Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction

This Privacy Policy explains how Malex Software SRL ("Company", "we", "us", or "our") collects, uses, and protects information when you use Dokkio ("Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for EU users.

2. Company Information

Data Controller:

Malex Software SRL

Str. Fedra, 27

Timis, Romania

Contact: contact@malexsoftware.ro

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address (for account creation and authentication)
  • Organization name (for account management)
  • API usage data (for service provision and billing)

3.2 Email Processing Data

Important: Dokkio processes business email content for data extraction purposes only. We do not process personal data under GDPR.

Email content we process includes:

  • Email headers (sender, recipient, subject, timestamp)
  • Email body content (for data extraction according to your schemas)
  • Extracted structured data (delivered to your webhooks)

3.3 Technical Information

  • IP addresses (for security and rate limiting)
  • API request logs (for service monitoring and support)
  • Browser and device information (for web interface optimization)

4. How We Use Information

4.1 Service Provision

  • Processing emails according to your extraction schemas
  • Delivering extracted data via webhooks
  • Managing your account and API access
  • Providing customer support

4.2 Service Improvement

  • Monitoring service performance and reliability
  • Analyzing usage patterns to improve our service
  • Detecting and preventing abuse or unauthorized access

4.3 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Protecting our rights and the rights of our users

5. Data Retention

5.1 Email Content

Email content is retained for a user-configurable period from none to 7 days, then automatically deleted.

5.2 Other Data

  • Webhook Logs: Retained for up to 1 day for retry purposes, then automatically deleted
  • Account Data: Retained while your account is active
  • API Logs: Retained for 30 days for security and support purposes
  • Billing Records: Retained as required by Romanian law (when paid plans are introduced)

6. Data Sharing

6.1 Third-Party Services

We use the following third-party services to operate Dokkio:

  • DigitalOcean and AWS: Cloud hosting and infrastructure services
  • MongoDB: Database services for storing account and configuration data

These service providers have access to information only as necessary to perform their services and are bound by confidentiality agreements.

6.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to the same privacy protections.

7. Your Rights (GDPR)

If you are located in the European Union, you have the following rights regarding your personal data:

7.1 Access and Portability

  • Right to access your personal data
  • Right to receive your data in a portable format

7.2 Correction and Deletion

  • Right to correct inaccurate personal data
  • Right to request deletion of your personal data
  • Right to restrict processing of your personal data

7.3 Objection and Withdrawal

  • Right to object to processing of your personal data
  • Right to withdraw consent (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at contact@malexsoftware.ro.

8. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure coding practices and vulnerability management
  • Employee training on data protection and security

While we strive to protect your information, no system is completely secure. We cannot guarantee absolute security of your data.

9. International Data Transfers

Your information may be processed and stored outside of your country of residence, including in countries that may have different data protection laws.

When we transfer personal data from the EU to other countries, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

10. Children's Privacy

Our Service is intended for business use and is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Company: Malex Software SRL

Address: Str. Fedra, 27, Timis, Romania

Email: contact@malexsoftware.ro

Website: https://dokkio.io