Privacy Policy & Cookie Notice

Last Updated: June 11th, 2026

1. Introduction

SureSwift Worldwide Inc. dba Docparser ("Docparser," referred to as "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy and Cookie Notice ("Policy") describes how we collect, use, disclose, and protect personal information about visitors to our website at https://www.docparser.com (the "Site"), users of our services, including through access to and use of our platform and/or any application (collectively, the "Services"), and others who interact with us.

This Policy applies to personal information we process as a controller (or equivalent). It does not apply to information we process on behalf of our business customers in our capacity as a service provider or data processor – that processing is governed by our agreements with those customers.

Please read this Policy carefully. By accessing or using our Site or Services, you acknowledge you have read and understood this Policy. Where required by applicable law, we will obtain your consent before collecting or using your personal information in certain ways. We are committed to making this Policy accessible to all users, including individuals with disabilities, in accordance with Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. If you need this Policy in an alternative format, please contact us at [email protected].

2. Quick Reference: Your Privacy Rights by Jurisdiction

Depending on where you reside, you may have specific legal rights regarding your personal information. The table below provides a summary; full details appear in Section 12.

Jurisdiction / Law	Key Consumer Rights
California (CCPA / CPRA)	Know; Access; Correct; Delete; Opt-Out of Sale/Sharing; Limit Sensitive Personal Information; Non-Discrimination; Shine the Light
European Union (GDPR)	Access; Rectification; Erasure (Right to be Forgotten); Restriction; Data Portability; Objection; Rights re Automated Decision-Making; Lodge Complaint with Supervisory Authority
United Kingdom (UK GDPR)	Same as EU GDPR; supervised by the Information Commissioner's Office (ICO)
Canada — PIPEDA / Quebec Law 25	Access; Correction; Withdrawal of Consent; Complaint to Office of the Privacy Commissioner (OPC) or Commission d'acces a l'information (CAI, Quebec)
Other U.S. States (VA, CO, CT, TX, MT, OR, UT, etc.)	Access / Confirmation; Correction; Deletion; Portability; Opt-Out of Sale / Targeted Advertising / Profiling; Right to Appeal Denial

3. Personal Information We Collect

We collect personal information in the following ways, depending on how you interact with us.

3.1 Information You Provide Directly

We collect personal information you voluntarily provide when you:

Create an account or register for the Services (e.g., name, email address, password, job title, company name);
Subscribe to or purchase the Services (e.g., billing name, mailing address; payment card data is processed by our payment processor and not stored on our systems);
Contact us for support, with inquiries, or to provide feedback (e.g., name, email address, contents of your messages);
Participate in surveys, promotions, webinars, or events; and/or
Use interactive features that require you to submit content or data.

3.2 Information Collected Automatically

When you visit our Site or use our Services, we and our technology partners automatically collect:

Usage Data: pages viewed, features used, links clicked, searches conducted, and in-app actions;
Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and time zone;
Log Data: server access logs, error logs, referring URLs, date and time of requests;
Location Data: approximate geographic location (country, state/region) inferred from your IP address, and precise geolocation only if you provide explicit permission through your device or browser settings, where applicable; and/or
Cookie and Tracking Data: information collected through cookies, pixels, web beacons, and similar technologies (see Section 7).

3.3 Information from Third Parties

We may receive personal information about you from third parties, including:

Social login or SSO providers (e.g., Google, Microsoft) if you sign in through a third-party account;
Integration partners and resellers who refer customers to our Services;
Publicly available professional sources (e.g., professional directories, company websites); and/or

3.4 CCPA/CPRA: Categories of Personal Information

The table below discloses, for purposes of the CCPA/CPRA, the categories of personal information we have collected in the preceding 12 months, the business or commercial purposes for which each category is collected, and the categories of third parties to whom each category is disclosed.

CCPA/CPRA Category	Examples Collected	Business Purpose(s)	Disclosed To
Identifiers	Name, email address, username, IP address, device ID, cookie ID	Account management; Services delivery; security; analytics; marketing communications	Services providers; analytics providers; advertising partners
Personal Records (Cal. Civ. Code §1798.80)	Name, address, telephone number; billing information (processed via payment processor)	Services delivery; billing; account management	Payment processors; service providers
Commercial Information	Subscription plan, purchase history, product usage, feature adoption	Services delivery; analytics; customer success outreach	Services providers; CRM tools
Internet / Electronic Network Activity	Browsing history on Site; feature usage logs; clickstream data	Security; debugging; product analytics; Services improvement	Analytics providers; service providers
Geolocation Data (Non-Precise)	Country, state, approximate city inferred from IP address	Analytics; localization; tax compliance	Analytics providers; service providers
Professional / Employment Information	Job title, company name (if provided by user)	Account management; personalization; communications	Services providers; CRM tools
Inferences / Profile Data	Usage patterns, feature preferences, account tier, engagement data	Product improvement; customer success; relevant communications	Services providers
Sensitive Personal Information	Account login credentials.	Account authentication, security, fraud prevention, and service delivery.	Service providers only; no sale or sharing.

We do not knowingly collect biometric identifiers, genetic data, health or medical information, racial or ethnic origin, religious beliefs, or sexual orientation data, except as required by law or with your explicit consent.

4. How We Use Your Personal Information

We use personal information we collect for the following purposes:

4.1 Providing and Improving the Services

Creating, verifying, and managing your account;
Processing transactions and managing billing and subscriptions;
Delivering, operating, and maintaining the Services and their features;
Providing technical support and responding to your requests;
Developing new features and improving existing functionality; and
Personalizing your experience.

