Last updated: July 8, 2024
At Readdle, we care about our users, and therefore, we have improved our Terms of Service and Privacy Notice governing your use of Documents.
In a nutshell, we clarified the wording and added information on the beta offerings.
We encourage you to carefully review the full text of the Terms of Service and Privacy Notice. The abovementioned updates become effective as of the publication date.
Readdle Limited (“Readdle” or “we”) welcomes you. We provide you with our application “Documents” (“App” or “Documents”), available on iOS and iPadOS, subject to the terms and conditions of our Terms of Service.
This Privacy Notice outlines the types of personal data the App collects, details how it is stored, processed, and used, and explains the implications of your interactions with the App.
When you use our website by following the link (“Website”), your personal data is processed in accordance with the Privacy Notice for the Readdle Website.
We recognize the importance you place on your privacy and value the trust you have in us. To honor that trust, we implement the latest data security standards, enhance our understanding of privacy issues, and ensure compliance with the General Data Protection Regulation and other applicable privacy laws.
If you have any questions or comments about this Privacy Notice, please visit our Support page for more information about the App or contact us.
| Controller | Readdle Limited Company number: 630281 Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland |
|---|---|
| Data Protection Officer | Privacity GmbH Neuer Wall 50, 20354 Hamburg, Germany |
| rdsupport@readdle.com – for general inquiries dpo@readdle.com – for privacy inquiries |
Our support team is happy to assist you with any issue related to the use of the Appin any matter. We kindly request that you maintain politeness and calmness in your communications with us, as we may not respond to offensive emails or messages.
When you use Documents, you become our user ("User"), and we collect and process some of your personal data.
Please note that we do not knowingly process the personal data of Users under the age of 16. If you are under 16 or you are a legal representative of such a person, please contact us.
We collect data about you when you download our App and interact with it based on your activities within the App. Please review the details provided below carefully.
You have the option to modify your personal data within the App, either by exercising your right to rectification or through the App's functionalities. Please be aware that the same lawful bases and storage durations apply to the updated data.
We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
To process your personal data, we rely on one of the following lawful bases:
We collect your personal data according to this Privacy Notice when you use the App, depending on how you interact with it, what features you use, and what subscription you have.
When you use the App, we collect certain technical data.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| User ID | Providing you with the functionality of the App | Performance of the contract | We store the data during your use of the App and for six (6) years after you stop activities in the App or until you delete your account |
| Device info (device ID, IP address, phone settings, name, local time, country and city, language, other characteristics) | |||
| Device info (model, device ID, version of iOS, iPadOS, or macOS, time zone, country and/or city, language, connection type, сarrier, type of Central Processing Unit (CPU), free disk space, battery level, screen resolution, paired Apple Watch model (if any) and watchOS version) | Providing you with the Beta Offerings | Performance of the contract | We store the data during your use of the Betta Offering and for one (1) year after its termination |
| Interaction with the App (invitation type, status of your invitation, App name and version, App uptime, number of installs, sessions, and crashes, symbolicated crash logs) | |||
| Interaction with the App (invitation type, status of your invitation, App name and version, App uptime, number of installs, sessions, and crashes, symbolicated crash logs) | |||
| Device info (device ID, IP address, phone settings, name, local time, country and city, language, other characteristics) | Improvement of our App | Legitimate interest | We store the data until you object to the processing where we have your email and can identify you or until you delete your account |
| Analytics ID | |||
| Interactions with the App, its screens and features (e.g. activation of the feature, activation of the trial, tapping a push notification) |
Before you access the App’s features, we may request some personal information to assist us in enhancing the App. Additionally, we might ask for your email address to send you useful information about the App.
You have the option to create an account with Documents to access additional functionalities for registered users. You can either register an account by providing your email address or sign in using your Apple or Google account via Single Sign-on (SSO). If you choose to create an account, it can be deleted at any time through the App, provided there is no active subscription associated with it.
From time to time, we may also offer certain Beta Offerings according to our Terms of Service.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
|
Improvement of the App | Legitimate interest | We store the data until you object to the processing where we have your email and can identify you or until you delete your account |
| To send you tips about the usage of the App | Consent | We process the data in such a way until you withdraw your consent or delete your account | |
| To send you tips about the usage of the App | Consent | We store the data until you withdraw your consent or delete your account | |
| To inform you about major events and special offers of the company and its partners | Legitimate interest | We process the data in such a way until you withdraw your consent on the use of email or delete your account | |
| Providing you with the functionality of the App | Performance of the contract | We delete data within a month after the deletion of your account | |
| Providing you with the beta offerings | Performance of the contract | We delete data within a month after the deletion of your account | |
| Name | Providing you with the Beta Offerings | Consent | We store the data until you withdraw your consent or during your use of the Beta Offering and for one (1) year after its termination |
We collect some additional data to process your payments.
