Privacy Policy

Effective Date: April 20, 2026
Last updated: April 20, 2026

This Privacy Policy (“Notice“) describes how Private Entrepreneur Yevhen Ivaniv, trading as e-Doc Ltd (together, the “Company,” “we,” “us,” or “our“), collects, uses, stores, and protects personal information in connection with the services offered through https://e-doc.ltd (the “Website” and, together with our document-processing services, the “Services“).

Important note on entity structure. The name “e-Doc Ltd” is a trade name (DBA, “doing business as”) used for branding and marketing. It does not denote a limited liability company or any separate legal entity. The Services are operated by an individual entrepreneur (фізична особа-підприємець / FOP) registered under the laws of Ukraine, operating on the simplified taxation system (Group 3, 5% single tax) with authorization for foreign economic activity. All rights and obligations under this Notice rest with the individual entrepreneur personally.

For any privacy-related questions, you may contact us at legal@e-doc.ltd or by post at the address in Section 16.

SUMMARY OF KEY POINTS

• What we collect: Your contact information (name, email, phone if you provide it), company details (if applicable), project descriptions, and any files you submit for document-processing work.
• Why we collect it: To respond to your inquiries, prepare quotes, execute projects, issue invoices, comply with tax and accounting obligations, and — only with your consent — send you newsletters.
• How long we keep it: Each data category has a specific retention period listed in Section 7. Most files uploaded to our Quote Request form are deleted automatically after 60 days if no project is started.
• Who we share it with: A small set of service providers (hosting, CDN/bot protection, analytics, newsletter delivery) listed in Section 4. We never sell your data.
• Your rights: You can request access, correction, or deletion of your data at any time by emailing legal@e-doc.ltd.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON?
4. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?
5. COOKIES AND TRACKING TECHNOLOGIES
6. USE OF ARTIFICIAL INTELLIGENCE TOOLS
7. HOW LONG DO WE KEEP YOUR INFORMATION?
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
9. DO WE COLLECT INFORMATION FROM MINORS?
10. WHAT ARE YOUR PRIVACY RIGHTS?
11. DO-NOT-TRACK SIGNALS
12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
14. DO WE MAKE UPDATES TO THIS NOTICE?
15. DATA BREACH NOTIFICATION
16. HOW CAN YOU CONTACT US?

1. WHAT INFORMATION DO WE COLLECT?

Information you provide to us. When you engage with our Website or Services — by filling in a form, uploading a file, sending us an email, or accepting a quote — the personal information we collect may include:

• your name (first and last);
• your email address;
• your phone number (only if you choose to provide it);
• your company name and industry (only if you choose to provide them);
• your billing address (when required to issue an invoice);
• the content of your project description, quote request, or other free-text input;
• source files you upload through our forms or send by email — documents, images, books, photos, scans, audio or video recordings, or other electronic files;
• external file links you share (for example, Google Drive, Dropbox, or WeTransfer URLs).

We do not directly collect or store payment card numbers or bank account numbers. When you pay for our Services, your payment details are submitted to our third-party payment processors (international banks via SWIFT, Payoneer, Wise, or the Upwork platform). Those processors handle payment data under their own privacy and security standards. We receive only the transaction confirmation and the billing information necessary to issue an invoice and record the payment.

Sensitive information. We do not request sensitive personal information (as defined in GDPR Article 9 — including health data, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or biometric data). However, the source files you submit to us may incidentally contain such information — for example, a scanned medical record you ask us to OCR, or a personnel list you ask us to reformat.

When your files incidentally contain sensitive personal information:

• we process that information only to the extent necessary to perform the service you requested;
• we apply the same confidentiality and security measures as for all your data;
• we do not extract, index, profile, or otherwise use that information for any purpose other than completing your project;
• you remain the controller of personal data contained in your files; we act as a data processor under your instructions.

If your project specifically involves protected health information (PHI), classified government data, or similarly restricted content, you must inform us before submitting any files. We may decline such projects if they exceed our standard data-protection procedures.

Information collected automatically. When you visit our Website, certain information is collected automatically for security, operational, and analytics purposes:

• Log and usage data. Our web server automatically records basic request data: IP address, browser type and version, referring URL, pages visited, timestamps, and error events.
• Device data. Information about the device you are using to access the Website — operating system, browser, screen resolution, approximate device type.
• Approximate location. Through Google Analytics 4, we collect location information derived from your IP address — typically at the country or city level. We do not use GPS, device location APIs, or any precise-geolocation technology.

Quote Request form files. When you use our Quote Request form at https://e-doc.ltd/quote/ or any page where the same form is embedded, and you upload one or more files, we process those files specifically to prepare and deliver your personalized quote.