4.2 Communications

Sending transactional and Services-related notices (e.g., account activity alerts, billing, security notifications, policy updates);
Responding to your inquiries and support tickets;
Sending marketing, promotional, and educational communications where you have provided consent, where we have an existing customer relationship and the communication relates to similar products or services (soft opt-in), or where otherwise permitted by applicable law. All marketing communications include an unsubscribe mechanism. You may opt out at any time; and
Sending product updates, newsletters, and invitations to events or webinars.

4.3 Security, Fraud Prevention, and Safety

Detecting, investigating, and preventing unauthorized access, security incidents, and fraudulent activity;
Protecting the security and integrity of our systems, infrastructure, and user data; and
Verifying identity and authenticating users.

4.4 Legal Compliance and Enforcement

Complying with applicable laws, regulations, subpoenas, court orders, and legal processes;
Enforcing our Terms of Service, acceptable use policies, and other agreements;
Establishing, exercising, or defending legal claims; and
Maintaining required financial and operational records.

4.5 Analytics and Business Operations

Analyzing usage trends, Services performance, and user behavior to improve our products;
Conducting research, surveys, and A/B testing; and
Supporting internal finance, audit, planning, and compliance functions.

4.6 Other Purposes

We may use your personal information for other purposes disclosed to you at the time of collection or with your consent.

5. Legal Bases for Processing (GDPR and UK GDPR)

If you are located in the EEA or the UK, we process your personal data on the following legal bases under the GDPR and UK GDPR:

Legal Basis	Processing Activities	Additional Notes
Performance of a Contract (Art. 6(1)(b))	Account creation and management; Services delivery; billing and subscription management; technical support	Processing necessary to fulfill our contractual obligations to you as a Services user
Legitimate Interests (Art. 6(1)(f))	Fraud prevention and security; product analytics and improvement; direct marketing to existing customers; enforcing our terms; Services update communications	We have conducted a Legitimate Interests Assessment (LIA) for each activity, which is available upon request. Our interests include operating secure, reliable Services; communicating about relevant products; and protecting against fraud. You have the right to object (see Section 12.2).
Legal Obligation (Art. 6(1)(c))	Tax and accounting compliance; responding to lawful authority requests; maintaining legally required records	Required by EU/UK law or the laws of our jurisdiction
Consent (Art. 6(1)(a))	Non-essential cookies and tracking technologies; marketing to new prospects; processing special category data [IF APPLICABLE]	You may withdraw consent at any time without affecting the lawfulness of prior processing. Manage consent via our cookie settings panel or marketing unsubscribe link.
Vital Interests (Art. 6(1)(d))	Emergency situations only	Used only to protect someone's life or physical safety; applied rarely

Special Category Data (Art. 9 GDPR): We do not intentionally collect special categories of personal data (data revealing racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data about sex life or sexual orientation) unless required by law or with your explicit consent. If we ever process such data, we will identify an appropriate Article 9 condition and notify you.

6. How We Share Your Personal Information

We do not sell your personal information for monetary or other valuable consideration. We may share personal information as described below.

6.1 Services Providers and Data Processors

We engage third-party companies to perform services on our behalf, including:

Cloud infrastructure and hosting providers;
Payment processors (subject to PCI-DSS compliance; they handle billing data independently);
Customer relationship management (CRM) and marketing automation platforms;
Customer support and helpdesk tools;
Analytics, error monitoring, and performance measurement tools;
Email delivery and communications services; and
Security, identity verification, and fraud prevention services.

Service providers are authorized to use personal information only as necessary to provide services to us and are bound by contractual data protection obligations. Under GDPR/UK GDPR, these parties act as data processors and we execute Data Processing Agreements (DPAs) with each.

6.2 Business Partners

We may share information with marketing consultants, technology integration partners, resellers and/or referral partners to facilitate the delivery of the Services or complementary offerings, subject to contractual obligations requiring those partners to protect personal information in a manner consistent with this Policy. Such sharing will be disclosed at the time of collection or in a supplemental notice.

6.3 Analytics and Advertising

We use third-party analytics services and, where applicable, advertising networks. These providers may receive device identifiers, usage data, and demographic inferences. Specific tools are identified in Section 7 (Cookies). You may opt out as described in Sections 8 and 13.

6.4 Corporate Transactions

If we undergo a merger, acquisition, asset sale, reorganization, dissolution, or similar transaction, personal information may be transferred to a successor entity as part of that transaction, subject to appropriate confidentiality protections. The successor entity will be bound by this Policy with respect to previously collected personal information until it provides its own notice of any changes. We will provide notice to affected individuals prior to or promptly following such a transaction: (a) for EEA/UK residents, the new controller will notify you of its identity, contact details, and any new purposes within one month of the transfer in accordance with GDPR Articles 13/14; (b) for Quebec residents, we will conduct a Privacy Impact Assessment (PIA/EFVP) prior to the transfer as required by Quebec Law 25 and notify the Commission d'acces a l'information (CAI) where applicable; (c) for California residents, we will provide notice and honor prior opt-out preferences under the CCPA/CPRA; and (d) for Canadian residents under PIPEDA, the successor organization will be bound by existing consent obligations and individuals will be notified of the change. Where required by applicable law, we will seek consent or provide an opt-out opportunity before any material change in the use of personal information resulting from such a transaction.

6.5 Legal Requirements and Protection of Rights

We may disclose personal information if we reasonably believe that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of us, our users, or the public where there is a credible threat; or (d) detect, prevent, or address fraud, security incidents, or technical issues.