We charge you for premium subscriptions and paid features through the App Store.
We maintain a history of payments because it is a legal requirement. We store this information as mandated by law and cannot delete it until the legally required retention period expires.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
Subscription and payment information:
|
Confirming the payment for compliance with the applicable law. | Legal obligation |
| Confirming the payment for providing you with the paid features of the App | Performance of the contract | |
| Data Storage | ||
| We store the data during your use of the App and six (6) years after the termination of the agreement between Readdle and you | ||
You may upload, create or edit different kinds of documents or content. You may also protect some files with a password or sign the documents.
While using a scanning or photo feature, we can also request access to your camera to take a photo or scan of the document or signature and connect to a computer via a QR code. We also can request access to your microphone to enable sound annotations in PDF files.
While using Photo Actions on iOS, we can request access to your Photos to help you arrange your Photo library.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Files | Providing you with the functionality of the App | Performance of the contract | We do not store your data |
| Image from your device’s camera (if the permission is granted) | |||
| Audio stream from your microphone (if the permission is granted) | |||
| Passwords for PDFs | |||
| Metadata of music files | |||
| Signature |
We offer you the option to link accounts from third-party services (such as Apple or Google) for integration and synchronization of your files.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Files on the cloud of the third-party service | Providing you with the functionality of the App | Performance of the contract | We do not store your data |
We offer data transfer functionality. Using Wi-Fi, you can seamlessly transfer files and photos between your computer and your iPhone or iPad—and vice versa. Please be aware that all user data is transmitted exclusively over the local network and is never uploaded to our or any other server.
To enhance your security and anonymity while using the Internet, we have integrated a VPN feature. When the VPN is enabled, your IP address will be altered. You have the option to connect to a random server or select a specific one of your choice.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Phone settings | Providing you with the functionality of the App | Performance of the contract | We store the data during t use of the App |
| IP address |
The App offers an Air Gestures mode within its video player, allowing you to control the player solely through hand gestures, without requiring touch input. Please note that upon closing the App, the Air Gestures mode will deactivate automatically. You will need to manually re-enable this feature in the video player’s settings after reopening the App.
For this feature to function, we will request access to your device’s camera. The camera will be active while the Air Gestures mode is enabled within the video player. Upon exiting the video player, the Air Gestures mode will be temporarily paused.
The Air Gestures utilizes Apple's framework technology to facilitate hand gesture recognition. The technology functions by detecting hand-raising gestures and analyzing the hand pose and the fingers' coordinates within the captured images. Apple then provides the coordinates of your fingers to the App, which processes this data to execute specific commands, such as pausing a video, etc.
Our App does not utilize your data for learning purposes. Additionally, we do not retain or back up any finger coordinates, hand gestures, or other images when the feature is on. These coordinates are processed exclusively on your device and are automatically deleted once the processing is complete.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Images from your device's camera (if the permission is granted) | Providing you with the functionality of the App | Performance of the contract | We do not store your data |
| Hand pose and gestures, fingers' coordinates in the space |
The App offers Audio/Video Transcribe feature to transcribe speech into the written text.
By default, this feature is turned off and can be enabled via the file's context menu. Upon its first use, the app downloads the AI model required for this functionality from Apple's servers. The transcription algorithm operates directly on your device, ensuring that no data is collected or transmitted externally. After the transcription process is completed, the model stops running. Additionally, any service data generated by the model during transcription is immediately erased once the App saves the text file with the transcription results (this includes the extracted audio file if you transcribe a video). The model is subsequently stored on your device and can be used again for transcribing audio or video files through the file's context menu whenever needed.
We do not utilize the user’s data for learning purposes and do not retain or back up any transcription data when the Audio/Video Transcribe feature is on.
