Legal
Data Processing Agreement
GDPR Article 28 compliant. Last updated March 2026.
1. Definitions
Controller: The organization or individual subscribing to DocFort Team plans ("Customer").
Processor: Prxxt ("DocFort"), the developer and operator of the DocFort application.
Personal Data: Any information relating to an identified or identifiable natural person processed through DocFort.
Sub-processor: A third party engaged by the Processor to process Personal Data on behalf of the Controller.
2. Subject Matter and Duration
Processing occurs during the active subscription period. DocFort processes extracted text metadata only — source document images are permanently destroyed at the point of extraction and cannot be recovered.
3. Nature and Purpose of Processing
Extracting text metadata (names, document numbers, expiry dates, issuing authorities) from document images uploaded by Data Subjects, for the purpose of compliance tracking and expiry alerting within the Controller's organization.
4. Types of Personal Data Processed
- Full names
- Document identification numbers (masked — last 4 digits in most cases)
- Expiry and issue dates
- Issuing authorities and jurisdictions
- Document category classifications
Explicitly Excluded
Biometric data, facial images, full document photographs, and health records content are never stored, transmitted, or processed beyond the initial on-device OCR extraction. Images are permanently destroyed immediately.
5. Categories of Data Subjects
Employees, contractors, and authorized personnel of the Controller.
6. Sub-processors
DocFort engages the following sub-processors. This is the complete list — no analytics SDKs, crash reporting services, or third-party data processors are used.
| Sub-processor | Service | Purpose |
|---|---|---|
| Apple Inc. | CloudKit | Encrypted data sync and storage between user devices |
| Apple Inc. | App Store / StoreKit | Subscription management and payment processing |
7. Processor Obligations
- Process Personal Data only on documented instructions from the Controller
- Ensure persons authorized to process have committed to confidentiality
- Implement appropriate technical and organizational security measures
- Assist the Controller with Data Subject Access Requests (DSARs)
- Delete all Personal Data upon termination of the subscription
- Make available all information necessary to demonstrate compliance
8. Technical and Organizational Measures
On-device processing
OCR runs locally on the user's device. Document images never leave the phone.
End-to-end encryption
All synced data is encrypted via Apple CloudKit using per-user keys.
Irreversible image destruction
Source images are permanently destroyed at the point of metadata extraction. No recovery is possible.
No third-party data sharing
DocFort does not share, sell, or transmit Personal Data to any third party beyond the listed sub-processors.
9. Data Breach Notification
DocFort will notify the Controller of any Personal Data breach within 48 hours of becoming aware (stricter than GDPR's 72-hour requirement).
10. Audit Rights
The Controller may request documentation of DocFort's technical and organizational measures. DocFort will provide evidence of compliance within 30 days of a written request.
11. Data Deletion and Return
Upon termination of the subscription, all metadata is deleted from CloudKit within 30 days. Document images have already been destroyed at the point of extraction — there is nothing to return.
12. Governing Law
This Agreement is governed by the laws of the Controller's jurisdiction (US state law or EU member state, as applicable).
Questions?
For DPA inquiries or to request a signed copy, contact us at .