• How files are stored. Uploaded files are saved on our own server infrastructure, in a non-public directory protected against direct web access. Each file is stored under a randomized filename with server-level access controls that require authentication before a file can be viewed or downloaded.
• Who can access uploaded files. Access is limited to authorized personnel who are actively involved in reviewing your request and preparing your quote. Files are never shared with third parties without your explicit consent.
• Retention. Files you upload via the Quote Request form are retained for 60 days from the date of submission, after which they are automatically deleted from our server. The 60-day retention applies regardless of whether you received a quote, accepted it, or declined it.
• Early deletion on request. If you would like your uploaded files deleted before the 60-day window ends, contact us at info@e-doc.ltd or reply to the confirmation email you received. We will delete the files within three business days and confirm deletion by email.
• Files from accepted projects. If you accept a quote and we begin work, the project files become part of the active project workflow and their retention is governed by the terms of the specific service agreement — not by this 60-day window.
• NDA-protected files. If you mark the “I require an NDA before sharing files” option on the form, we treat all uploaded files as NDA-protected even before the NDA is signed. We send you our NDA template as the first step of our response. If you decide not to proceed after reviewing the NDA, we delete the files on request within three business days.

Google services. We use Google Analytics 4 (GA4) for website audience analytics and Google Search Console for search-indexation monitoring. Our use of data received from Google services adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not integrate Google Maps, Google Ads, or any Google advertising services.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for the following purposes:

• To deliver the Services you request. We review your inquiry, prepare a quote, and — once you accept — execute the project. This is the primary purpose of processing most of your information.
• To respond to inquiries and offer support. We respond to your messages and resolve any issues related to the Services.
• To send administrative communications. We may contact you about changes to our terms or policies, service-related notices, or other non-promotional updates.
• To issue invoices and manage accounting. We maintain records of services delivered and payments received to comply with Ukrainian tax and accounting obligations.
• To send newsletter communications — only with your consent. If you opt in to our newsletter, we process your email address to send you updates about our Services and industry insights. You can opt out at any time.
• To protect the Website and prevent fraud. We process limited technical information (IP, browser, user agent, submission patterns) to keep the Website secure and detect suspicious activity.
• To analyze and improve the Website. We use aggregated analytics data to understand how visitors interact with the Website and to improve content and user experience.
• To comply with legal obligations. We may process your information to comply with Ukrainian tax, accounting, and record-keeping law, or to respond to legitimate requests from competent authorities.

We do not process your information for targeted advertising, behavioral profiling, or sale to third parties.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

If you are located in the European Union, the United Kingdom, or the European Economic Area, the General Data Protection Regulation (GDPR) and UK GDPR require us to state the legal basis on which we process your personal information. We rely on the following legal bases:

• Performance of a contract. When we prepare a quote for you, execute a project, or issue an invoice, we process your data to fulfill our contractual obligations to you or to take steps at your request before entering into a contract (GDPR Article 6(1)(b)).
• Legal obligation. Ukrainian tax and accounting law requires us to retain financial records for specific periods. When we retain invoicing data for these reasons, the basis is GDPR Article 6(1)(c).
• Consent. Where we rely on your consent — for example, for newsletter subscriptions or for processing files that contain sensitive personal data incidentally — you may withdraw your consent at any time by contacting us (GDPR Article 6(1)(a)).
• Legitimate interest. We may process limited technical and analytics data to secure the Website, prevent fraud, and improve user experience, provided these interests are not overridden by your rights and freedoms (GDPR Article 6(1)(f)).

You always have the right to object to processing based on legitimate interest, to withdraw consent where consent is the basis, and to exercise the other rights set out in Section 10.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We use a small, carefully selected set of third-party service providers to operate the Website and deliver the Services. Each provider receives only the minimum information needed for its specific role, and each operates under its own privacy policy and applicable safeguards for international data transfers.

Artificial intelligence service providers. When the execution of your project requires assistance from AI-based tools, we may transmit parts of your content to AI service providers listed in Section 6 of this Notice, under commercial terms that prohibit the use of your content to train the providers’ public models.

Legal disclosure. We may disclose your information if required by law — for example, in response to a subpoena, court order, or lawful request from a competent authority. Where the law permits, we will notify you before making such a disclosure.

Business transfers. If our business, or a portion of it, is transferred to another entity (for example, through a sale of assets or a reorganization), your information may be transferred as part of that transaction. We will notify you and, where the law requires consent, seek your consent before the transfer takes effect.

We do not sell your personal information. We do not share it with advertising networks, data brokers, or any intermediary for commercial purposes unrelated to providing our Services.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use a minimal set of cookies and similar technologies — strictly necessary ones for security and form protection, and analytics cookies that help us understand website usage. We do not use cookies for targeted advertising, behavioral profiling, or cross-site tracking.

