Privacy Policy

Last updated: April 8, 2026

1. Our Local-First Approach

Docure is built on a local-first architecture. This means your data is stored directly on your device using your browser's local storage (IndexedDB). By default, no data leaves your device. We do not have access to your documents, contracts, notes, bookmarks, or any other content you create in the app.

2. Data We Collect

2.1 Data stored locally (on your device)

All content you create in Docure is stored locally in your browser, including:

  • Contracts and contract files
  • Kanban tickets and workspaces
  • Notes and note attachments
  • Bookmarks and bookmark workspaces
  • Contacts and invoices
  • Application settings and preferences

This data is never sent to our servers unless you explicitly enable sync features.

2.2 Account data (if you create an account)

If you choose to create an account for team sync or cloud backup, we collect:

  • Email address
  • Display name (optional)
  • Authentication credentials (securely hashed)

2.3 Analytics

Our marketing website (docure.me) may use privacy-friendly analytics to understand visitor behavior. The application itself (app.docure.me) does not include any tracking or analytics.

3. Optional Cloud Sync

If you opt into cloud sync or team collaboration features, your data will be transmitted to and stored on our servers (hosted on Supabase infrastructure in the EU). Sync is always opt-in and can be disabled at any time. When sync is disabled, your data remains exclusively on your device.

4. Data Security

We implement the following security measures:

  • Content Security Policy (CSP) to prevent unauthorized network requests
  • Service Worker gate that blocks external connections by default
  • Row-level security (RLS) on all cloud-synced database tables
  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Secure authentication via Supabase Auth

5. Your Rights

Since your data is stored locally, you have full control over it at all times. You can:

  • Export all your data as a JSON backup at any time
  • Delete all local data by clearing your browser storage
  • Request deletion of any cloud-synced data by contacting us
  • Disable sync at any time to keep data exclusively on your device

Under the GDPR and other applicable data protection laws, you also have the right to access, rectify, restrict processing of, and port your personal data. To exercise these rights, contact us at contact@docure.me.

6. Third-Party Services

The following third-party services may be involved when you use optional features:

  • Supabase (EU) — Authentication and optional cloud sync
  • Vercel — Website and application hosting

We do not sell, share, or transfer your personal data to any other third parties.

7. Cookies

The Docure application does not use cookies for tracking. Authentication tokens are stored in your browser's local storage. The marketing website may use essential cookies for functionality.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of Docure after changes constitutes acceptance of the revised policy.

9. Contact

If you have questions about this privacy policy or your data, contact us at:
contact@docure.me