Privacy Policy

Last updated: June 2026

1. Who we are

NeuDocs is a document-collection portal for accounting, bookkeeping, and tax firms, operated by Shereef Ibrahim, trading as NeuDocs. We help firms collect required documents from their clients through a secure, structured process. This policy describes what data we collect, how we use it, and how we protect it.

2. What data we collect

We collect and process the following categories of data:

  • Firm/staff accounts: email addresses, hashed passwords, names, and role assignments for staff members of firms that use NeuDocs.
  • Client contact information: names and email addresses provided by the firm for the purpose of sending document requests and upload links.
  • Uploaded documents:files uploaded by clients in response to specific document requests created by the firm. These files are stored on behalf of the firm and are accessible only to that firm’s authorised staff.
  • Usage and audit events: timestamps, IP addresses (where required for security and fraud prevention), and action logs (e.g., link accessed, file uploaded, item reviewed). Raw file contents are never written to logs.
  • Billing data: subscription and payment data is processed by Paddle, our Merchant of Record. We receive subscription status and limited billing metadata; we do not store full card details.

3. How we use your data

  • To operate the document-collection service and deliver it to firms and their clients.
  • To send email notifications and reminders related to document requests.
  • To maintain audit logs for security, compliance, and operational purposes.
  • To manage subscriptions and billing through our payment processor.
  • To diagnose technical problems and improve the service.

We do not sell your data. We do not use client documents for advertising or AI training.

4. Tenant isolation

Each firm’s data is logically isolated from all other firms. Uploaded files, client records, and request data are enforced at the database layer using row-level security policies keyed to the firm’s organisation ID. Staff from one firm cannot access another firm’s data.

5. Encryption in transit

All data transmitted between your browser and NeuDocs is encrypted using TLS (HTTPS). File uploads and downloads use short-lived signed URLs and are never exposed via public storage endpoints.

6. Subprocessors

We rely on the following third-party subprocessors to deliver the service:

  • Supabase — database, authentication, and file storage (private buckets). Data is hosted in the region selected at account creation.
  • Vercel — application hosting and edge infrastructure.
  • Resend — transactional email delivery (magic links, reminders, and notifications). Only the minimum recipient address and a generic message are passed; no document contents are included in emails.
  • Paddle — payment processing and billing as Merchant of Record.

7. Data retention and deletion

Firms can configure a retention period for completed and cancelled requests, after which records and uploaded files are deleted automatically. You may also request deletion of your account and associated data at any time by contacting us. Upon verified request, we will delete firm account data, client records, and uploaded files within a reasonable timeframe, subject to any legal retention obligations. Audit logs may be retained for a limited period for security and compliance purposes.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact us at the address below.

9. Contact

For privacy-related questions or requests, contact us at support@neudocs.app. Developer profile: github.com/xRetr00.