Strictly necessary technologies

• Cloudflare Turnstile. We use Cloudflare Turnstile on our contact and quote forms to verify that form submissions come from real humans rather than automated bots. Turnstile operates in a privacy-respecting mode: it evaluates browser signals passively without requiring you to solve challenges. Turnstile may set short-lived session identifiers and transmit limited technical signals (IP address, browser characteristics, form-interaction patterns) to Cloudflare solely for bot detection. No data is used for advertising or profiling.
• WordPress session and security cookies. Our Website runs on WordPress, which may set session cookies and form-integrity tokens strictly necessary for the Website to function.

Analytics technologies

• Google Analytics 4 (GA4). GA4 sets cookies such as _ga and _ga_* to distinguish users and measure how visitors interact with the Website. You can opt out globally by installing the Google Analytics Opt-out Browser Add-on.
• Google Search Console. Search Console does not set cookies in your browser — it only receives aggregated data from Google’s own search logs.

Performance technologies

Our caching plugin (WP Rocket) may use short-lived browser storage to optimize page load. These are not used for tracking.

Do-Not-Track

Most browsers support a Do-Not-Track (DNT) signal. No industry standard currently exists for how websites should honor DNT, and we do not currently respond to DNT signals. If a standard is adopted, we will update this Notice.

Detailed cookie list and management

The full list of cookies we set, together with instructions for disabling them, is in our Cookie Policy. You can also manage cookies directly in your browser settings. Rejecting strictly necessary cookies may prevent forms from working correctly.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

Our Services are positioned as “AI-Enhanced, Human-Verified.” AI tools assist our human specialists in tasks such as initial text recognition, quality checks, transcription, and image generation. Final deliverables are always reviewed and validated by a human member of our team before being sent to you.

AI providers we may use

Depending on the specific project requirements, we may use the following third-party AI services to accelerate internal processing tasks:

Data minimization with AI tools

• We submit content to AI providers only to the extent necessary for the specific processing task.
• We use commercial tiers of these services under terms that prohibit the providers from training their public models on our customers’ content, or we use tools that run locally.
• We do not upload client files to public AI chat interfaces or to any service where client content could be used to train public models.

Human oversight

No automated decision having legal or similarly significant effect is made about you by AI tools. Every quote, project acceptance, and deliverable is prepared and verified by a human member of our team.

If you have specific concerns about AI processing of your files — for example, for projects involving highly sensitive or regulated content — please let us know before submitting your request. We will confirm, in writing, the specific AI workflow that applies to your project, and will adjust or omit AI steps on request.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain personal information only for as long as necessary to fulfill the purposes described in this Notice, unless a longer retention period is required or permitted by law.

Early deletion on request. You can request deletion of your Quote Request form files before the 60-day window ends by emailing info@e-doc.ltd or legal@e-doc.ltd. We will delete the files within three business days and confirm by email.

Retention during disputes. If an active or reasonably anticipated legal dispute involves your data, we may retain it beyond the periods listed above for as long as necessary to protect our legal position. During that time, we may lawfully decline deletion requests related to data that is material to the dispute.

After retention. When we have no ongoing legitimate need and no legal retention obligation, we delete or anonymize the data. Where immediate deletion is not feasible — for example, when data is preserved in backup archives — we isolate it from active processing until the next backup rotation naturally removes it.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We apply appropriate technical and organizational measures to protect personal information, including:

• TLS encryption for all traffic between your browser and our Website (HTTPS);
• TLS-encrypted SMTP for email transmission;
• storage of uploaded files in a non-public, access-restricted server directory, with randomized filenames and server-level access controls;
• capability-based authorization for file downloads (only authenticated personnel with the specific permission can retrieve uploaded files);
• automated deletion of unused Quote Request form files after 60 days;
• confidentiality obligations binding on all personnel and subcontractors with access to client data;
• minimum-necessary data-sharing principle for all subprocessors;
• regular software updates to WordPress, plugins, and the server environment;
• logging of administrative actions for audit purposes.

No electronic transmission or storage system is perfectly secure. Despite our safeguards, we cannot guarantee that unauthorized parties will never defeat our security. Access to the Services is at your own risk. You should maintain your own copies of files you submit to us.

9. DO WE COLLECT INFORMATION FROM MINORS?

Our Services are intended exclusively for users who are at least 18 years old (or the equivalent age of majority in your jurisdiction). We do not knowingly collect personal data from individuals under 18. If we learn that we have inadvertently collected such data, we will delete it promptly.