6.6 CCPA/CPRA — Sale and Sharing Disclosure

Under the CCPA/CPRA, certain data disclosures to advertising and analytics partners may qualify as a "sale" or "sharing" for cross-context behavioral advertising even without a direct monetary exchange. We may "share" personal information (such as cookie identifiers and usage data) with advertising partners for cross-context behavioral advertising. California residents may opt out via the "Do Not Sell or Share My Personal Information" link on our homepage or by submitting a request as described in Section 12.5. We honor Global Privacy Control (GPC) signals. We do not sell or share the personal information of consumers known to be under 16 years of age without opt-in consent.

7. Cookies and Tracking Technologies (Cookie Policy)

7.1 What Are Cookies?

Cookies are small data files stored on your device when you visit a website. We also use related tracking technologies including web beacons (clear GIFs or pixel tags), HTML5 local storage, and software development kits (SDKs). We use the term "cookies" throughout this Section to refer to all such technologies collectively.

7.2 Types of Cookies We Use

Category	Purpose	Examples / Tools	Consent Required?	Duration
Strictly Necessary	Essential for the Site and Services to function. Cannot be disabled without breaking core functionality.	Session management, authentication tokens, CSRF protection, load balancer routing, user session state	No — exempt from consent requirements; required for operation	[•]
Functional / Preference	Remember your preferences and settings to enhance your experience.	Language preference, timezone, UI display preferences, theme selection	Yes (EU/UK/Canada); opt-out available for other jurisdictions	[•]
Analytics / Performance	Understand how users interact with our Site and Services; measure performance; identify areas for improvement.	Google Analytics / Segment (Twilio) / PostHog / Amplitude / HubSpot / VWO / Intercom	Yes (EU/UK/Canada); opt-out available for other jurisdictions	[•]
Marketing / Advertising	Deliver relevant advertising; measure ad campaign performance; enable remarketing and retargeting.	Google Ads / DoubleClick / Meta Pixel / LinkedIn Insight Tag / Reddit	Yes (EU/UK/Canada); Opt-out / GPC honored for California and other US states	[•]

7.3 First-Party vs. Third-Party Cookies

First-party cookies are set directly by us. Third-party cookies are set by third-party services we integrate into our Site (e.g., analytics and advertising providers). Third parties may use cookies to track your activity across different websites and over time. While we select and configure the third-party services deployed on our Site, the data collected by those third parties is also subject to their own privacy policies. We encourage you to consult each provider's privacy policy for more information about their data practices, which can be reviewed here:

Cloudflare — Privacy Policy
CookieYes — Privacy Policy
YouTube — Privacy Policy
Google Analytics — Privacy Policy
Google Tag Manager — Privacy Policy
Google Advertising (DoubleClick) — Privacy Policy
Calendly — Privacy Policy
Zapier — Privacy Policy
Site Search 360 — Privacy Policy
Segment — Privacy Policy
Amplitude — Privacy Policy
HubSpot — Privacy Policy
VWO — Privacy Policy
Reddit — Privacy Policy
Facebook (Meta) — Privacy Policy
LinkedIn — Privacy Policy
Zendesk — Privacy Notice
Beamer — Privacy Policy
Stripe — Privacy Policy
WordPress — Privacy Policy
Elementor — Privacy Policy
Shopify — Privacy Policy
Intercom — Privacy Policy
Descript — Privacy Policy
Vimeo — Privacy Policy
OneTrust — Privacy Notice
PostHog — Privacy Policy

The table below lists the specific cookies used on our Site:

