Last updated: 2 June 2026
1. Who we are
DocEnsure is operated by DocEnsure LLP, an Indian limited liability partnership. We provide an AI-powered document verification and fraud detection platform. In this policy, "DocEnsure," "we," "us," or "our" refers to DocEnsure LLP. "You" refers to any individual or organisation using the DocEnsure platform or submitting documents through our services.
We act as a Data Fiduciary for account holders and as a Data Processor when our customers submit third-party documents (e.g., job candidates' salary slips) for verification on their behalf.
2. What we collect
Account information
- Name, work email, organisation name, role
- Billing address and GSTIN (for paid plans)
- Authentication credentials (passwords are stored hashed using bcrypt; we never see your plaintext password)
Documents you upload
- The document files (PDF, JPG, PNG) you submit for verification
- Extracted content (text, structured fields, metadata) generated by our verification engine
- The forensic report produced for each verification
Usage data
- Login timestamps, IP addresses, browser type, and device identifiers (for security and abuse prevention)
- Pages visited and features used on the platform (to improve the product)
- Verification volume and document types submitted (for billing and analytics)
3. How we use it
We use the data we collect only for the following purposes:
- To provide the service — running our forensic checks on your documents and returning a verdict report.
- To bill and account — measuring usage against your plan, issuing invoices.
- To secure the service — detecting abuse, fraud, brute-force attempts, and platform misuse.
- To improve the product — analysing aggregate, de-identified patterns of usage. We do not train our AI models on your documents without your separate, explicit written consent.
- To communicate with you — service announcements, security notices, and (only if you opt in) product updates.
We do not sell your data. We do not share your documents with advertisers or marketing partners.
4. Storage & security
- All documents are encrypted at rest using AES-256.
- All data in transit is protected with TLS 1.3.
- Document processing happens in isolated, ephemeral containers that are destroyed after the verification completes.
- Production data is hosted on a major cloud provider in an India region (Mumbai / Hyderabad).
- Access to production systems is limited to a minimal set of engineers via SSO with mandatory MFA. All production access is logged.
See our Security & Trust page for full details of our security controls.
5. Retention
- Uploaded documents — retained for a default of 30 days after upload, then permanently deleted. Customers on paid plans may configure a shorter or longer window (up to 365 days). Enterprise customers may request immediate, post-verification deletion under their Data Processing Agreement.
- Forensic reports — retained for the lifetime of the account, since they may be needed as audit evidence. Deleted within 60 days of account closure.
- Account & billing records — retained for 7 years after account closure to comply with Indian tax and accounting laws.
- Backups — encrypted backups are kept for up to 30 days, after which they are cycled out.
6. Third parties & subprocessors
We use a small set of trusted subprocessors to operate the service. Each is bound by a data processing agreement and meets our security and confidentiality standards. Current subprocessors include cloud hosting (AWS India), email delivery, payment processing (Razorpay), and customer support tooling. We will publish the live subprocessor list on request to privacy@docensure.com.
We will disclose data only when legally required (e.g., a valid order from a court or regulator with jurisdiction over us). Where lawfully possible, we will notify the affected customer.
7. Your rights
Under the Digital Personal Data Protection Act, 2023, and other applicable laws, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correct — ask us to fix inaccurate or outdated data.
- Erase — ask us to delete your data, subject to legal retention obligations.
- Withdraw consent — at any time, for any data we process on the basis of consent.
- Nominate — appoint another person to exercise your rights in case of death or incapacity.
- Complain — raise a grievance with our Grievance Officer (see Contact) or with the Data Protection Board of India.
To exercise any of these rights, email privacy@docensure.com. We will respond within 30 days.
8. International transfers
Your data is stored and processed within India by default. We may transfer limited data (such as billing metadata for payment processing) to jurisdictions outside India only where the recipient meets the safeguards required under Indian law. No documents submitted for verification are transferred outside India without your explicit consent.
9. Cookies
We use a minimal set of cookies: a session cookie required to keep you signed in, and (with your consent) anonymous analytics cookies that help us understand which pages are useful. We do not use third-party advertising or tracking cookies.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we will notify account holders by email at least 14 days before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.
Grievance Officer
DocEnsure LLP
Email: privacy@docensure.com
General: info@docensure.com