D
Dossiq
Terms of Service πŸ‡ΈπŸ‡ͺ PΓ₯ svenska
Legal

Privacy Policy

Effective: February 2026 Β· Last updated: February 13, 2026

1. Who We Are

Dossiq is operated by Criterion Digital LLC, a company registered in the United States. We provide a personal document management system that helps you organize, classify, and act on your documents.

Contact: privacy@dossiq.app

Websites: dossiq.app, dossiq.io, dossiq.se

2. What Data We Collect

When you use Dossiq, we process the following categories of personal data:

2.1 Account Data

  • Name, email address, and password (hashed) when you create an account
  • Authentication tokens and session data

2.2 Uploaded Documents

  • The document files you upload (PDFs, images, etc.)
  • Text extracted from your documents via OCR (optical character recognition)
  • Metadata: file name, file size, upload date

2.3 AI-Extracted Data

If you consent to AI document analysis, the text extracted from your documents is sent to our AI provider (Anthropic, see Section 5) for classification and data extraction. The AI may extract:

  • Document category (e.g., medical, financial, vehicle)
  • Dates, amounts, names, and reference numbers found in the document
  • Suggested follow-up actions based on document content

2.4 Health Data

Some documents you upload may contain health information such as medical bills, insurance Explanations of Benefits (EOBs), lab results, or prescriptions. This is considered special category data under GDPR Article 9 and requires your explicit, separate consent before AI processing.

2.5 Third-Party Data in Your Documents

Documents you upload may contain personal data about other people β€” family members' names, healthcare providers, employers, etc. By uploading these documents, you confirm that you have a lawful basis for sharing this information with Dossiq (for example, it relates to your own records or you have the relevant person's permission).

3. How We Use Your Data

  • To provide the Dossiq service: storing, organizing, and displaying your documents
  • To perform OCR text extraction so your documents are searchable
  • To classify documents and extract structured data using AI (with your consent)
  • To suggest actions based on document content, such as creating tasks or linking to modules (with your consent)
  • To authenticate you and maintain your account
  • To respond to your support requests

4. Legal Basis for Processing

Contract performance (GDPR Art. 6(1)(b)): Account creation, document storage, OCR extraction β€” these are necessary to provide the service you signed up for.

Consent (GDPR Art. 6(1)(a)): AI document analysis and classification. You choose whether to enable this during registration or when uploading your first document. You can withdraw consent at any time.

Explicit consent (GDPR Art. 9(2)(a)): Processing of health-related document data. This requires a separate, specific consent that you can grant or withdraw independently.

5. Who Has Access to Your Data

Your data is processed by the following service providers acting as data processors on our behalf:

  • Microsoft Azure (United States) β€” Cloud hosting, database, file storage, and OCR processing
  • Anthropic (United States) β€” AI document analysis via the Claude API. Document text is sent for analysis and is not stored by Anthropic for model training
  • Cloudflare (United States) β€” DNS management and, if you enable email ingestion, email routing

We do not sell, rent, or share your personal data with any other third parties. We do not use your data for advertising.

6. International Data Transfers

Dossiq's infrastructure is hosted in the United States (Azure East US 2 region). If you are located in the EU/EEA (including Sweden), your personal data is transferred to the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

7. How Long We Keep Your Data

  • Your documents and account data are kept for as long as your account is active
  • If you delete a document, it is removed from our storage within 30 days
  • If you delete your account, all your data (documents, extracted text, AI analyses, linked records) is permanently deleted within 30 days
  • Consent records are retained for the duration required to demonstrate compliance, even after account deletion

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of all data we hold about you
  • Rectification: Correct inaccurate data (you can edit most data directly in Dossiq)
  • Erasure: Request deletion of your account and all associated data
  • Portability: Receive your data in a machine-readable format
  • Withdraw consent: Turn off AI processing or health data processing at any time without affecting the rest of the service
  • Lodge a complaint: You have the right to file a complaint with your local data protection authority. For Swedish users, this is Integritetsskyddsmyndigheten (IMY), imy.se

To exercise any of these rights, contact us at privacy@dossiq.app. For account deletion during the beta period, we will process your request manually within 7 days.

9. Security

We take the security of your data seriously:

  • All connections use HTTPS/TLS encryption
  • Data is encrypted at rest in Azure (database and file storage)
  • Passwords are hashed using bcrypt
  • API keys and secrets are stored securely in Azure App Settings, not in code
  • Each user can only access their own data β€” strict per-user data isolation

10. Automated Decision-Making

Dossiq uses AI to classify documents and suggest actions. However, no automated decisions with legal or significant effects are made without your explicit confirmation. Every AI-suggested action (such as creating a record or linking a document to a module) requires you to review and click "Confirm" before anything is created. You are always in control.

11. Beta Service Notice

Dossiq is currently in closed beta. This privacy policy may be updated as the service evolves. If we make material changes that affect how your data is processed, we will notify you via email or in-app notification and, where required, request renewed consent.

12. Contact

For privacy-related questions or to exercise your data rights:

Email: privacy@dossiq.app

Company: Criterion Digital LLC

Β© 2026 Criterion Digital LLC. All rights reserved.
Privacy Terms Home