If you are a parent or legal guardian and believe that a minor has provided personal data to us, contact us at legal@e-doc.ltd. We will investigate and delete the relevant data without undue delay.

Documents you submit that contain minors’ data. If documents you submit to us for processing contain personal data of minors — for example, a child’s passport, school records, or medical records — you warrant that you have the legal authority, as a parent or legal guardian, to share that data with us for the specific purpose of the service you requested.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location, applicable data-protection law grants you certain rights regarding your personal information. These rights generally include:

• Right of access. You can request a copy of the personal information we hold about you.
• Right to rectification. You can request correction of inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”). You can request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing. You can request that we limit processing in specific circumstances.
• Right to data portability. Where processing is based on consent or a contract and is carried out by automated means, you can request your data in a commonly used, machine-readable format.
• Right to object. You can object to processing based on legitimate interest, including profiling (we do not profile).
• Right to withdraw consent. Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, email legal@e-doc.ltd. We will respond within 30 calendar days, unless the request is complex and requires an extension (in which case we will notify you of the extension and its reason).

Verification. To protect your data from unauthorized access, we may need to verify your identity before acting on a request. For example, we may ask you to confirm details that only you and we would know.

Complaints. If you believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data-protection authority:

• EEA residents: your Member State data-protection authority.
• UK residents: the Information Commissioner’s Office (ICO).
• Swiss residents: the Federal Data Protection and Information Commissioner (FDPIC).
• Ukrainian residents: the Ukrainian Parliament Commissioner for Human Rights.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

As noted in Section 5, no uniform technical standard currently exists for recognizing and implementing Do-Not-Track (DNT) signals. We do not currently respond to DNT browser signals. If a standard is adopted, we will update this Notice accordingly.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights under your state’s data-protection law.

Categories of personal information we collect

The following table shows categories of personal information we collected in the preceding 12 months, using the classifications defined in California consumer-privacy legislation.

Retention

Retention periods for each category are listed in Section 7. The prior version of this Notice used the phrase “for life” to describe retention; this was incorrect and has been replaced with specific retention periods.

Your rights under US state laws

Depending on your state of residence, you may have:

• the right to know what categories of personal data we process about you;
• the right to access or obtain a copy of your data;
• the right to correct inaccuracies;
• the right to delete your data;
• the right to opt out of the sale or sharing of personal data (we do not sell or share);
• the right to opt out of targeted advertising (we do not serve targeted advertising);
• the right to opt out of profiling leading to significant decisions (we do not profile);
• the right to non-discrimination for exercising any of these rights.

To exercise your rights, email legal@e-doc.ltd or use the contact methods in Section 16.

California “Shine the Light” law

California Civil Code Section 1798.83 permits California residents to request, once a year and free of charge, information about categories of personal information we have disclosed to third parties for direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes.

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

Australia and New Zealand

We collect and process personal information in compliance with the obligations set by Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020. You can request access to or correction of your personal information at any time using the contact details in Section 16. Complaints regarding privacy breaches can be directed to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner.

South Africa

You have the right to request access to or correction of your personal information under the Protection of Personal Information Act (POPIA). If you are unsatisfied with how we address a complaint, you can contact the Information Regulator (South Africa).

Other jurisdictions

If you reside in a jurisdiction not specifically mentioned, you may still have rights under your local data-protection law. Contact us at legal@e-doc.ltd, and we will respond in accordance with applicable law.

14. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Policy from time to time to reflect changes in our practices, in the technologies we use, or in applicable law. When we make material changes, we will update the “Last Updated” date at the top of this Notice and, where required by law, provide more prominent notice (such as an in-site banner or a direct email, if we have your email address for service-related communications).

We encourage you to review this Notice periodically to stay informed about how we protect your information.

15. DATA BREACH NOTIFICATION

In the event of a personal-data breach that poses a risk to your rights and freedoms, we will notify the competent data-protection authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

Where the breach is likely to result in high risk to your rights and freedoms, we will also notify you directly, without undue delay, using the contact information we have on file, in accordance with GDPR Article 34.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

For any privacy-related inquiry or to exercise your rights:

• Legal and privacy matters: legal@e-doc.ltd
• General inquiries: info@e-doc.ltd

Postal address:

Private Entrepreneur Yevhen Ivaniv (ФОП Іванів Євген Геннадійович)
14 Olha Kobylianska Street, apt. 2
Kolomyia, Ivano-Frankivsk Region, 78203
Ukraine

PREVAILING LANGUAGE

This Privacy Policy may be published in both English and Ukrainian versions. In case of any discrepancy, conflict, or ambiguity between the two versions — whether the Ukrainian version is published on the Website or exists only as an internal working document — the Ukrainian version prevails for all purposes of interpretation and enforcement.