Cookie / Service	Provider	Purpose	Category	Duration
VISITOR_INFO1_LIVE	YouTube	Measures bandwidth and determines whether the user receives the new or old YouTube player interface.	Functional	6 months
ytidb::LAST_RESULT_ENTRY_KEY	YouTube	Stores the last search result clicked by the user to improve future search relevance.	Functional	Never Expires
_calendly_session	Calendly	Enables meeting scheduling functionality and allows events to be added to the visitor's calendar.	Functional	14 days
ssi--sessionId	Site Search 360	Stores information about actions performed during the current visit, including website searches.	Functional	1 year
ssi--lastInteraction	Site Search 360	Optimizes website search functionality and helps provide accurate and fast search results.	Functional	10 minutes
_zendesk_*	Zendesk	Maintains secure authentication, preserves session state, and enables support and live chat functionality.	Functional	5 minutes
_BEAMER_*	Beamer	Tracks interactions with announcement widgets, remembers preferences, identifies repeat visitors, and delivers targeted updates.	Functional	1 year
_BEAMER_	Beamer	Tracks interactions with announcement widgets, remembers preferences, identifies repeat visitors, and delivers targeted updates.	Functional	1 year
JSESSIONID	Beamer	Maintains a secure anonymous session with Beamer backend services and ensures widget functionality.	Functional	Session
eventPopupClosed	Docparser	Remembers dismissal of announcement or event popups to prevent them from reappearing.	Functional	30 days
SAPISID	Google	Authenticates Google accounts, prevents fraudulent logins, remembers preferences, and supports personalized content and integrations.	Functional	2 years
ajs_*	Segment / ProfitWell	Assigns anonymous or identified user IDs to track subscriber journeys, conversion paths, and revenue attribution across visits.	Functional	1 year
dp2019	Docparser	Session identifier used for authentication.	Necessary	12 hours
__cf_bm	Cloudflare	Supports Cloudflare Bot Management and security protections.	Necessary	1 hour
VISITOR_PRIVACY_METADATA	YouTube	Stores the user's cookie consent state for the current domain.	Necessary	6 months
_cfuvid	Cloudflare	Distinguishes users behind shared IP addresses for security and rate limiting.	Necessary	Session
OptanonConsent	OneTrust	Stores consent preferences for cookie categories.	Necessary	1 year
m	Stripe	Fraud prevention and device identification.	Necessary	1 year 1 month 4 days
ssohint	Zapier	Checks for an existing SSO session during authentication.	Necessary	Session
currentAccountId	Zapier	Maintains account context during authenticated sessions.	Necessary	Session
cookieyes-*	CookieYes	Stores and manages consent preferences.	Necessary	1 year
landed	Docparser	Stores landing page information.	Necessary	14 days
referer	Docparser	Stores navigation and clickstream data and helps prevent CSRF attacks.	Necessary	Past
wpEmojiSettingsSupports	WordPress	Determines whether the browser supports emoji display.	Necessary	Session
plan	Docparser	Assists with the account sign-up process.	Necessary	14 days
elementor	Elementor / WordPress	Enables website content management and real-time editing features.	Necessary	Never Expires
cookietest	Shopify	Determines whether the browser accepts cookies.	Necessary	Session
rc::a	Google reCAPTCHA	Identifies bots and protects against spam and abuse.	Necessary	Never Expires
rc::c	Google reCAPTCHA	Identifies bots and protects against spam and abuse.	Necessary	Session
_help_center_session	Zendesk	Maintains support center session settings and preferences.	Necessary	Session
_zendesk_shared_session	Zendesk	Stores support portal session preferences.	Necessary	Session
_zendesk_session	Zendesk	Stores support portal session preferences.	Necessary	Session
language	Docparser	Stores preferred programming language selection for API documentation.	Necessary	Never Expires
identity	Docparser	Securely identifies users who select "Remember Me" during login.	Necessary	7 days
remember_code	Docparser	Stores an encrypted authentication token for persistent login.	Necessary	7 days
sidebar-state	Docparser	Remembers whether the navigation sidebar is expanded or collapsed.	Necessary	Session
hide_sidebar	Docparser	Stores sidebar visibility preference in the Power Editor.	Necessary	30 days
model_search_left	Docparser	Stores sidebar visibility preference on multi-layout pages.	Necessary	30 days
coupon	Docparser	Remembers discount or promotional codes during checkout.	Necessary	1 hour
deleted_user_id	Docparser	Temporarily links deleted accounts to feedback or exit survey data.	Necessary	3 hours
ref_token	Docparser	Tracks affiliate and referral attribution.	Necessary	14 days
_GRECAPTCHA	Google	Provides fraud protection and bot detection for forms.	Necessary	6 months
SID	Google	Authenticates users and provides security and preference management.	Necessary	2 years
HSID	Google	Authenticates users and provides security and preference management.	Necessary	2 years
S	Google	Maintains temporary interface state and user preferences.	Necessary	Session
SIDCC	Google	Protects account data and validates authenticated sessions.	Necessary	1 year
SEARCH_SAMESITE	Google	Prevents unauthorized cross-site requests and CSRF attacks.	Necessary	6 months
__Secure-has_logged_in	Stripe	Remembers whether a browser has previously logged into Stripe services.	Necessary	6 months
__stripe_mid	Stripe	Identifies devices to help detect fraudulent payment attempts.	Necessary	1 year
__stripe_orig_props	Stripe	Stores referral and landing-page information for Stripe services.	Necessary	1 year
__stripe_sid	Stripe	Supports fraud prevention and risk assessment during payment processing.	Necessary	30 minutes
cid	Stripe	Supports fraud detection and transaction security.	Necessary	1 year
machine_identifier	Stripe	Identifies devices to help prevent fraud and unauthorized access.	Necessary	1 year
merchant	Stripe	Maintains merchant-specific session state during payment processing.	Necessary	Session
private_machine_identifier	Stripe	Persistent device identifier used for fraud prevention.	Necessary	1 year
site-auth	Stripe	Maintains authenticated session state.	Necessary	Session
csrftoken	Zapier	Protects against Cross-Site Request Forgery (CSRF) attacks.	Necessary	1 year
signonidentity	Zapier	Maintains encrypted authenticated user sessions.	Necessary	Session
ssohint	Zapier	Checks for valid Single Sign-On sessions.	Necessary	Session
zapha	Zapier	Stores dashboard state and operational preferences.	Necessary	1 year
__tld__	Segment	Analytics cookie used by Segment.	Analytics	Session
ajs_anonymous_id	Segment	Counts visitors and identifies returning visitors across sessions.	Analytics	Never Expires
YSC	YouTube	Tracks views and interactions with embedded YouTube videos.	Analytics	Session
amp_*	Amplitude	Session tracking and visitor analytics.	Analytics	1 year
_ga_*	Google Analytics	Stores and counts page views.	Analytics	1 year 1 month 4 days
_gat_gtag_UA_*	Google Analytics	Stores a unique user identifier and assists analytics collection.	Analytics	1 minute
_gid	Google Analytics	Tracks how visitors use the website and generates usage reports.	Analytics	1 day
_ga	Google Analytics	Calculates visitor, session, and campaign data for analytics reporting.	Analytics	1 year 1 month 4 days
__hssrc	HubSpot	Determines whether a visitor has restarted their browser and started a new session.	Analytics	Session
__hssc	HubSpot	Tracks sessions and increments session counts and timestamps.	Analytics	1 hour
__hstc	HubSpot	Primary visitor tracking cookie containing visit and session history.	Analytics	6 months
hubspotutk	HubSpot	Tracks visitors and assists with contact deduplication on form submissions.	Analytics	6 months
OTZ	Google	Aggregates website traffic statistics and tracks interaction with Google services.	Analytics	1 month
_gat	Google Analytics	Throttles request rates to improve analytics performance on high-traffic sites.	Analytics	1 minute
_vis_opt_*	VWO	Detects whether cookies are enabled and tracks optimization test sessions.	Analytics	Session
intercom-id-*	Intercom	Stores an anonymous browser identifier for visitor recognition and conversation history.	Analytics	6.5 months
intercom-device-id-*	Intercom	Stores a device identifier to distinguish visitors and prevent abuse.	Analytics	6.5 months
AMP_*	Amplitude	Session tracking and visitor analytics.	Analytics	1 year
_vwo*	VWO (Visual Website Optimizer)	Calculates unique visitor traffic and supports website performance measurement and optimization.	Performance	1 year
_gat	Google Analytics	Restrains request rate and limits data collection on high-traffic websites to improve analytics performance.	Performance	1 minute
__Secure-YNID	YouTube	Protects user security and helps prevent fraud, especially during login processes.	Advertisement	6 months
__Secure-ROLLOUT_TOKEN	YouTube	Manages feature rollouts and experimentation, ensuring consistent user experience during tests.	Advertisement	6 months
__Secure-YEC	YouTube	Advertising and user preference cookie used by YouTube.	Advertisement	Past
_rdt_uuid	Reddit	Builds a profile of visitor interests and displays relevant advertisements.	Advertisement	3 months
test_cookie	DoubleClick	Determines whether the user's browser supports cookies.	Advertisement	15 minutes
_fbp	Meta (Facebook)	Stores and tracks visitor interactions for advertising and remarketing purposes.	Advertisement	3 months
li_gc	LinkedIn	Stores visitor consent preferences for non-essential LinkedIn cookies.	Advertisement	6 months
lidc	LinkedIn	Facilitates data center selection and request routing.	Advertisement	1 day
_rdt_*	Reddit	Tracks visitor activity, measures campaign effectiveness, and optimizes ad delivery.	Advertisement	3 months
_gcl_au	Google Tag Manager	Experiments with and measures advertising effectiveness across websites.	Advertisement	3 months
NID	Google	Used for advertising purposes, ad frequency capping, and measuring ad effectiveness.	Advertisement	6 months
IDE	DoubleClick	Stores information about visitor behavior to provide relevant advertisements.	Advertisement	1 year 24 days
UserMatchHistory	LinkedIn	Supports LinkedIn Ads identity synchronization.	Advertisement	30 days
AnalyticsSyncHistory	LinkedIn	Stores information about synchronization timing with LinkedIn analytics services.	Advertisement	30 days
li_sugr	LinkedIn	Collects visitor behavior data to improve advertising relevance.	Advertisement	2 years
bscookie	LinkedIn	Stores actions performed on LinkedIn-enabled websites.	Advertisement	2 years
bcookie	LinkedIn	Recognizes browser identifiers from LinkedIn share buttons and advertising tags.	Advertisement	1 year
SSID	Google	Authenticates Google accounts, stores preferences, and supports personalized advertising and content delivery.	Advertisement	2 years
APISID	Google	Authenticates Google accounts, stores preferences, and supports personalized advertising and content delivery.	Advertisement	2 years
DV	Google	Caches preference states and supports advertising personalization and measurement.	Advertisement	28 days

