Home
  1. Home
  2. Privacy Policy

Privacy Policy

16 min read

Last updated: 7 May 2026

This Privacy Policy explains how GDOC PTE. LTD. (“gdoc”, “we”, “us”, or “our”), a company registered in Singapore (UEN: 202614124W) with its registered office at 68 Circular Road, #02-01, Singapore 049422, collects, uses, and protects your personal data when you visit our website gdoc.io (the “Website”) or use our services.

We are the data controller of your personal data under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the Singapore Personal Data Protection Act 2012 (PDPA), and the California Consumer Privacy Act (CCPA/CPRA).

If you have questions about this policy, contact us at hello@gdoc.io.

1. Information We Collect

1.1. Information you provide to us

  • Contact form data: when you submit a request through our contact form, we collect your name, email address, and any information you include in your message.
  • Account data (when registration becomes available): if you create an account, we will collect your email address, password (in hashed form), and any optional profile information you choose to provide.
  • Newsletter subscription (if introduced): if you subscribe to a newsletter, we will collect your email address.

1.2. Information we collect automatically

When you visit the Website or download a template, we automatically collect:

  • IP address;
  • Browser type and user agent;
  • Country of access (derived from IP);
  • Templates viewed or downloaded;
  • Pages visited, referring URLs, and timestamps;
  • Cookies and similar identifiers (see Section 5).

We do not collect sensitive data such as racial or ethnic origin, political opinions, religious beliefs, health, biometric, or genetic data.

2. How We Use Your Information

We process your personal data for the following purposes and on the following legal bases:

Purpose Legal basis (GDPR)
Operating and maintaining the Website Legitimate interest
Providing access to templates and services Performance of contract / Legitimate interest
Responding to your contact requests Legitimate interest / Consent
Account management (when introduced) Performance of contract
Sending newsletters or marketing emails Consent (you may withdraw at any time)
Analyzing Website usage and improving our services Legitimate interest / Consent (where required)
Displaying advertising Consent
Preventing fraud and abuse Legitimate interest
Complying with legal obligations Legal obligation

3. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Website, analyze traffic, and serve advertising. Categories include:

  • Essential cookies — required for the Website to function;
  • Analytics cookies — set by Google Analytics to measure usage;
  • Advertising cookies — set by Google AdSense to serve ads;
  • Preference cookies — to remember your settings (such as language).

For full details and to manage your preferences, please see our Cookie Policy.

4. Advertising and Third-Party Services

4.1. Google AdSense

We display advertising through Google AdSense. Google and its partners may use cookies and similar technologies to serve ads based on your prior visits to our Website or other websites. You can opt out of personalized advertising through Google’s Ads Settings. For more information, see Google’s partner sites policy.

4.2. Google Analytics

We use Google Analytics to understand how visitors use the Website. Google Analytics may set cookies and process IP addresses. You can opt out using the Google Analytics Opt-out Browser Add-on.

5. How We Share Your Data

We do not sell your personal data.

We share your personal data only with:

  • Service providers who help us operate the Website — including hosting (Hetzner Online GmbH, Germany), analytics (Google), and advertising (Google AdSense). These providers process data on our behalf under contractual safeguards.
  • Legal authorities when required by law, court order, or to protect our legal rights.
  • Successors in interest in the event of a merger, acquisition, or sale of assets, in which case you will be notified.

6. International Data Transfers

Our primary servers are located in Germany (European Union), operated by Hetzner Online GmbH. However, some of our service providers (notably Google) process data in the United States and other countries.

When personal data is transferred outside the European Economic Area or the United Kingdom, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.

For users in Singapore, we ensure that personal data transferred outside Singapore is protected to a standard comparable to the PDPA.

7. Data Retention

We keep your personal data only as long as necessary for the purposes described in this Policy:

  • Contact form messages: up to 24 months from the date of submission.
  • Account data (when introduced): for as long as your account is active, plus up to 12 months after deletion.
  • Newsletter subscriptions (when introduced): until you unsubscribe.
  • Analytics data: up to 14 months (configurable in Google Analytics).
  • Server logs (IP, user agent, etc.): up to 12 months.

After these periods, we delete or anonymize the data unless we are legally required to retain it longer.

8. Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (HTTPS), access controls, secure hosting infrastructure, and regular security reviews.

No system is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected users.

9. Your Rights

9.1. Rights for all users

Subject to applicable law, you have the right to:

  • Access — request a copy of the personal data we hold about you;
  • Rectification — ask us to correct inaccurate or incomplete data;
  • Erasure — ask us to delete your personal data;
  • Restriction — ask us to limit processing of your data;
  • Objection — object to processing based on legitimate interests or for direct marketing;
  • Data portability — receive your data in a structured, machine-readable format;
  • Withdraw consent — at any time, where processing is based on consent.

To exercise any of these rights, contact us at hello@gdoc.io. We will respond within 30 days.

9.2. Additional rights for EU/UK residents (GDPR)

If you are located in the EU or UK, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your rights.

9.3. Additional rights for Singapore residents (PDPA)

If you are in Singapore, you have the right to request access to and correction of your personal data, to withdraw consent, and to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

9.4. Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose;
  • Delete personal information we have collected from you;
  • Correct inaccurate personal information;
  • Opt out of the sale or sharing of personal information (note: we do not sell personal information);
  • Limit use of sensitive personal information (we do not collect sensitive personal information as defined under CPRA);
  • Non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at hello@gdoc.io.

10. Children’s Privacy

The Website is not directed to children under 13 (or under 16 for users in the European Economic Area). We do not knowingly collect personal data from children under these ages. If you believe we have inadvertently collected such data, please contact us at hello@gdoc.io, and we will delete it promptly.

11. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If we make material changes, we will notify you by email (where we have your address) or by posting a prominent notice on the Website before the changes take effect.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

GDOC PTE. LTD.
68 Circular Road, #02-01, Singapore 049422
UEN: 202614124W
Email: hello@gdoc.io