Privacy Policy
Last updated: 9 March 2026
1. Data Controller
OpenDocs is operated by Grupo Barrdega. For privacy matters, contact us at support@opendocs.cloud. We are the data controller for personal data processed through this website and the OpenDocs platform (Art. 13(1)(a) GDPR).
2. Data We Collect
We collect the following categories of personal data:
- Account data: name, email address, password (hashed), and profile information you provide when registering.
- Billing data: payment method details and billing address, processed by Stripe. We do not store full card numbers.
- Usage data: pages visited, features used, browser type, operating system, and referring URLs, collected via server-side logs and (with your consent) analytics tools.
- Support data: messages you send us via email or support channels.
- Technical data: IP address, session identifiers, and browser preferences (e.g. theme preference stored in localStorage).
3. Lawful Basis for Processing (Art. 6 GDPR)
We process your personal data on the following legal bases:
- Contract (Art. 6(1)(b)): processing your account data and billing information to deliver the services you subscribed to.
- Legitimate interests (Art. 6(1)(f)): server-side logs for security, abuse prevention, and service reliability. We balance these interests against your rights.
- Consent (Art. 6(1)(a)): analytics cookies and any optional marketing communications. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): retaining billing records as required by applicable tax law.
4. How We Use Your Data
- To create and manage your account and deliver the OpenDocs service.
- To process payments and manage your subscription via Stripe.
- To send transactional emails (account confirmations, billing receipts, password resets).
- To provide aggregate analytics to Pro plan users about their published documentation.
- To respond to support requests and communicate with you about your account.
- To detect, investigate, and prevent security incidents and abuse.
- To comply with legal obligations.
5. Third-Party Service Providers and International Transfers
We share data only with processors who help us operate the service. All are bound by data processing agreements. Some are located outside the EEA; where this is the case, transfers rely on the EU Standard Contractual Clauses (SCCs) or an adequacy decision.
| Provider | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Microsoft Azure | Hosting & infrastructure | United States / EU regions | SCCs / adequacy |
| Stripe | Payment processing | United States | SCCs |
We do not sell your personal data to third parties.
6. Cookies and Local Storage
This website uses browser localStorage (not HTTP cookies) for functional purposes. No data is transmitted to third-party servers by these items. Analytics are only loaded after you give explicit consent via the banner below.
| Name | Type | Purpose | Duration | Consent required? |
|---|---|---|---|---|
theme | localStorage | Remembers your light/dark mode preference | Persistent (until cleared) | No — functional |
cookie-consent | localStorage | Stores your cookie consent choice | Persistent (until cleared) | No — strictly necessary |
7. Data Retention
- Account data: retained for as long as your account is active. Deleted within 30 days of account closure, except where legally required to retain longer.
- Billing records: retained for 7 years to comply with tax regulations.
- Server logs: retained for up to 90 days for security purposes, then deleted.
- Support communications: retained for 2 years, then deleted unless legally required otherwise.
8. Your Rights (Art. 13(2)(b–d) GDPR)
You have the following rights regarding your personal data:
- Access (Art. 15): request a copy of the data we hold about you.
- Rectification (Art. 16): request correction of inaccurate or incomplete data.
- Erasure (Art. 17): request deletion of your data (“right to be forgotten”).
- Restriction (Art. 18): request that we restrict processing of your data.
- Data portability (Art. 20): receive your data in a structured, machine-readable format.
- Objection (Art. 21): object to processing based on legitimate interests.
- Withdraw consent (Art. 7(3)): withdraw any previously given consent at any time without affecting prior processing.
- Lodge a complaint (Art. 77): you have the right to lodge a complaint with your national supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
To exercise any of these rights, email support@opendocs.cloud. We will respond within 30 days.
9. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR).
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we continuously work to improve our protections.
11. Children
Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have done so inadvertently, contact us to have it deleted.
12. Changes to This Policy
We may update this policy. We will post the new version here with an updated “Last updated” date and notify you of material changes by email or in-app notice at least 30 days before they take effect.
13. Contact
For any questions or to exercise your rights: support@opendocs.cloud