7.4 Managing Your Cookie Preferences

You have several options to control or opt out of cookies:

Cookie Consent Banner / Consent Management Platform (CMP): When you first visit our Site, a cookie consent banner will appear. You may accept all cookies, reject all non-essential cookies, or customize your preferences by category. Rejecting non-essential cookies is as easy as accepting them — we do not use pre-checked boxes or dark patterns. Your consent preferences are recorded and can be verified for compliance purposes. You can update your preferences at any time by clicking "Cookie Settings" at the bottom of our website. If you do not interact with the banner, no non-essential cookies will be placed.
Browser Controls: Most browsers allow you to block or delete cookies through browser settings. Restricting cookies may affect the functionality of our Site or Services. Visit your browser's help documentation for instructions.
Industry Opt-Out Tools: Opt out of interest-based advertising at: optout.networkadvertising.org (NAI); optout.aboutads.info (DAA); youronlinechoices.eu (EDAA, for EU/UK users).
Google Analytics Opt-Out: Install the Google Analytics browser add-on at tools.google.com/dlpage/gaoptout.

7.5 Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) opt-out preference signal. If your browser or device transmits a GPC signal, we will treat it as a request to opt out of the "sale" and "sharing" of your personal information under applicable law, including for California residents under CCPA/CPRA and for residents of other states that require GPC recognition. Honoring GPC does not disable strictly necessary cookies.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, subject to any longer retention period required by applicable law. Our retention criteria include:

Account data: retained for the duration of your active account, plus 24 months thereafter to allow account reactivation and resolve outstanding billing or legal matters;
Transaction and billing records: retained for 7 years as required by tax, accounting, and financial regulations;
Support and communications data: retained for 36 months after closure of the inquiry or account;
Cookie and analytics data: retained per the lifespan set for each cookie type (see Section 7.2), or as configured in our analytics platforms (typically 13–26 months);
Marketing data: retained until you opt out or unsubscribe, plus a brief period to process your request; and
Legal hold data: retained as long as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

When personal information is no longer needed for any of the above purposes, we securely delete or irreversibly anonymize it. Where immediate deletion is technically infeasible (e.g., in backup archives), we isolate the data from further use until deletion is possible.

