Legal

Privacy Policy

Effective: February 2026 · Last updated: February 13, 2026

1. Who We Are

Dossiq is operated by Criterion Digital LLC, a company registered in the United States. We provide a personal document management system that helps you organize, classify, and act on your documents.

Contact: privacy@dossiq.app

Websites: dossiq.app, dossiq.io, dossiq.se

2. What Data We Collect

When you use Dossiq, we process the following categories of personal data:

2.1 Account Data

Name, email address, and password (hashed) when you create an account
Authentication tokens and session data

2.2 Uploaded Documents

The document files you upload (PDFs, images, etc.)
Text extracted from your documents via OCR (optical character recognition)
Metadata: file name, file size, upload date

2.3 AI-Extracted Data

If you consent to AI document analysis, the text extracted from your documents is sent to our AI provider (Anthropic, see Section 5) for classification and data extraction. The AI may extract:

Document category (e.g., medical, financial, vehicle)
Dates, amounts, names, and reference numbers found in the document
Suggested follow-up actions based on document content

2.4 Health Data

Some documents you upload may contain health information such as medical bills, insurance Explanations of Benefits (EOBs), lab results, or prescriptions. This is considered special category data under GDPR Article 9 and requires your explicit, separate consent before AI processing.

2.5 Third-Party Data in Your Documents

Documents you upload may contain personal data about other people — family members' names, healthcare providers, employers, etc. By uploading these documents, you confirm that you have a lawful basis for sharing this information with Dossiq (for example, it relates to your own records or you have the relevant person's permission).

3. How We Use Your Data

To provide the Dossiq service: storing, organizing, and displaying your documents
To perform OCR text extraction so your documents are searchable
To classify documents and extract structured data using AI (with your consent)
To suggest actions based on document content, such as creating tasks or linking to modules (with your consent)
To authenticate you and maintain your account
To respond to your support requests

4. Legal Basis for Processing

Contract performance (GDPR Art. 6(1)(b)): Account creation, document storage, OCR extraction — these are necessary to provide the service you signed up for.

Consent (GDPR Art. 6(1)(a)): AI document analysis and classification. You choose whether to enable this during registration or when uploading your first document. You can withdraw consent at any time.

Explicit consent (GDPR Art. 9(2)(a)): Processing of health-related document data. This requires a separate, specific consent that you can grant or withdraw independently.

5. Who Has Access to Your Data

Your data is processed by the following service providers acting as data processors on our behalf:

Microsoft Azure (United States) — Cloud hosting, database, file storage, and OCR processing
Anthropic (United States) — AI document analysis via the Claude API. Document text is sent for analysis and is not stored by Anthropic for model training
Cloudflare (United States) — DNS management and, if you enable email ingestion, email routing

We do not sell, rent, or share your personal data with any other third parties. We do not use your data for advertising.

6. International Data Transfers

Dossiq's infrastructure is hosted in the United States (Azure East US 2 region). If you are located in the EU/EEA (including Sweden), your personal data is transferred to the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

7. How Long We Keep Your Data

Your documents and account data are kept for as long as your account is active
If you delete a document, it is removed from our storage within 30 days
If you delete your account, all your data (documents, extracted text, AI analyses, linked records) is permanently deleted within 30 days
Consent records are retained for the duration required to demonstrate compliance, even after account deletion

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Access: Request a copy of all data we hold about you
Rectification: Correct inaccurate data (you can edit most data directly in Dossiq)
Erasure: Request deletion of your account and all associated data
Portability: Receive your data in a machine-readable format
Withdraw consent: Turn off AI processing or health data processing at any time without affecting the rest of the service
Lodge a complaint: You have the right to file a complaint with your local data protection authority. For Swedish users, this is Integritetsskyddsmyndigheten (IMY), imy.se

To exercise any of these rights, contact us at privacy@dossiq.app. For account deletion during the beta period, we will process your request manually within 7 days.

9. Security

We take the security of your data seriously:

All connections use HTTPS/TLS encryption
Data is encrypted at rest in Azure (database and file storage)
Passwords are hashed using bcrypt
API keys and secrets are stored securely in Azure App Settings, not in code
Each user can only access their own data — strict per-user data isolation

10. Automated Decision-Making

Dossiq uses AI to classify documents and suggest actions. However, no automated decisions with legal or significant effects are made without your explicit confirmation. Every AI-suggested action (such as creating a record or linking a document to a module) requires you to review and click "Confirm" before anything is created. You are always in control.

11. Beta Service Notice

Dossiq is currently in closed beta. This privacy policy may be updated as the service evolves. If we make material changes that affect how your data is processed, we will notify you via email or in-app notification and, where required, request renewed consent.

12. Contact

For privacy-related questions or to exercise your data rights:

Email: privacy@dossiq.app

Company: Criterion Digital LLC