Privacy & cookies

Data Architecture and Storage

DocLoq does not store your documents or content. All document content, metadata, and files remain securely within your own Microsoft 365 tenant. DocLoq acts as a secure gateway that enables external sharing while maintaining your organization's governance and security policies.

What We Do NOT Store

• Document content or file data
• Document metadata or properties
• File attachments or embedded content
• Any business-sensitive information from your documents

Information We Collect

• Authentication tokens (temporary, for session management)
• User account information (name, email, organization details)
• Sharing permissions and access controls you configure
• Usage analytics (features used, session duration, error logs)
• Technical logs for service operation and security monitoring

Microsoft 365 Integration

DocLoq integrates with your Microsoft 365 tenant using secure, Microsoft-approved APIs. All document access and sharing operations are performed through your tenant's existing security infrastructure.

Your Tenant Governance

• All data remains subject to your organization's governance policies
• Microsoft 365 compliance features (DLP, retention policies) continue to apply
• Your existing security controls and access management remain in effect
• Audit logs are maintained within your tenant's compliance framework

Server-Side Security Processing

• PDF security modifications (read-only restrictions) are applied server-side
• All security processing occurs within your tenant's secure environment
• No document content is transmitted to external servers for processing
• Security policies are enforced using your tenant's existing infrastructure

How We Use Your Information

We use the limited information we collect to:

• Authenticate users and manage secure sessions
• Enable external sharing functionality within your tenant
• Apply security controls and access restrictions as configured
• Provide technical support and service monitoring
• Generate usage analytics for service improvement
• Ensure compliance with your organization's policies

Information Sharing and Disclosure

We do not share your information with third parties. All document sharing is handled directly through your Microsoft 365 tenant's existing sharing infrastructure. We may disclose information only:

• To comply with legal obligations or court orders
• To protect our rights, property, or safety, or that of our users
• With your explicit consent for specific technical support purposes
• In connection with a business transfer or acquisition (with notice)

Data Security and Protection

DocLoq implements enterprise-grade security measures to protect the limited information we process:

• Encryption in transit for all data transmission
• Microsoft 365 security standards compliance
• Zero-trust architecture with minimal data collection
• Regular security assessments and penetration testing
• Access controls based on your tenant's identity management
• Incident response procedures aligned with Microsoft security practices

Data Retention

We retain only the minimal information necessary for service operation. Authentication tokens are temporary and expire according to your tenant's session policies. Usage analytics are retained for service improvement purposes and can be deleted upon request. All document-related data remains in your Microsoft 365 tenant and is subject to your organization's retention policies.

Cookies and analytics

DocLoq uses necessary cookies and local browser storage to make the website work and to remember your cookie preferences.

With your consent, DocLoq uses Google Analytics to understand how visitors use the website. Google Analytics may collect information such as page views, device and browser information, approximate location, referrer information, and interaction events.

Analytics cookies are optional. You can accept, reject, or change your analytics preference at any time through the Cookie settings link in the website footer.

DocLoq does not use marketing cookies on the website unless this policy is updated.

Your Rights and Choices

Since DocLoq operates within your Microsoft 365 tenant, your data rights are primarily managed through your organization's tenant administration. You may have the following rights:

• Access: Request information about data processing through your tenant admin
• Correction: Update account information through your M365 profile
• Deletion: Request removal of your account data through your organization
• Portability: Export your data through Microsoft 365 data export tools
• Objection: Disable DocLoq access through your tenant administrator
• Restriction: Limit processing through your organization's access controls

International Data Transfers

DocLoq operates within your Microsoft 365 tenant's data residency configuration. All data processing occurs within the geographic regions specified by your tenant administrator. We do not transfer data outside of your tenant's configured boundaries.

Children's Privacy

DocLoq is designed for business use and is not intended for children under 13 years of age. Access is controlled through your Microsoft 365 tenant's user management policies. If you become aware that a child under 13 has accessed DocLoq, please contact your tenant administrator immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our service or legal requirements. We will notify your organization's administrators of any material changes and update the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or DocLoq's data practices, please contact your system administrator or the DocLoq support team through your organization's designated channels. For privacy-specific inquiries, you may also reach out to our Data Protection Officer through your tenant administrator.