9. International Data Transfers

Docparser is based in Edina, Minnesota. Our servers, systems, and service providers may be located in the United States and Canada, among other countries. If you access the Services from outside the United States, your personal information may be transferred to, stored in, and processed in the United States and other countries that may not provide the same level of data protection as your country of residence.

9.1 Transfers from the EEA

For transfers of personal data from the EEA to countries not recognized by the European Commission as providing adequate protection, we rely on European Commission Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 (using Controller-to-Processor [Module 2] or Controller-to-Controller [Module 1] clauses as applicable). Copies of our SCCs are available upon request at [email protected].

9.2 Transfers from the United Kingdom

For transfers of personal data from the UK to countries not recognized as adequate by the UK Secretary of State, we rely on the UK International Data Transfer Agreement (IDTA) issued by the Information Commissioner's Office, or the UK Addendum to the EU Standard Contractual Clauses (as applicable). Copies are available upon request at [email protected].

9.3 Transfers from Canada (Including Quebec)

For cross-border transfers of personal information from Canada, we implement contractual safeguards to ensure recipients provide a comparable level of protection. For personal information from Quebec, we conduct a Privacy Impact Assessment (PIA / Evaluation des facteurs relatifs à la vie privée — EFVP) prior to any cross-border communication, as required by Quebec Law 25.

10. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, destruction, or loss, including:

Encryption of data in transit using TLS 1.2 or higher;
Encryption of sensitive data at rest using industry-standard algorithms;
Role-based access controls and the principle of least privilege;
Multi-factor authentication (MFA) required for administrative system access;
Regular security testing, vulnerability assessments, and penetration testing;
Security due diligence of service providers, with Data Processing Agreements (DPAs) for all vendors handling personal data; and
Employee and contractor training on data protection, security awareness, and confidentiality obligations.

No security measure is completely impenetrable. If you believe your account or personal information has been compromised, please contact us immediately at [email protected]. In the event of a personal data breach, we will notify affected individuals and relevant regulatory authorities as required by applicable law, including within 72 hours of becoming aware of a reportable breach under GDPR/UK GDPR, and within the timeframes required by applicable U.S. state breach notification laws and Canadian privacy legislation (including Quebec Law 25, which requires notification to the CAI and affected individuals when there is a risk of serious injury).

11. Children's Privacy

Our Site and Services are not directed to children under the age of 13 (or under 16 where required by applicable law, such as the GDPR) and we do not knowingly collect personal information from children without verified parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected] and we will promptly delete that information.

We comply with the Children's Online Privacy Protection Act (COPPA) in the United States, the UK Children's Code (Age Appropriate Design Code), applicable GDPR protections for children's personal data, and analogous Canadian requirements. Where we become aware that we have collected personal information from a child without appropriate consent, we will delete it as soon as practicable.

12. Your Privacy Rights and How to Exercise Them

12.1 California Residents — CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act) ("CCPA/CPRA"):

Right	What It Means
Right to Know (Categories)	Request disclosure of: the categories of personal information we have collected about you; categories of sources; our business/commercial purposes for collecting it; categories of third parties we disclosed it to; and the specific pieces of personal information we hold about you.
Right to Delete	Request deletion of personal information we have collected, subject to statutory exceptions (e.g., completing an ongoing transaction, security purposes, legal obligations, fraud detection).
Right to Correct	Request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale / Sharing	Opt out of the "sale" of personal information or its "sharing" for cross-context behavioral advertising.
Right to Limit Use of Sensitive PI	Request that we limit our use and disclosure of sensitive personal information to purposes expressly permitted by the CPRA (e.g., providing the Services you requested).
Right to Non-Discrimination	We will not deny goods or services, charge different prices, or provide a different quality of service because you exercised your CCPA/CPRA rights.
Shine the Light (Cal. Civ. Code §1798.83)	Once per calendar year, California residents may request a list of categories of personal information we have shared with third parties for their direct marketing purposes during the prior calendar year. Email [email protected] with subject line "Shine the Light Request."

12.2 EEA and UK Residents — GDPR / UK GDPR

If you are located in the EEA or UK, you have the following rights under the GDPR and/or UK GDPR:

Right	What It Means
Right of Access (Art. 15)	Obtain confirmation of whether we process your personal data and, if so, receive a copy of that data together with prescribed supplementary information (including purposes, categories, recipients, retention period, and applicable rights).
Right to Rectification (Art. 16)	Request correction of inaccurate personal data and completion of incomplete personal data.
Right to Erasure / Right to be Forgotten (Art. 17)	Request deletion of your personal data where: it is no longer necessary for its original purpose; you withdraw consent (and there is no other legal basis); you successfully object (see below); or the data has been unlawfully processed.
Right to Restriction (Art. 18)	Request suspension of processing in certain circumstances (e.g., while we verify data accuracy or assess an objection).
Right to Data Portability (Art. 20)	Receive personal data you provided to us in a structured, commonly used, machine-readable format, and transmit it to another controller (applies where processing is consent- or contract-based and is automated).
Right to Object (Art. 21)	Object to processing based on legitimate interests or direct marketing at any time. For direct marketing, we will always honor your objection immediately. For other legitimate interest processing, we will comply unless we can demonstrate compelling overriding legitimate grounds.
Rights re Automated Decision-Making (Art. 22)	Not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects on you. We do not use solely automated decision-making with significant legal effects.
Right to Withdraw Consent	Withdraw consent at any time (where processing is consent-based) without affecting the lawfulness of prior processing.
Right to Lodge a Complaint	Lodge a complaint with the supervisory authority in your EU Member State of habitual residence, place of work, or where the alleged infringement occurred. UK residents may contact the ICO at ico.org.uk or 0303 123 1113.

