DocFort
DocFort

Legal

Privacy Policy

Last updated March 2026.

1. Who We Are

DocFort is developed and operated by Prxxt ("we", "us", "our"). We are the data controller for personal information processed through the DocFort application.

2. What We Collect

DocFort extracts and stores text metadata only from documents you scan:

  • Full names
  • Document identification numbers (masked — typically last 4 digits)
  • Expiry and issue dates
  • Issuing authorities and jurisdictions
  • Document category classifications

What We Never Collect

Document images, photographs, biometric data, facial images, health record content, location data, usage analytics, device fingerprints, or advertising identifiers. We have zero analytics SDKs, zero crash reporters, and zero telemetry.

3. How We Collect It

When you scan a document, on-device OCR (Apple Vision) extracts text metadata directly on your iPhone or iPad. Source images are permanently destroyed at the point of extraction.

Technical Detail

During OCR processing, a temporary in-memory copy of the image exists for approximately 1–3 seconds before irreversible destruction. No copy is written to disk, transmitted, or cached. The extraction runs entirely on your device — no server is involved.

4. Lawful Basis for Processing (GDPR)

Personal use: Legitimate interest — you scan your own documents to track expiry dates (Article 6(1)(f)).

Team plans: Contract performance — processing is necessary to deliver the compliance tracking service your organization subscribes to (Article 6(1)(b)).

Where required: We obtain explicit consent where mandated by your jurisdiction.

5. How We Use Your Data

Your extracted metadata is used for:

  • Compliance tracking — monitoring document expiry dates
  • Expiry alerting — sending push notifications before documents expire
  • Sync — keeping your data consistent across your own devices via iCloud

We Never Use Your Data For

Advertising, profiling, behavioral targeting, selling to third parties, sharing with data brokers, training AI models, or any purpose beyond the document tracking service you signed up for.

6. Data Storage and Security

Your metadata is stored in one of two places:

On-device (SwiftData)

Encrypted by iOS Data Protection. Accessible only with your device passcode or biometrics.

iCloud (CloudKit)

End-to-end encrypted using per-user keys managed by Apple. Data residency follows your iCloud region settings.

DocFort has no servers. There is no DocFort database, no DocFort API, and no DocFort infrastructure that stores your data.

7. Sub-processors

DocFort uses exactly two sub-processors, both operated by Apple Inc.:

ServicePurpose
Apple CloudKitEncrypted data sync between your devices
Apple StoreKitSubscription management and payment processing

No other sub-processors are used. For the complete Data Processing Agreement, see our DPA.

8. Data Retention

Document images: Destroyed immediately at extraction. Retention period: zero.

Extracted metadata: Retained while your subscription is active or while the app is installed.

On deletion or termination: All metadata is deleted from CloudKit within 30 days. On-device data is deleted immediately when you delete the app or remove a document.

9. California Privacy Rights (CCPA)

If you are a California resident:

  • We do not sell your personal information.
  • We do not share your personal information for cross-context behavioral advertising.
  • You have the right to know what personal information we collect, request deletion, and opt out of any sale (though none occurs).
  • We will not discriminate against you for exercising your privacy rights.

10. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a structured format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interest

To exercise any right, email us (below). We will respond within 30 days.

11. Children's Privacy

DocFort is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Team Plans — Data Access Boundaries

When DocFort is used under an organization's Team plan:

  • Team admins see compliance status only — current, expiring, or expired
  • Admins cannot view document images (images are already destroyed)
  • Admins cannot access full document metadata (only status and expiry dates)
  • Each employee's document data remains on their own device

DocFort is a document expiry tracking tool. It is not compliance advice and does not guarantee regulatory compliance for any industry.

13. Changes to This Policy

We will provide at least 30 days' notice before making material changes to this policy. The "Last updated" date at the top will be revised accordingly.

14. Contact

For privacy inquiries, data requests, or questions about this policy, contact us at . We respond within 30 days.