Privacy Policy

V1.1 - Last edited Jan 17th, 2021

Your security and right to privacy is one of our priorities. Santo Doc (“Doutore LLC”) respect the rights of our customers, visitors and the users of Santo Doc’s “Platform” or "Services" and the website www.santodoc.com, including all electronic services, applications and internal links on the platform.

Any information you provide via the Platform is private, kept secret and will not be used in any manner or for any purpose that you have not instructed or permitted. You will find a description of Santo Doc's data processing practice in this Privacy Policy.

This Privacy Policy applies only to the Platform and does not extend to third party websites or the like that might be accessible from the Platform.

By accessing and using the Platform and our Services, you signify your acceptance to the terms of this Policy. If you do not agree with or you are not comfortable with any aspect of this Policy, or the Terms of Service, you should immediately discontinue access or use of our Platform.

What information we collect

Santo Doc collects data to enable us to operate the Platform effectively, and to provide you with the best experiences. You provide some of this data to us directly, such as when you register to use our Platform. We also obtain and process data in the context of providing the services of the Platform.

The data we collect can include the following:

  • Name and contact information. We may collect your name, email address, password, address, phone number, company information, and other similar contact data. This information is necessary to make sure that your contracts are valid.
  • Payment information. In order to create charges on our payment providers, we need to collect payment information. Credit card data is not stored in the Platform server's. Only the payment provider has access to these information.
  • Customer information. On the normal use of the Platform, you may create contracts, add clients, and users. You may include client names, emails, clauses, etc. All the data provided will be stored securely in the Platform.
  • Collected Customer information. In order to securely sign contracts, we collect and store relevant customer information such as IP addresses, user agent, browser language,
  • Device and Usage information. We may collect data about your device and how you and your device interact with Santo Doc and our Services. For example, we may collect:
  • Use data. We may collect data about the features you use, and the web pages you visit. This also includes your interactions on our website, and your interactions with us via email.
  • Device. Connectivity and configuration data. We may collect data about your device and the network you use to connect to our Services. This may include data about the operating system and other software installed on your device, including product keys. It may also include IP address, browser type, operating system, and referring URLs.

Why we need your information

  • To securely authenticate your access to the platform
  • To sign and validate your contracts and signatures
  • Find and fix errors
  • Perform customer support services to our customers
  • To personalize your experience in the Platform
  • To meet legal requirements
  • To understand how you use the Platform so we can improve our services
  • To create charges and check payment information
  • To send messages to you
  • To develop new features

How we protect your information

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (e.g., credit cards, financials) will not be stored on our servers.

How we ensure that our processing systems remain confidential, resilient, and available

We implement a variety of measures to ensure that our processing systems remain confidential, resilient, and available. Specifically, we have implemented processes to help ensure high availability, business continuity, and prompt disaster recovery. We commit to maintaining strong physical and logical access controls, and conduct regular penetration testing to identify and address potential vulnerabilities.

High Availability. Every part of the Services utilize properly-provisioned, redundant servers in case of failure.

Business Continuity. We keep encrypted backups of data every day on Amazon AWS Platform. While never expected, in the case of production data loss (i.e., primary data stores loss), we will restore organizational data from these backups.

Disaster Recovery. In the event of a region-wide outage, we will bring up a duplicate environment in a different Amazon AWS region. Our operations team has extensive experience performing full region migrations.

Physical Access Controls. Santo Doc is hosted on Amazon AWS Platform through the services oof Heroku. AWS's data centers feature a layered security model, including extensive safeguards such as custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. Santo Doc employees do not have physical access to AWS data centers, servers, network equipment, or storage.

Logical Access Controls. Santo Doc is the assigned administrator of its infrastructure on Heroku Platform, and only designated authorized Santo Doc operations team members have access to configure the infrastructure on an as-needed basis behind a two-factor authenticated virtual private network. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location.

Why we use cookies

We use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser.

When we disclose any information to outside parties

We share your personal data with your consent, or as necessary to provide the services of the Platform to you. We also share your data with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to maintain the security of our Services; and to protect our rights or our property.

We share your personal data with your consent, or as necessary to provide the services of the Platform to you. We also share personal data with vendors or agents working on our behalf for the purposes described in this Policy. For example, companies we have hired to provide cloud hosting services, and customer support may need access to personal data to provide those functions. In such cases, these companies are required to abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.

We may disclose your personal data as part of a corporate transaction such as a corporate sale, merger, reorganization, dissolution, or similar event.

Finally, we will access, transfer, disclose, and/or preserve personal data, when we have a good faith belief that doing so is necessary to:

  • comply with applicable law or respond to valid legal process, judicial orders, or subpoenas;respond to requests from public or governmental authorities, including for national security or law enforcement purposes;
  • protect the vital interests of our users, customers, or other third parties (including, for example, to prevent spam or attempts to defraud users of our products);
  • operate and maintain the security of the services of our Platform, including to prevent or stop an attack on our computer systems or networks;
  • protect the rights, interests or property of Santo Docor third parties;
  • prevent or investigate possible wrongdoing in connection with the Services; or
  • enforce our Terms of Service.

We may use and share aggregated non-personal information with third parties for marketing, advertising, and analytics purposes.

We do not sell or trade your personal information to third parties.

How to access and control your personal data

You can view, access, edit, delete, or request a copy of your personal data for many aspects of the services of the Platform. How you can access and control your personal data will depend on which services of the Platform you use.

You can always choose whether you want to receive marketing communications from us. You can also opt out from receiving marketing communications from us by using the opt-out link on the communication.

  • Data Access and Portability. You can request a copy of your personal data by submitting an online form at www.santodoc.com/gdpr-data-requests and selecting “Copy of my personal data” and including an email address. Santo Doc will verify your ability to access that email, then will send you a digital export of the data we hold that is associated with your email address. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Certain data such as client's contracts signed can also be exported directly via the interface.
  • Data Erasure. You can request that Santo Doc delete your personal data by submitting an online form at www.santodoc.com/gdpr-data-requests and selecting “delete my personal data” and including an email address. Santo Doc will verify your ability to access that email, then delete the personal data associated with your email address. All customer data stored on our servers is eradicated upon a customer’s termination of service and deletion of account after a 24-hour waiting period to prevent accidental cancellation. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Please note that we retain billing and usage metadata about a company or individual as required for compliance with law and regulation.
  • Data Correction. You can modify your personal data by submitting an online form at www.doutorelegal.com/gdpr-data-requests and selecting “update my personal data” and including an email address. Santo Doc will verify your ability to access that email, then update the fields where possible within the Services. In most cases, data can be modified via the Platform. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request.

How long we will keep your information

We may retain your personal information as long as you continue to use the Platform, have an account with us, or for as long as is necessary to fulfill the purposes outlined in the policy. You can ask to close your account by contacting us at the details above, and we will delete your personal information on request.

We may, however, retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.

Changes to our Privacy Policy

We will update this privacy statement when necessary to reflect customer feedback and changes in our Services. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. If there are material changes to the statement or in how Santo Doc will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Santo Doc is protecting your information.

How to contact us

If you have a support or sales related question, please contact us via our online form.

If you have a privacy concern, complaint, or a question for the Data Protection Officer of Santo Doc, please contact us by sending us an email at compliance@santodoc.com. We will respond to questions or concerns within 30 days.