Cookies & GDPR Policy

1. Introduction

This Cookies & GDPR Policy explains how SalesDocx ("we," "us," or "our") uses cookies and similar technologies on our website and application, and outlines our compliance with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).

This policy should be read alongside our Privacy Policy and Terms of Service, which provide more comprehensive information about how we process your personal data.

2. What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit websites. They are widely used to make websites work more efficiently, provide basic functionality such as remembering your preferences, and supply website owners with information about how the website is used.

3. How We Use Cookies

3.1 Types of Cookies We Use

In our MVP version, SalesDocx uses only essential cookies:

Essential Cookies

• Purpose: These cookies are necessary for the website and application to function properly. They enable core functionality such as security, account authentication, and remembering your session state.
• Duration: Mostly session cookies that are deleted when you close your browser, with some persistent cookies that last longer.
• Examples: Authentication cookies, session cookies, security cookies.

As essential cookies are strictly necessary for delivering the service you have requested, they do not require explicit consent under GDPR and similar regulations.

3.2 Cookie Usage in SalesDocx Application

Within our MVP application, we use essential cookies only to:

1. Maintain your authenticated session with SalesDocx
2. Secure your account by detecting unusual login attempts
3. Support the HubSpot integration functionality

These cookies are strictly necessary for the application to function properly and deliver the service you have requested.

4. HubSpot Integration and Cookies

When you connect SalesDocx to your HubSpot account:

1. We use session cookies to maintain your authenticated connection to HubSpot
2. HubSpot may set its own cookies according to its cookie policy
3. These cookies help facilitate the secure data exchange between SalesDocx and HubSpot

5. Third-Party Cookies

Our MVP version uses minimal third-party cookies:

1. Payment processors (e.g., Dodo Payments) to facilitate secure payments
2. AI service providers (e.g., OpenAI) to support our content generation functionality

These third-party cookies are essential for core application functionality.

6. Managing Cookies

6.1 Essential Cookies

We commit to transparency about our cookie usage, which is why we provide this detailed cookie policy despite only using essential cookies at this stage.

6.2 Browser Settings

Most web browsers allow you to manage cookies through their settings. You can:

• Delete existing cookies
• Block certain types of cookies
• Set preferences for certain websites
• Choose to browse in "private" mode

Please note that restricting cookies may impact the functionality of our website and application.

6.3 Browser-Specific Instructions

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Options → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Edge: Settings → Cookies and site permissions → Cookies

7. GDPR Compliance

We comply with the General Data Protection Regulation (GDPR). Here's how we ensure compliance:

7.1 Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: When you explicitly agree to the processing of your data for specific purposes
• Contractual Necessity: When processing is necessary to fulfill our contractual obligations to you
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided those interests don't override your rights and freedoms

7.2 Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of your personal data
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure: You can request deletion of your data under certain conditions
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request a copy of your data in a machine-readable format
• Right to Object: You can object to certain types of processing
• Rights Related to Automated Decision Making: You can contest fully automated decisions that affect you

To exercise these rights, please contact us at privacy@salesdocx.com.

7.3 International Data Transfers

As we are based in India providing services internationally, we transfer data outside the EEA. We ensure appropriate safeguards for these transfers through:

• Standard Contractual Clauses approved by the European Commission
• Ensuring our service providers have appropriate data protection certifications
• Processing data in countries with adequate protection as determined by the European Commission where possible

7.4 Data Protection Officer

While not required for our organization size, we have designated a person responsible for data protection matters. You can contact them at privacy@salesdocx.com.

7.5 Data Breach Notification

In case of a data breach that might pose a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach poses a high risk to your rights and freedoms, we will also notify you directly.

8. Cookie-Specific GDPR Considerations

Under GDPR, cookies that process personal data require specific attention:

• Essential cookies can be set without explicit consent as they are necessary for providing the service you request
• We document our cookie usage for audit purposes
• Our future development roadmap includes expanding cookie functionality, at which point we will implement appropriate consent mechanisms

For our MVP, we have deliberately limited our cookie usage to essential cookies only, to deliver the core functionality of SalesDocx while maintaining compliance with applicable regulations.

9. SalesDocx Application Data Processing

9.1 HubSpot Data Processing

When you use SalesDocx to process your HubSpot data:

• You remain the data controller for your HubSpot data
• SalesDocx acts as a data processor
• We only process data as necessary to provide our service
• We implement appropriate security measures to protect data during processing

9.2 Data Processing Agreement

For our EEA customers, we offer a Data Processing Agreement (DPA) that outlines our obligations as a data processor. You can request this by contacting privacy@salesdocx.com.

10. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under the age of 18, we will take steps to delete such information.

11. Future Cookie Implementation

In future versions of SalesDocx, we may introduce additional cookie functionality to enhance user experience and provide analytics capabilities. When we introduce non-essential cookies, we will:

1. Update this policy to reflect the changes
2. Implement an appropriate cookie consent mechanism
3. Provide clear options to accept or reject non-essential cookies
4. Notify existing users of changes to our cookie practices

As we evolve beyond the MVP stage, we remain committed to transparent data practices and regulatory compliance.

12. Changes to This Policy

We may update this Cookies & GDPR Policy from time to time to reflect changes in technology, regulation, or our business practices. Any changes will be posted on this page with an updated revision date. If we make significant changes, we will notify you through the application or by email.

13. Contact Us

If you have any questions about our Cookies & GDPR Policy or our data practices, please contact us:

• By email: privacy@salesdocx.com
• For GDPR-specific inquiries: privacy@salesdocx.com