal obligation. We may disclose your personal data to third parties to the extent that it is necessary:
Transfer of personal data to third parties. We may transfer your personal data to third parties based on a data processing agreement, subject to applying technical and organizational measures to protect your personal data. We may share data with certain companies, consultants, and contractors hired to provide certain services to us or on our behalf.
| Hotspot Shield. | Please see the details in the Privacy Notice. |
| Convert API | Please see the details in the Terms and Privacy. |
Please note! We will ask for your consent if data transfer is not part of the contract.
The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.
There is no adequate decision by the European Commission regarding either the US or Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here and in our Data Processing Agreement for the European Economic Area residents and Data Processing Agreement for the United States residents.
However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.
We regularly perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed. We follow ISO 27001 Standard to put all security controls in place as a basis.
To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).
Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements.
Here you can find information about the steps we mentioned above:
| Physical measures | |
|---|---|
| Limited access to premises We use logically separate databases to prevent unauthorized persons from accidentally reading data to separate data. Access to the data is also restricted because employees use services (applications) that control access. | |
| Stress-tests | |
| Organizational measures | |
Policies and instructions
| Transfer protection
|
Agreements
| |
| Contractor and staff training | Privacy protection
|
| Regular access and policy review Code review | |
| Technical measures | |
| Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys | Backup: We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. |
| Two-factor authentication | Critical services are operated redundantly in multiple data centres and controlled by a high-availability system. |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
| The right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
You, as data subjects, have some special privacy rights. To use them, please contact us.
Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you, but may include:
| Right | Description | Area | |
|---|---|---|---|
| Right to access | You can request an explanation of the processing of your personal data. | California, Virginia, Ohio, Colorado, Nevada, Massachusetts | Minnesota, New York, North Carolina, Pennsylvania, Delaware, Utah |
| Right to rectification | You can change the data if it is inaccurate or incomplete. | California, Virginia, Colorado, Nevada, Delaware | Massachusetts, Minnesota, New York, North Carolina |
| Right to deletion | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. | California, Virginia, Ohio, Colorado, Massachusetts | Minnesota, New York, North Carolina, Pennsylvania, Utah |
| Right to restriction | You may partially or completely prohibit us from processing your personal data. | California, Massachusetts | New York |
| Right to portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. | California, Virginia, Ohio, Colorado, Massachusetts | Minnesota, New York, North Carolina, Utah |
| Right to Opt-Out | You may prohibit the sharing or selling of your data. | California, Virginia, Ohio, Nevada, Massachusetts, Minnesota | New York, North Carolina, Pennsylvania, Delaware, Colorado, Utah |
| Right Against Automated Decision Making | You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. | California, Virginia, Colorado, Massachusetts | Minnesota, New York, North Carolina |
| Right to lodge a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. | by default | |
| Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
Readdle does not sell your personal information to anyone nor use your data as a business model.
However, we support the CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
California residents visiting our App may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Existing laws and requirements for processing personal data are subject to change. Should this be the case, we will publish a new version of the Privacy Notice addressing such changes in our App and as the pop up banner on the Website.
If we make substantial changes to the Privacy Notice or the App that affect your data privacy rights, we will notify you by email or display information in the App and ask you to read it. We will notify you in advance, and, if you continue using the App after the changes come into effect, it shall be deemed that you have agreed to and accepted the updated Privacy Notice.