Privacy Policy
Last updated: Jun 2025
Data Collection
We collect only the information you explicitly provide to us. This includes: (a) Account information (username, email, profile details); (b) Records and documents you upload or create (text, images, PDFs, audio recordings); (c) Usage data to improve our service (app interactions, feature usage, error logs); (d) Device information for security and optimization. We never collect data from external sources without your explicit consent.
Data Usage & Processing
Your data is used exclusively to provide and improve our record management service. We: (a) Store and organize your records for easy access; (b) Process documents through AI services (when you use extraction features); (c) Analyze usage patterns to improve app performance; (d) Ensure security and prevent unauthorized access. We do not use your records for advertising, profiling, or any commercial purposes beyond providing our service.
Data Storage & Security
Your records are protected by enterprise-grade security measures: (a) AES-256 encryption for data at rest; (b) TLS 1.3 encryption for data in transit; (c) Multi-factor authentication for account access; (d) Regular security audits and penetration testing; (e) Geographically distributed backups with encryption; (f) SOC 2 Type II compliant infrastructure. Your data is stored in secure, certified data centers with 24/7 monitoring.
Data Sharing & Third Parties
We never sell your personal data. Limited sharing occurs only for essential service functions: (a) Family members you explicitly authorize through family groups; (b) AI processing services (OpenAI for Global region, Aliyun for China region) when you use extraction features; (c) Cloud storage providers for data backup and delivery; (d) Legal authorities when required by law or valid legal process. All third-party processors are bound by strict data protection agreements.
AI Processing & Third-Party Services
When you use AI extraction features, your document content is processed by authorized AI services: (a) OpenAI (for Global region users) - data is processed in accordance with OpenAI's enterprise privacy terms; (b) Aliyun (for China region users) - data is processed within Chinese data centers under local privacy laws; (c) Processing occurs only when you explicitly request AI extraction; (d) AI services do not retain your data after processing; (e) You can opt out of AI features at any time in settings.
Data Residency & Regional Compliance
Your data location depends on your selected region: (a) Global region: Data stored in US/EU data centers with GDPR compliance; (b) China region: Data stored exclusively within Chinese mainland under local privacy laws; (c) Data regions are completely isolated - no cross-border data transfers; (d) You can choose your region during registration; (e) Regional compliance includes GDPR (EU), CCPA (California), PIPL (China), and other applicable laws.
Data Retention & Deletion
We retain your data only as long as necessary: (a) Active accounts: Data retained while account is active and 30 days after deletion request; (b) Deleted records: Permanently removed within 30 days; (c) Account deletion: All data permanently removed within 30 days; (d) Legal holds: Data may be retained longer if required by law; (e) Backups: Encrypted backups are automatically deleted after 90 days. You can request immediate data deletion by contacting support.
Your Privacy Rights
You have comprehensive control over your data: (a) Access: Download all your data in standard formats anytime; (b) Correction: Edit or update any of your information; (c) Deletion: Delete individual records or your entire account; (d) Portability: Export your data to take elsewhere; (e) Restriction: Limit how we process your data; (f) Objection: Opt out of AI processing or data usage; (g) Complaint: Report privacy concerns to supervisory authorities. Most rights can be exercised directly in the app.
Family Groups & Shared Data
Family group features require careful privacy considerations: (a) Only you can add family members using invite codes; (b) Family members can view and manage shared records; (c) Each family member must accept our privacy terms; (d) You can revoke family access at any time; (e) Family members cannot access your account credentials; (f) Shared data remains encrypted and secure; (g) Family sharing is optional and can be disabled anytime.
Security Measures & Incident Response
We maintain comprehensive security protocols: (a) Multi-layer encryption for all data; (b) Regular security audits and vulnerability assessments; (c) Employee security training and background checks; (d) Intrusion detection and monitoring systems; (e) Incident response plan with 24-hour notification; (f) Regular security updates and patches; (g) Zero-trust network architecture. In case of any security incident, affected users are notified within 72 hours.
Legal Compliance & Certifications
We comply with international privacy standards: (a) GDPR (European Union); (b) CCPA and CPRA (California); (c) PIPL (China); (d) PIPEDA (Canada); (e) Privacy Act (Australia); (f) SOC 2 Type II certification; (g) ISO 27001 information security standards; (h) Regular compliance audits and updates. Our legal team monitors evolving privacy laws to ensure ongoing compliance.
Children's Privacy
We take children's privacy seriously: (a) Our service is not directed to children under 13; (b) We do not knowingly collect data from children under 13; (c) Parental consent is required for users 13-17; (d) Parents can review and delete their child's data anytime; (e) Special protections apply for family group access involving minors; (f) Educational use requires school district approval. If we discover we have collected data from a child under 13, we will delete it immediately.
Privacy Contact & Support
For privacy questions or to exercise your rights: (a) Email: privacy@pouchly.online; (b) Data requests: data-requests@pouchly.online; (c) Security issues: security@pouchly.online; (d) General support: support@pouchly.online. We respond to privacy requests within 30 days (or faster when required by law). For urgent security matters, we provide 24-hour response.
This privacy policy is reviewed and updated regularly to reflect changes in our practices and applicable laws. Significant changes will be communicated through in-app notifications and email. Your continued use of the service constitutes acceptance of the updated policy. Last reviewed: January 2025.