Data Controller

Ontos B.V. (operating Doc2iXBRL) is the data controller responsible for your personal data. You can contact us at:

Ontos B.V.

Middelburg, The Netherlands

CoC: 42011303

VAT: NL869277571B01

Email: contact@doc2ixbrl.com

Data We Collect

We collect various types of information to provide and improve our service:

Personal Information

Name and email address when you create an account
Organization name and details
Payment information when you subscribe (processed by our payment provider)
Communications when you contact us

Documents and Content

Financial documents you upload for conversion (PDF, DOCX)
Generated iXBRL output files

Usage Data

Log data including IP address, browser type, and access times
Device information and identifiers
How you interact with our service

How We Use Your Data

We process your personal data for the following purposes and legal bases:

Providing our service

Legal basis: Contract performance - to convert your documents to iXBRL format

Account management

Legal basis: Contract performance - to manage your account and subscriptions

Service improvement

Legal basis: Legitimate interest - to analyze usage and improve our service

Communication

Legal basis: Legitimate interest / Consent - to send service updates and marketing communications

AI Data Processing

Your documents are processed using AI technology to extract and map financial data. Important information about this processing:

Document content may be shared with selected AI and OCR providers strictly as needed to extract text, analyze document structure, and suggest taxonomy mappings
The specific providers we use may change over time. Detailed provider information, sub-processor details, and transfer safeguards are available on request
Where processing involves providers outside the EEA, we rely on contractual and technical safeguards appropriate to the transfer
We do not use your documents or generated output to train our own models, and product-improvement review stays off unless you or your workspace have enabled it

Data Sharing

We share your data with categories of service providers that help us operate the service:

Infrastructure, hosting, and content delivery providers

Run the web application, backend services, and secure network delivery

Authentication, database, and encrypted storage providers

Store account records, uploaded documents, and conversion results

AI and OCR providers

Support text extraction, document analysis, and taxonomy mapping

Payment and billing providers

Process payments, invoices, and related transactional records where applicable

Development and operational tooling providers

Support source code hosting, monitoring, and internal service operations

Data Retention

We retain data only as long as needed to provide the service, meet legal obligations, and support secure recovery processes:

Account data: Retained while your account is active and generally for up to 30 days after account deletion or contract termination, unless longer retention is required by law
Uploaded documents: Retained while your account is active and deleted within 30 days of account deletion or contract termination, subject to limited backup retention and recovery windows. You may delete individual documents through the Service
Conversion results: Retained while your account is active and deleted on the same schedule as the related account or workspace, subject to limited backup retention

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ('right to be forgotten')

Right to Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.

Cookies

We use cookies and similar technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us provide and improve our service.

Types of Cookies We Use

Necessary Cookies: Essential for website functionality, authentication, and security. Cannot be disabled.
Analytics Cookies: Help us understand how visitors use our website to improve the user experience.
Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

International Data Transfers

Some service providers may process data outside the European Economic Area (EEA). We aim to keep primary hosting and storage in the EU, but some limited processing or support activities may involve non-EEA transfers.

Where non-EEA transfers occur, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards and can provide further detail on request.

Security

We implement appropriate technical and organizational measures to protect your personal data:

All data is encrypted in transit using TLS/SSL
Data at rest is encrypted using industry-standard encryption
Access to personal data is restricted to authorized personnel only
Regular security assessments and monitoring are performed

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the 'last updated' date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact Ontos B.V.: