DocuFlag is a document compliance assistant for immigration professionals, not an immigration advisory service. Consulate requirements may change. Always verify with official sources.
DocuFlag

Privacy Policy

Last updated: March 2026

1. Who we are

DocuFlag is a document compliance assistant for immigration professionals, operated by [TODO: Legal entity name, e.g. “DocuFlag Ltd”], registered in England and Wales ([TODO: company number]), with registered address at [TODO: address]. This privacy policy explains how we collect, use, and protect information when you use our service.

Data Protection Officer: Given the nature and scale of our processing, we are not required to appoint a Data Protection Officer under Article 37 UK GDPR. Our processing of special category data (passport photographs) is transient and incidental to our core service, not a core activity involving large-scale processing. For data protection enquiries, contact: [email protected]

2. What we collect

Account data: Your email address and organization name.

Stored locally in your browser: Case metadata (destination, dates, trip purpose), document files, checklist items, AI analysis results, and cross-document check results. This data is stored locally only and never stored on DocuFlag servers. During analysis, documents transit through our EU-hosted server in-memory only.

Audit trail: Timestamps and action types (e.g. “document.analyzed”) for accountability. No PII in audit records.

Payment data: Processed by Stripe. We do not store credit card numbers.

Optional E2EE cloud storage: If you enable cloud storage (available on Professional, Agency, and Enterprise plans only; disabled by default), case data is encrypted client-side using AES-256-GCM before upload. Our servers store only encrypted blobs and encrypted key material — DocuFlag cannot decrypt your data. Encrypted blobs are stored on AWS S3 in an EU region (eu-west-1 or eu-central-1). This is entirely separate from the analysis flow, which remains TLS-encrypted in-memory transit as described above.

3. What we do NOT collect

  • Original document files (these stay in your browser)
  • Client names, passport numbers, or account numbers
  • Raw document text or images
  • We do not store biometric data or passport photographs. These are processed transiently by OpenAI's EU infrastructure with zero data retention.
  • Even with optional E2EE cloud storage enabled, DocuFlag cannot access or decrypt your case data — the server stores only encrypted blobs and encrypted key material

4. How documents are processed

When you add a document, it is stored locally in your browser (IndexedDB). When you trigger analysis, the document is sent from your browser to our EU-hosted analysis server, which forwards it to OpenAI's EU endpoint (eu.api.openai.com) for AI analysis. Documents are processed in-memory and never stored — not by our server, and not by OpenAI.

The AI returns structured analysis results (field extractions and compliance observations). These results are returned to your browser and stored locally (IndexedDB) — they are not sent to DocuFlag's servers. You can verify this using your browser's developer tools (Network tab).

5. Third-party processors

OpenAI (EU endpoint): We use OpenAI's EU-hosted API (GPT-5) for document analysis. Documents are forwarded from our EU-hosted analysis server to eu.api.openai.com. OpenAI operates this endpoint with zero data retention — API requests and responses are not stored at rest on OpenAI's servers and are not used for model training. We have a Data Processing Agreement (DPA) and Zero Data Retention amendment with OpenAI.

Stripe: Handles payment processing. Subject to Stripe's own privacy policy. We do not access or store your full payment details.

AWS (Amazon Web Services EMEA SARL, EU): If you enable optional E2EE cloud storage, encrypted blobs are stored on AWS S3 in an EU region (eu-west-1 or eu-central-1). AWS stores only encrypted data and cannot decrypt it. Subject to AWS's GDPR Data Processing Addendum.

6. Legal basis for processing (GDPR)

We process your account data and case metadata on the basis of contract performance (Article 6(1)(b) GDPR) — processing is necessary to provide the service you subscribed to.

For special category data (passport photographs that may contain biometric data), the legal basis is explicit consent (Article 9(2)(a) GDPR). As the data controller, you (the visa agency) are responsible for obtaining this consent from the visa applicant before adding their passport for analysis.

7. Data Processing Agreement

If you use DocuFlag as a data processor on behalf of your clients, our Data Processing Agreement (GDPR Article 28) governs the processing relationship. We have also conducted a Data Protection Impact Assessment (GDPR Article 35) covering the risks and safeguards associated with AI-powered document analysis.

8. Data retention

  • Account data: retained until you delete your account
  • Case data (metadata, analysis results, documents): stored locally in your browser until you delete the case or clear browser data. You can use the encrypted backup feature to transfer data between devices
  • Audit trail: retained for up to 6 years (professional record-keeping requirement)
  • Original documents: never stored — they transit through our EU analysis server in-memory only
  • Encrypted cloud storage blobs (if enabled): retained for a maximum of 180 days, then automatically deleted. You can delete your cloud data at any time before expiry

9. Your rights

Under GDPR, you have the right to: access your data, rectify inaccuracies, erase your data, restrict processing, data portability, and object to processing. To exercise any of these rights, contact us at the address below.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EU/EEA, you may contact the supervisory authority in your Member State of residence.

10. Cookies

We use only strictly necessary cookies for session management and authentication. We do not use analytics cookies, marketing cookies, or third-party tracking.

11. EU/EEA representative

As DocuFlag is established in the United Kingdom, we have appointed an EU representative in accordance with GDPR Article 27: [TODO: EU representative name and contact details, e.g. via a service like GDPR-Rep.eu or DataRep.com].

12. Contact

For privacy-related inquiries, contact: [email protected]

[TODO: Physical address]