12.3 Canadian Residents — PIPEDA and Quebec Law 25

If you reside in Canada, you have the following rights:

Right of Access: Request access to the personal information we hold about you and information about how it has been and is being used and disclosed;
Right to Correction: Request correction of personal information that is inaccurate or incomplete;
Right to Withdraw Consent: Withdraw consent to our collection, use, or disclosure of personal information, subject to legal or contractual restrictions and reasonable notice. Withdrawal may limit our ability to provide certain Services;
Right to File a Complaint: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca. Quebec residents may also contact the Commission d'accès à l'information (CAI) at www.cai.gouv.qc.ca.

Quebec Law 25 — Specific Disclosures:

Our designated Privacy Officer is: Julien Francois, Chief Financial Officer, [email protected];
We conduct Privacy Impact Assessments (PIAs / EFVPs) prior to any cross-border communication of personal information from Quebec;
We do not use solely automated processing that produces legal or significant effects on individuals.

12.4 Other U.S. State Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Montana (MCDPA), Oregon (OCPA), Utah (UCPA), and other states with comprehensive privacy statutes have the rights set out below. Please note that not all rights are available in every state – for example, Utah does not provide a right to correction.

Right	What It Means
Right of Access / Confirmation	Confirm whether we process your personal data and obtain a copy of that data.
Right to Correction	Request correction of inaccuracies in your personal data.
Right to Deletion	Request deletion of personal data you have provided to us or that we have obtained about you.
Right to Portability	Obtain personal data in a portable, readily usable format.
Right to Opt-Out	Opt out of: (a) the sale of personal data; (b) targeted advertising; and (c) profiling in furtherance of solely automated decisions producing legal or similarly significant effects.
Right to Appeal	If we decline your request, you may appeal by emailing [email protected] with subject line "Privacy Rights Appeal — [Name Your State]." We will respond within 45–60 days as required by your state. If your appeal is denied, you may contact your State Attorney General.

Nevada Residents (SB 220): Nevada law gives certain residents the right to opt out of the sale of "covered information." We do not "sell" covered information as defined under Nevada law. Contact [email protected] with questions.

12.5 How to Submit a Privacy Rights Request

To exercise any rights described in this Section 12, please use one of the following methods. All request mechanisms are designed to be accessible in accordance with Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. If you need assistance submitting a request due to a disability or require this Policy in an alternative format (e.g., large print, audio, or screen-reader-compatible), please contact us at [email protected] with the subject line: "Privacy Rights Request" or by telephone at 507-323-9225 and we will provide reasonable accommodations.

12.6 Verification of Identity

To protect your privacy and security, we must verify your identity before fulfilling your request. For account holders, we typically verify through account credentials. For non-account holders or where additional verification is needed, we may request information to reasonably identify you. We use verification information solely to process your request.

12.7 Authorized Agents

You may authorize an agent to submit requests on your behalf. We require written authorization (or a valid power of attorney) and may verify directly with you. California residents may designate an authorized agent by providing the agent with signed, written permission to act on their behalf.

12.8 Response Timeframes

California (CCPA/CPRA): 45 calendar days from receipt; extendable by 45 days with notice;
EEA/UK (GDPR/UK GDPR): 30 calendar days from receipt; extendable by 2 months with notice in complex cases;
Canada (PIPEDA): 30 calendar days from receipt; extendable where permitted;
Virginia, Colorado, Connecticut, Oregon: 45 days; extendable by 45 days with notice; Montana: 45 days; extendable by 15 days with notice;
Texas, Indiana: 45 days; extendable; and
Utah: 45 days; extendable by 45 days with notice.

12.9 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny goods or services, charge different prices, or provide a different quality of service because you exercised any right under this Policy, except as permitted by law.

13. Third-Party Links and Services

Our Site and Services may contain links to third-party websites, platforms, or integrations not operated by us. This Policy does not apply to those third-party services and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

Where our Services integrate with third-party platforms (e.g., accounting, CRM, or productivity software), we recommend reviewing those providers' privacy policies to understand how they handle your personal information.

14. Changes to This Privacy Policy

We may update this Policy periodically to reflect changes in our data practices, technology, or applicable law. When we make material changes, we will:

Update the "Effective Date" and "Last Updated" dates at the top of this Policy;
Post a prominent notice on our Site and/or within the Services;
Where required by applicable law, notify you by email or a notification within the Services prior to the change taking effect, and/or obtain your consent.

We encourage you to review this Policy periodically. Your continued use of the Site or Services after changes become effective constitutes acceptance of the updated Policy to the extent permitted by applicable law. Where applicable law (such as the GDPR or UK GDPR) requires affirmative consent for material changes, we will obtain such consent before the changes take effect. If you do not agree with the updated Policy, you should discontinue use of the Services.

