Privacy Policy
Last updated: May 6, 2026
1. Data Controller
Spectrum Flare sp. z o.o. is the data controller for personal data processed through DocsAura. For privacy inquiries, contact us at [email protected].
2. What Data We Collect
Account data
- Email address and name (provided at signup)
- Workspace name and settings
- Authentication credentials (used to verify your identity and maintain your session)
Content data
- Text, files, images, and other content you provide to create a document
- Documents created through the Service
- Brand profiles (logos, colours, fonts) you configure
Usage data
- Document view counts and creation timestamps
- Technical information necessary to operate and secure the Service (e.g. IP address, browser type)
Payment data
- Subscription and billing identifiers needed to manage your plan
- We do not store credit card numbers, CVVs, or bank details — these are handled entirely by our payment processor
3. How We Use Your Data
- To generate, store, and serve your documents
- To authenticate you and maintain your account
- To process payments and manage subscriptions
- To send transactional emails (account, billing, service notices)
- To detect and prevent fraud, abuse, and security incidents
- To improve the Service using aggregated, non-identifiable analytics
- To send you product updates, tips, new feature announcements, and other communications about DocsAura — at the email address you provide and through other channels you have used to interact with us. You may opt out of marketing communications at any time using the unsubscribe link in any marketing email or by emailing [email protected]. Transactional and service emails (account, billing, security) cannot be opted out of while your account is active.
- To analyse the data you submit through the Service (including documents, prompts, uploaded files, and brand profiles) on an aggregated, anonymised basis, in order to improve the Service, develop new features, and produce marketing examples and case studies that do not identify you or your customers.
4. Legal Basis (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service you signed up for
- Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, abuse detection, service improvement, and direct marketing of our own products and services to existing and registered users (per GDPR Recital 47). You may object to this processing at any time, free of charge, and we will stop using your data for direct marketing.
- Legal obligation (Art. 6(1)(c)) — tax and accounting requirements
- Consent (Art. 6(1)(a)) — non-essential cookies and any marketing channels for which consent is specifically required (e.g. SMS or third-party advertising pixels).
5. Third-Party Data Sharing
We share your data with the following categories of provider, solely to operate the Service:
| Provider category |
Data shared |
Purpose |
| AI processing provider |
Content you submit for document creation |
AI document generation |
| Hosting and infrastructure providers |
Account data, documents, request data |
Hosting, storage, security, and content delivery |
| Payment processor |
Email, name, subscription identifiers |
Payment processing and billing |
| Marketing & analytics providers |
Limited technical and interaction data; account email and name where used for direct-marketing communications |
Direct marketing of our own products and services, ad measurement, and retargeting |
| Transactional email provider |
Email address, account-related content |
Sending account and billing notifications |
We do not sell your personal data. Third-party advertising and analytics pixels (e.g. Meta, LinkedIn, Google Ads) receive data only with your consent, which you can refuse or withdraw at any time via the "Manage cookies" link in the footer. Direct marketing communications sent by us using the contact details you provide are processed on a legitimate-interest basis (see Section 4) and you may opt out at any time.
6. Marketing & Analytics
If you grant consent via our cookie banner, DocsAura uses third-party advertising and analytics providers. With your consent, a limited set of data (such as IP address, browser/device information, the page you are viewing, and key actions) is shared with those providers so we can:
- Measure which marketing campaigns lead to signups and document creation
- Show DocsAura ads to people who have previously visited our site
- Build aggregated audience insights to improve our advertising
The legal basis for this processing is your consent (GDPR Art. 6(1)(a)). You may grant, refuse, or withdraw consent at any time. Without consent, no data is shared with these providers. See our Cookies Policy for more.
7. International Transfers
Some providers process data outside the European Economic Area, including in the United States. These transfers rely on Standard Contractual Clauses (SCCs) or other GDPR-compliant transfer mechanisms maintained by each provider.
8. Data Retention
- Documents: retained as long as your account is active, or until you delete them
- Account data: retained while your account exists; deleted within 30 days of an account deletion request
- Payment records: retained as required by Polish tax law (5 years)
- Operational logs: retained only as long as necessary to operate and secure the Service, and then deleted
- Marketing consent records: retained until consent is withdrawn or your account is deleted
9. Your Rights (GDPR)
You have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — request we limit how we process your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, at any time without affecting past processing
To exercise any of these rights, email [email protected]. We will respond within 30 days. We may ask you to verify your identity before acting on your request.
You also have the right to lodge a complaint with the Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.
10. Cookies
DocsAura uses three categories of cookies and similar technologies:
| Category | Purpose | Consent required? |
|---|
| Necessary |
Authentication, session management, remembering your consent choice, and security |
No — required to provide the Service |
| Analytics |
Measuring which marketing campaigns lead to signups and document creation |
Yes |
| Marketing |
Showing DocsAura ads on third-party platforms and measuring ad performance |
Yes |
You can grant, refuse, or change your consent at any time using the cookie banner shown on first visit, or via the "Manage cookies" link in the footer. See our Cookies Policy for full details.
11. Security
We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. No system is entirely secure. If you discover a potential vulnerability, please report it to [email protected].
12. Age Restriction
DocsAura is intended solely for adults aged 18 or over. The Service is not directed at anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service before they take effect. The "last updated" date at the top reflects the most recent revision.
14. Contact
Spectrum Flare sp. z o.o.
Email: [email protected]