Welcome to Document Manager Pro ("we", "our", or "us"). We are committed to protecting your personal data and your privacy. This Privacy Policy describes how we collect, use, store, and process your information when you use our mobile application and associated web portals (collectively, the "Service").
India DPDP Act 2023 & Global Compliance Notice
In accordance with the Digital Personal Data Protection Act (DPDP) 2023 of India and other global data protection standards, we process all document scans, credentials, and identity information strictly on a consent-basis and deploy advanced local-first cryptographic measures.
1. Information We Collect
To provide our document management, storage, and OCR extraction features, we collect the following types of information:
Account Information: Your name, email address, password, phone number, and profile preferences when you register.
Document Metadata & Scans: Images of documents you scan or import, file sizes, document categories, and metadata created by you.
Extracted OCR Text: Text extracted from your scans to enable searching, editing, and field auto-filling.
Device Information: Device model, operating system version, unique device identifiers, and system logs.
2. User Roles and Data Access
Under the DPDP Act 2023 of India, we process data based on defined user roles to ensure security and compliance:
Admin: Has full administrative control over group management, billing, subscription configurations, and global access rules. Admins can view group members' activity logs and document metadata (file names, upload dates, sizes) for compliance and auditing purposes, but *never* the raw decrypted content of secure documents unless explicitly shared.
Group: A collaborative workspace structure. Documents uploaded to a Group folder are securely shared with authorized members of that group. Group managers can administer the folder contents and configure viewing permissions.
Member: Individual accounts with restricted access to view and upload files strictly within assigned group folders or their own private workspace locker, depending on the permissions set by the Admin.
3. Document Sharing
Our Service allows you to voluntarily share secure encrypted documents with other users or groups. When sharing:
The recipient is granted a cryptographic secure key enabling them to decrypt and view the document content.
As the data principal, you remain solely responsible for validating the identity, permission, and authority of any recipient you share files with.
All shared documents remain fully encrypted in transit and at rest using enterprise-grade AES-256 protocols.
4. Device Permissions We Request
To enable the application features, we require access to the following sensitive APIs on your mobile device:
Camera Permission: Required to capture physical documents, identity cards, or paper records for scanning.
Storage / Files Access: Required to import existing PDF or image files from your local storage and to save exported document files.
5. How We Process and Store Your Documents
We respect the confidentiality of your documents and handle them with absolute security:
Local OCR Processing: Text extraction (OCR) is performed utilizing high-performance local libraries (Google ML Kit) directly on your device. No document scans or biometric elements are sent to Google's servers for ML Kit OCR processing.
End-to-End Cryptography: All document files uploaded to our cloud servers are instantly encrypted using enterprise-grade AES-256 cryptographic keys. The raw, decrypted document content is never accessible to us or unauthorized third parties.
Cloud Storage: Encrypted files and database records are securely hosted using Firebase services.
6. Third-Party Sub-Processors
We work with trusted third-party providers who act as data processors under strict security and confidentiality terms:
Firebase (by Google): Provides secure cloud database services, server hosting, user authentication, and encrypted storage. [Firebase Privacy Policy](https://firebase.google.com/support/privacy)
Google ML Kit: Used for high-performance, on-device OCR text recognition and processing. [Google ML Kit Privacy Policy](https://developers.google.com/ml-kit/terms)
7. Children's Data
In compliance with Section 9 of the India DPDP Act 2023, we do not knowingly collect, process, or track personal data of children under the age of 18 without verifiable parental or guardian consent. If you are under the age of 18, you are not authorized to register for or use the Service. If we discover we have inadvertently collected data of a minor, we will instantly delete that data and deactivate the account.
8. Cookies and Analytics
We use Firebase Analytics and Firebase Crashlytics to monitor performance, compile crash logs, and evaluate anonymous user interaction metrics to keep the app secure and stable. No raw document content is ever processed for analytics. You can opt out of analytics tracking at any time via the in-app Settings menu.
9. Data Retention and Account Deletion
We retain your personal data and documents only as long as your account remains active. You maintain absolute control over your records:
Instant Disabling: Upon requesting account deletion, your account is immediately deactivated and disabled, and your sessions are terminated across all devices.
30-day Grace Period: Your records are held in a restricted, inactive state for 30 days. You have the right to contact support to cancel the request within this time.
Permanent Purge: After 30 days, your account profile, metadata, and all encrypted document files stored on our cloud systems are permanently and irreversibly purged from our servers.
10. Security of Your Personal Data & Breach Notifications
We deploy rigorous technical, physical, and administrative security measures to protect your documents. All network transmissions are protected under secure TLS/SSL protocols.
In the highly unlikely event of a security incident or data breach affecting your personal records, we will notify you and the Data Protection Board of India (DPBI) promptly and within the legally mandated timelines under the DPDP Act 2023.
11. Your Rights & Grievances (India DPDP Act)
Under the DPDP Act 2023, you have the right to access, correct, or request the erasure of your personal data. For any privacy concerns or grievances, please contact our Grievance Officer at:
Email: contact@easternts.com
Subject: Privacy Grievance Support