Approved for publication by EIREEN Tech legal review on 2026-05-13.
Version id: privacy-2026-05-13-v1 Effective date: 2026-05-13
Controller
The controller responsible for personal data relating to the Decodoc service is:
EIREEN Tech, SAS, RCS Paris 102 628 047, registered office 122 rue Amelot, 75011 Paris, France.
Contact (privacy, legal, support): contact@eireen.fr
1. What Decodoc is
Decodoc is a local-first mobile application that helps you understand documents (including explanations and translations). By default, your documents and derived content stay on your device. Decodoc is not designed as a cloud document storage product.
2. Core principle (document processing)
Documents stay on the user's device by default. A document is sent to Decodoc's backend and AI service providers only when the user explicitly starts analysis, translation, or a related document-processing action.
Subscriptions and entitlements may control access and usage limits; they do not change the default local-first storage model into full cloud document hosting.
3. Data we may process (summary)
Categories align with the internal Decodoc Privacy Data Map v1 (docs/legal/decodoc_privacy_data_map_v1.md). Indicative examples:
| Area | Examples |
|---|---|
| On your device | Original files, extracted or OCR text, analysis result JSON, full translation JSON, thumbnails/previews, local document history |
| Account / service layer (Supabase) | Email, Supabase user id, optional usage counters, legal acceptance records (when implemented) — not your full document library as primary storage |
| Temporary backend processing | User-initiated jobs: routing, transformation, returning structured results; not intended as long-term archive of document bodies |
| AI providers | Text or fragments you send by starting analysis/translation, plus instructions needed to return structured results |
| Subscriptions | Subscription status, store purchase metadata, RevenueCat app user id — via Apple App Store, Google Play, and RevenueCat for payments and entitlements |
4. Where data is stored
- Primary document storage: your device, by default.
- Supabase: service layer (e.g. authentication, account identifiers, entitlements metadata, optional meters). It is not the primary place where Decodoc stores your full document corpus.
- Backend: temporary processing to fulfil explicit requests; designed to minimize retention of document content (exact retention/TTL subject to implementation and future policy updates).
- AI subprocessors: process inputs only in connection with actions you start; governed by their terms and our agreements (see Subprocessors page).
5. What we do not do with document content
Unless and until a future version explicitly states otherwise and you are informed:
- Document content (including extracted text, analysis JSON, translation JSON, and previews derived from documents) must not be placed into analytics products, crash diagnostics payloads,
support_debug_events, or routine backend application logs.
Support and diagnostics may use identifiers and technical metadata where needed, subject to minimization and counsel review.
6. Subscriptions and stores
Payments and subscription management are handled through Apple App Store and/or Google Play and RevenueCat as an entitlement layer. Those providers process billing and subscription data under their own policies.
7. Retention (high level)
| Data | Indicative approach |
|---|---|
| Documents on device | Until you delete them or remove the app (subject to OS behaviour) |
| Account / Supabase service data | For the life of the account and applicable legal/statutory periods |
| Backend copies from processing | Short-lived / ephemeral by design; exact TTL to be documented when finalized |
| Store / RevenueCat records | As required by platforms and tax/accounting law |
| AI provider-side retention | Per vendor terms; we aim to minimize what is sent |
Final retention schedules belong in counsel-reviewed text and operational runbooks.
8. Your rights (EU-oriented outline)
Depending on your location, you may have rights to access, rectify, erase, restrict, object, or port personal data, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.
Deletion / account: see the Delete Account and Data Deletion page. Service-layer deletion requests (when accounts exist): **contact@eireen.fr** (workflow to be described when implemented).
9. International transfers
Some service providers may process data outside your country (including outside the EEA). Where required, we use appropriate safeguards (e.g. Standard Contractual Clauses) as determined with counsel.
10. Children
Decodoc is not directed at children; age limits and parental controls will be finalized with counsel.
11. Changes to this policy
We may update the version id, effective date, and, where required, obtain new acceptance in the app when we make material changes.
12. Contact
- Privacy, legal, and support: contact@eireen.fr
- Terms-related queries: contact@eireen.fr