Occasionally, the AI model may make errors in transcription, particularly with languages other than English or when the audio clarity is poor. Additionally, the model does not have restrictions on transcribing content that includes obscenities or various speech styles.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Audio stream of the audio file | Providing you with the functionality of the App | Performance of the contract | We do not store your data |
| Audio stream extracted from the video file | |||
| Analyzed transcription results (text) |
The App offers the Smart Eraser feature to remove unwanted objects from the images.
By default, this feature is turned off. Upon its first use, the App downloads the AI model required for this functionality. The algorithm operates directly on your device, ensuring that no data is collected or transmitted externally. It accesses and processes only the image you explicitly choose. Once the erasure process is completed, the model stops running. It is subsequently stored on your device and can be used again through the menu whenever needed.
The feature does not intentionally restrict the size, format, or content of the images it processes. However, there are unspecified technical limitations on the maximum allowable image size, which depend on the characteristics of a particular device and cannot always be predicted.
The output is always saved as a copy of the original file. Also, the output file format will be preserved only for jpeg, png, or heiс files. All other formats will be converted and saved as jpeg.
Occasionally, the AI model may make errors. The model is sensitive to how an object for erasing has been masked, and it tends to produce both good and bad results depending on the input.
We do not use the user’s data for learning purposes and do not retain or back up any images when the feature is on.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Image | Providing you with the functionality of the App | Performance of the contract | We do not store your data |
When you address your request for support in the App, we collect some information to help you.
We may collect your detailed log files to help you with your problem. These log files may contain sensitive personal information, such as emails, text prompts, file names, etc.
Pay attention to our practice on the log files:
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| To fulfill your support request | Performance of the contract | We store the data during communication and for six (6) years after the last communication on the ticket. | |
| Name | |||
| Type of device | |||
| Text of the request | |||
| Attached files | |||
| Logs | |||
| Privacy requests | |||
| If you contact us through our DPO mailbox, we will process your request with the help of Spark Mail. | |||
Where we have your email, we may reach out to request your feedback. Your insights are invaluable to us for enhancing the App and improving user experience.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| To ask for your feedback or suggest participation in the users' surveys | Legitimate interest | We process data in this way until you unsubscribe | |
| Data used for improvement of the App |
When you submit your feedback about the App to us directly or via third-party platforms, we process personal data in your feedback, which may include data listed below:
| Feedback Provided to us Directly | |||
|---|---|---|---|
| Data | Reasons for Processing | Lawful Basis | Data Storage |
| To respond to your feedback or clarify it and ask for your consent, as may be applicable | Consent | We store the data for six (6) years from feedback or the last communication on feedback, or until you withdraw the consent | |
| First and last name or username | To use your feedback in our product development and/or marketing activities, depending on your consent | ||
| Feedback, including text feedback, answers to the review forms, or the feedback provided orally in the meeting | |||
| Submission date | |||
| Assigned rating | |||
| Meeting records | |||
| Feedback Provided via a Third-party Platform | |||
|---|---|---|---|
| Data | Reasons for Processing | Lawful Basis | Data Storage |
| First and last name or username | To use your feedback in our product development and/or marketing activities | Legitimate interest | We store the data for two (2) years from feedback or the last communication on feedback |
| Text of the feedback | |||
| Screenshots and comments you share when providing feedback within the Beta Offerings | To use your feedback in our product development | Legitimate interest | We store the data during your use of the Beta Offering and for one (1) year after its termination |
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful bases for processing are determined by the respective privacy documents of these parties.
| Third Party | Privacy Documents |
|---|---|
| Hotspot Shield | Privacy Notice |
| Convert API | Terms and Privacy |
| Amplitude | Privacy Notice |
| Typeform | Privacy Policy |
| Dropbox | Privacy Policy |
| Google Drive | Privacy Policy |
| OneDrive | Privacy |
| Box | Privacy Notice |
| Spark | Privacy Policy |
| Apple | Privacy Policy |
We may share your personal data with third parties without causing you any harm and in strict compliance with applicable laws. Additionally, we have put in place organizational and technical measures to secure your personal data during its transfer to third parties.
