Privacy & Data Safety

Privacy Policy

Last updated: June 4, 2026. Review how DocBox manages and respects your document security.

1. Scope & Core Principle

Welcome to DocBox. We are committed to protecting your privacy. The core operating principle of our platform is that we do not copy, duplicate, or store your original files or document contents on our servers.

DocBox acts exclusively as an overlay interface to streamline how you preview, structure, search, and collaborate on documents that remain securely stored in your own personal or enterprise Google Drive account.

2. Google Drive Access & Permissions

In order to offer the Windows-like tree folder view, search utilities, and collection forms, we request authorization to access your Google Drive files via secure OAuth 2.0 protocols:

  • Scope of Access: We request permissions to read metadata (file names, sizes, structures, tags) and facilitate document uploads or creation.
  • Local Metadata Caching: File structures are indexed locally in encrypted database tables solely to enable instantaneous keyword search queries and nested layouts.
  • No File Copying: We do not download or transfer your physical documents (PDFs, docs, sheets, images) to external repositories.

3. Personal Data We Collect

We collect limited personal and telemetry data necessary to operate our service:

  • Profile Information: Name, email address, profile avatar, and secure tokens provided during your Google Sign-in.
  • Usage Logs: System metrics, browser environment parameters, page loads, and active folder counts.
  • Billing Data: Transaction tokens, subscriptions, and receipt logs. We do not store credit card credentials; payment operations are handled via certified payment networks.

4. How We Use Your Information

We process your information for the following limited purposes:

  • Providing the tree UI, search indexes, and document templates.
  • Processing payments and managing subscription accounts.
  • Dispatching transaction emails, query responses, and operations alerts.
  • Verifying compliance with API rules and service terms.

5. Security & Storage

All index data and active tokens are protected using standard secure protocols:

We use AES-256 encryption at rest and secure SSL/TLS channels for all traffic in transit. Our servers run in Google Cloud environments, taking advantage of corporate-grade data center compliance grids.

6. Your Rights & Access Revocation

You retain complete control over your file accesses. At any moment, you can review and revoke DocBox's permissions entirely:

  • You can disconnect Google Drive accesses inside your DocBox settings dashboard.
  • You can revoke OAuth permissions globally inside your Google Account Security Dashboard (under Apps with Access to your Account).
  • You can request complete deletion of your indexed metadata profile.

7. Contact & Policy Updates

We may periodically update this privacy framework to reflect operational revisions, browser adjustments, or legal compliance additions. Revisions are effective immediately upon posting.

If you have questions regarding this policy or data safety protocols, please contact our support team directly via our Contact Form Page.