Privacy Policy

Last updated: April 26, 2026

Diplodocs is currently in early access and pre-incorporation. This is an interim privacy policy covering data collected through the diplodocs.io marketing site and the app.diplodocs.io application. A full policy will replace this page once Diplodocs LLC is formally registered.

1. What We Collect

We collect only what's necessary to run the service and communicate with you.

From the marketing site (diplodocs.io):

Early access email: the email address you submit on the waitlist form.
Feedback form: the name, email, and message you submit.
Usage analytics: anonymized traffic data (page views, device type, referrer, approximate location) collected via Google Analytics using cookies.

From the application (app.diplodocs.io):

Account information: your email address, which serves as your account identifier, along with a password (stored as a hash, never in plain text).
Content you create: templates, blocks, components, data records, documents, forms, assets, and any other content you upload or generate while using the application. This content is private to your account and isolated from other users.
Operational data: timestamps of logins, actions taken within the app (for audit and debugging), and basic device/browser information.

From the e-signature feature (when used):

Signer details: the name, email address, and (where you choose to collect them) phone number or other identity attributes of each recipient you send a document to for signature.
Audit-trail data: for each signed envelope we record IP address, user agent, signature timestamps, signer actions (viewed, signed, declined), and a cryptographic hash of the signed document — required to make the signature legally evidentiary.
Signed documents: the final signed PDF and its associated certificate of completion.

When you send a document for signature, you act as the data controller for the signer's personal data; Diplodocs (and our signing sub-processor, see §4) act as data processors on your behalf. You are responsible for having a lawful basis to send each document and, where required, for informing the signer of how their data is processed.

2. How We Use It

We use the information you provide to:

Authenticate you and provide access to your account and workspace.
Operate, maintain, and improve the application.
Contact you about Diplodocs (product updates, account notifications, and responses to your feedback).
Understand how the service is used at an aggregate level.

We do not sell, rent, or share your personal information or the content you create with third parties for marketing.

3. Data Isolation Between Users

The content you create in the application is private to your account. Other users cannot access your templates, documents, or data. Only you and authorized members of the Diplodocs team (for support and operational purposes) can access your account's content.

4. Who Has Access

Account data and user-generated content are stored on our infrastructure and accessed only by the Diplodocs team when necessary for support, debugging, or operating the service. Analytics data from the marketing site is processed by Google Analytics under Google's terms; Google may process this data in the United States.

When you use the e-signature feature, signature execution and audit-trail generation are performed by a third-party signing provider acting as our sub-processor. The provider receives the document, signer details, and audit-trail events necessary to complete the envelope. The current sub-processor and its data-processing terms can be requested from contact@diplodocs.io and will be listed publicly once Diplodocs LLC is formally registered.

5. Cookies

The marketing site uses cookies from Google Analytics to measure traffic. The application uses cookies (or equivalent browser storage) only for authentication and session management — these are strictly necessary for the service to function.

6. Data Retention

We keep your account and content for as long as your account is active. If you delete your account, we remove your personal information and user-generated content within a reasonable period, except where retention is required by law or for legitimate operational reasons (e.g., fraud prevention, backups). You can request account deletion by emailing contact@diplodocs.io.

Signed envelopes are retained separately. Because signed documents and their audit trails carry legal evidentiary value, we retain them for the period required by applicable e-signature law (typically 7 years) even after you delete your account, unless you specifically request earlier deletion and doing so does not violate a legal hold.

7. Your Rights

Depending on where you live (e.g. EU under GDPR, California under CCPA), you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to its processing. Send any such request to contact@diplodocs.io.

8. Security

We take reasonable steps to protect your information, including encrypted transmission (HTTPS) and hashed passwords. No method of transmission or storage is perfectly secure — use of the service is at your own risk during early access.

9. Changes to This Policy

We may update this policy as the product evolves. The "Last updated" date above reflects the current version. Continued use of the service after changes are posted constitutes acceptance.

10. Contact

Questions about this policy can be sent to contact@diplodocs.io.