To share your data, we rely on the following lawful bases, such as consent, compliance with the law, and performance of a contract, depending on the specific circumstances.
| Third Party | Description |
|---|---|
| Analytics tools | We use analytics tools to understand and promote our business. |
| Contractors | We cooperate with contractors to operate, develop, and improve the features and functionality of the App, fulfill your support requests, etc. We sign data processing agreements with them and impose various security measures to ensure your data is safe. |
| Services Documents uses | We use third-party services to provide you with the functionality of the App. |
| Services our team uses | We use CRM systems, messengers, and other services in our organization to provide you with our services. To manage and fulfill privacy requests we use: |
| State authorities, courts, law enforcement agencies, etc | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:
|
| To get a detailed list of the third-party recipients of your personal data, contact us | |
The personal data we collect is stored on the US servers, which participate in the Data Privacy Framework and European Economic Area (“EEA”) servers, which fall under the General Data Protection Regulation.
We may share personal data with the recipients in the USA and other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation. For example, we share some data with our contractors in Ukraine.
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient. If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
We routinely conduct Data Protection Impact Assessments to guarantee the implementation of adequate technical and organizational measures. These measures aim to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
To enhance the protection of your personal data, we employ HTTPS and encryption, establish segmented group and individual access (as necessary), utilize an alarm system, implement a corporate VPN, and adhere to formally approved internal policies, including those for password management and physical access.
Furthermore, we consistently monitor the state of the art of our technologies and diligently maintain backups. Additionally, all our contractors are bound by contractual obligations that comply with GDPR requirements.
You can contact us in case of any questions regarding security issues.
Here you can find information about the steps we mentioned above:
| Physical measures | |
|---|---|
| Limited access to premises | |
| Organizational measures | |
Policies and instructions
|
Transfer protection
|
| Contractor and Staff Training | Agreements
|
| Regular Access and Policy Review | Privacy Protection
|
| Code Review | |
| Technical measures | |
Encryption technologies:
|
Backup:
|
| Two-factor authentication | Stress Tests |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
As a data subject, you have the right to access, manage, and control your data either directly or by submitting a request to us. This section outlines these rights and explains how you can exercise them based on your place of residence.
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
| For EEA residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
| For UK residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns. | |
Your rights may vary depending on the state of your residency, as indicated below.
| Right | Description | Area | |
|---|---|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
|
|
| Right to correct | You can change the data if it is inaccurate or incomplete. |
|
|
| Right to delete | You can send us a request to delete your personal data from our systems. |
|
|
| Right to portability | You can request all the data you provided to us and request to transfer data to another controller. |
|
|
| Right to opt out of sales | The right to opt out of the sale of personal data to third parties. |
|
|
| Right to opt out of certain purposes | The right to opt out of processing for profiling/targeted advertising purposes. |
|
|
| Right to opt out of the processing of sensitive data | The right to opt out of the processing of sensitive data. |
|
|
| Right to opt in for sensitive data processing | The right to opt in before the processing of sensitive data |
|
|
| Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input. |
|
|
| Private right of action | The right to seek civil damages from a controller for violations of a statute. |
|
|
| To exercise your rights, contact us | |||
| We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint with the Federal Trade Commission. | |||
| Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
California residents, under the California Consumer Privacy Act (CCPA), possess the right to opt out of the "sale" of their personal information by entities governed by the CCPA.
We do not sell your personal information to anyone, nor do we use your data as a business model. Ensuring your privacy is our utmost priority, and we are dedicated to safeguarding it.
We adhere to the CCPA by providing California residents the option to opt out of any potential future sale of their personal information. If you wish to register your preference that we do not sell your data in the future, please contact us at dpo@readdle.com.
California residents using our App have the option to request that we do not automatically collect and track information related to their online browsing activities across the Internet.
These requests can usually be made via web browser settings that manage signals or other mechanisms, enabling consumers to express their preferences concerning the collection of personal data about their online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. However, we may update this Privacy Notice as our capabilities evolve.
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to delete | You can send us a request to delete your personal data from our systems. We will remove all data except what we are obliged to store in compliance with the law requirements. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object opt-out | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right not to be subject to automated decision-making | You can object to being subject to automated-based processing to know if there are consequences concerning them due to such processing. |
| Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us | |
| We will answer your request within 30 days. If your complaint is not satisfied, you can submit a complaint to the Office of the Privacy Commissioner of Canada. | |
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Please note that laws and requirements for processing personal data can evolve. In the event of changes, we will release an updated version of the Privacy Notice in our App to reflect these modifications.
If we make substantial changes to the Privacy Notice or the App that affect your data privacy rights, we will notify you by email or display information in the App and ask you to read it. You will be notified in advance, and if you continue to use the App after these changes take effect, it will be considered that you have consented to and accepted the revised Privacy Notice.