15. Who We Are and How to Contact Us

For questions, concerns, requests, or complaints about this Policy or our privacy practices, please contact us:

Legal Entity Name: SureSwift Worldwide Inc. dba Docparser
Website: https://www.docparser.com
Mailing: 5201 Eden Avenue, Suite 300, Edina, MN 55436, Attn: Privacy Officer
Privacy Contact Email: [email protected]
Quebec Privacy Officer: Julien Francois, Chief Financial Officer, [email protected]

15.1 Supervisory Authorities

You also have the right to contact your relevant data protection supervisory authority:

EU Residents: The supervisory authority in your EU Member State of habitual residence, place of work, or where the alleged infringement occurred;
UK Residents: Information Commissioner's Office (ICO) – www.ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;
Canadian Residents (Federal): Office of the Privacy Commissioner of Canada (OPC) – www.priv.gc.ca;
Quebec Residents: Commission d'acces a l'information (CAI) – www.cai.gouv.qc.ca;
California Residents: California Privacy Protection Agency (CPPA) – www.cppa.ca.gov; and
Other U.S. State Residents: Your applicable State Attorney General's office.

Appendix A

Key Definitions

Term	Definition
CCPA/CPRA	California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.), as amended by the California Privacy Rights Act (Prop. 24), fully effective January 1, 2023
Controller	The entity that determines the purposes and means of processing personal data
COPPA	Children's Online Privacy Protection Act (15 U.S.C. §§6501–6506)
EEA	European Economic Area: the 27 EU member states plus Iceland, Liechtenstein, and Norway
GDPR	EU General Data Protection Regulation (EU) 2016/679
GPC	Global Privacy Control: a browser/device opt-out preference signal for data sale and sharing
IDTA	International Data Transfer Agreement: UK mechanism for compliant international personal data transfers, issued by the ICO
LIA	Legitimate Interests Assessment: a documented balancing test performed under GDPR Art. 6(1)(f)
Personal Information / Personal Data	Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable natural person
PIA / EFVP	Privacy Impact Assessment / Evaluation des facteurs rélatifs à la vie privée: assessment required under Quebec Law 25 before cross-border transfers
PIPEDA	Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (Canada)
Processor / Service Provider	An entity that processes personal data on behalf of and under the instructions of a controller
Quebec Law 25	Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (S.Q. 2021, c. 25)
SCCs	Standard Contractual Clauses: European Commission-approved contractual safeguards for international data transfers (Commission Implementing Decision (EU) 2021/914)
Sensitive Personal Information	CPRA: SSN, driver's license/passport numbers, financial account credentials, precise geolocation, racial/ethnic origin, religious beliefs, union membership, health data, biometric identifiers, sexual orientation, private communications. GDPR Art. 9: racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.
UK GDPR	The GDPR as retained in UK domestic law by the European Union (Withdrawal) Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019

Appendix B

State-Specific Supplemental Disclosures

B.1 Colorado (Colorado Privacy Act – CPA, C.R.S. §6-1-1301 et seq.)

Colorado residents have rights of access, correction, deletion, portability, and opt-out of sale, targeted advertising, and profiling. To appeal a denied request, email [email protected] with "Colorado Privacy Appeal" in the subject line within 45 days of our response. We will respond to the appeal within 45 days. If your appeal is denied, you may contact the Colorado Attorney General at coag.gov/file-complaint.

B.2 Connecticut (Connecticut Data Privacy Act – CTDPA, Conn. Gen. Stat. §42-515 et seq.)

Connecticut residents have rights of access, correction, deletion, portability, and opt-out. To appeal a denied request, email [email protected] with "Connecticut Privacy Appeal" in the subject line. We will respond within 60 days. If denied, contact the Connecticut Attorney General at ct.gov/ag.

B.3 Virginia (Consumer Data Protection Act – VCDPA, Va. Code §§59.1-575 et seq.)

Virginia residents have rights of access, correction, deletion, portability, and opt-out. To appeal, email [email protected] with "Virginia Privacy Appeal" in the subject line within 45 days of our response; we will respond within 60 days. If denied, contact the Virginia Attorney General at oag.state.va.us.

B.4 Texas (Texas Data Privacy and Security Act – TDPSA, Tex. Bus. & Com. Code §541 et seq.)

Texas residents have rights of access, correction, deletion, portability, and opt-out. To appeal, email [email protected] with "Texas Privacy Appeal" in the subject line. We will respond within 45 days. If denied, contact the Texas Attorney General at www.texasattorneygeneral.gov.

B.5 Oregon (Oregon Consumer Privacy Act – OCPA, Or. Rev. Stat. §646A.570 et seq.)

Oregon residents have rights of access, correction, deletion, portability, and opt-out. To appeal, email [email protected] with "Oregon Privacy Appeal" in the subject line. If denied, contact the Oregon Attorney General at doj.state.or.us.

B.6 Montana (Montana Consumer Data Privacy Act – MCDPA, Mont. Code Ann. §30-14-3201 et seq.)

Montana residents have rights of access, correction, deletion, portability, and opt-out. To appeal a denied request, email [email protected] with "Montana Privacy Appeal" in the subject line; we will respond within 45 days.

B.7 Utah (Utah Consumer Privacy Act – UCPA, Utah Code §13-61-101 et seq.)

Utah residents have rights of access, deletion, portability, and opt-out of sale of personal data and targeted advertising. Response time: 45 days, extendable by 45 days with notice. Submit requests using the methods in Section 12.5.

B.8 Delaware, Indiana, Iowa, Tennessee, and Other Enacting States

We will comply with all enacted comprehensive U.S. state privacy laws as they come into effect, including but not limited to laws in Delaware, Indiana, Iowa, Tennessee, New Hampshire, New Jersey, Nebraska, Kentucky, Maryland, Minnesota, and Rhode Island. If your state has enacted such a law and it covers our processing activities, you may exercise your applicable rights using the methods described in Section 12.5. Contact us at [email protected] and we will respond in accordance with your applicable rights and the timeframes required by your state's law.