Doc2iXBRL
Privacy Policy

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data.

Last updated: January 2026

Data Controller

Doc2iXBRL is the data controller responsible for your personal data. You can contact us at:

Doc2iXBRL

The Netherlands

Email: contact@doc2ixbrl.com

Data We Collect

We collect various types of information to provide and improve our service:

Personal Information

  • Name and email address when you create an account
  • Organization name and details
  • Payment information when you subscribe (processed by our payment provider)
  • Communications when you contact us

Documents and Content

  • Financial documents you upload for conversion (PDF, DOCX)
  • Generated iXBRL output files

Usage Data

  • Log data including IP address, browser type, and access times
  • Device information and identifiers
  • How you interact with our service

How We Use Your Data

We process your personal data for the following purposes and legal bases:

Providing our service

Legal basis: Contract performance - to convert your documents to iXBRL format

Account management

Legal basis: Contract performance - to manage your account and subscriptions

Service improvement

Legal basis: Legitimate interest - to analyze usage and improve our service

Communication

Legal basis: Legitimate interest / Consent - to send service updates and marketing communications

AI Data Processing

Your documents are processed using AI technology to extract and map financial data. Important information about this processing:

  • Documents are sent to AI services via OpenRouter for analysis and concept mapping
  • AI processing is performed on secure servers with appropriate data protection agreements
  • Your documents are not used to train AI models without your explicit consent

Data Sharing

We share your data with the following third parties who help us provide our service:

Supabase (Database & Authentication)

Stores your account data, documents, and conversion results securely

OpenRouter (AI Processing)

Routes your documents to AI models for concept mapping and analysis

Vercel (Frontend Hosting)

Hosts our web application and handles content delivery

Fly.io (Backend Hosting)

Hosts our backend API and processes document conversions in the Amsterdam region

Data Retention

We retain your data for as long as necessary to provide our services:

  • Account data: Retained while your account is active and for 30 days after deletion
  • Uploaded documents: Retained for 90 days after conversion, then automatically deleted
  • Conversion results: Retained while your account is active, deleted upon account deletion

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ('right to be forgotten')

Right to Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.

Cookies

We use cookies and similar technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us provide and improve our service.

Types of Cookies We Use

  • Necessary Cookies: Essential for website functionality, authentication, and security. Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our website to improve the user experience.
  • Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and verify that our providers maintain adequate data protection standards.

Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data is encrypted in transit using TLS/SSL
  • Data at rest is encrypted using industry-standard encryption
  • Access to personal data is restricted to authorized personnel only
  • Regular security assessments and monitoring are performed

Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the 'last updated' date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: contact@doc2ixbrl.com