Privacy Policy — How We Protect Your Data

Last updated: May 11, 2026

At XyloDocs, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our document management platform and communication services.

Policy contents

The sections below follow the same order as our table of contents for screen readers and search tools.

1. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, company name, and billing information when you create an account
  • Document Data: Files, documents, and metadata you upload to our platform
  • Communication Data: Messages, emails, SMS texts, and call records when you use our communication features
  • Usage Data: Information about how you access and use our services, including IP address, browser type, and device information
  • Client Contact Information: Names, phone numbers, email addresses, and other contact details of your clients that you store in our system

2. SMS and Text Messaging

Phone Number Collection

When you or your clients opt in to receive SMS notifications, we collect and store mobile phone numbers for the purpose of sending text messages.

Message Content

We store the content of SMS messages sent and received through our platform, including timestamps, delivery status, and metadata. This data is encrypted at rest using AES-256 encryption.

TCR Registration

XyloDocs is registered with The Campaign Registry (TCR) for A2P 10DLC messaging compliance. Your business information (EIN/Tax ID, legal business name, and address) may be shared with TCR and mobile carriers for campaign verification and fraud prevention.

Consent Records

We maintain records of opt-in consent, including the date, time, method of consent, and IP address when users agree to receive text messages. This information is retained for compliance with TCPA (Telephone Consumer Protection Act) and carrier regulations.

Third-Party SMS Providers

We use third-party service providers (such as Twilio) to deliver SMS messages. Your phone number and message content are shared with these providers solely to facilitate message delivery. These providers are bound by strict data protection agreements.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our document management and communication services
  • Send SMS notifications, reminders, and updates that you have opted in to receive
  • Process transactions and send billing-related communications
  • Provide customer support and respond to your requests
  • Comply with legal obligations, including TCR registration and TCPA compliance
  • Prevent fraud, unauthorized access, and other security threats
  • Analyze usage patterns to improve our platform

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Third-party vendors who perform services on our behalf (cloud hosting, SMS delivery, payment processing)
  • The Campaign Registry (TCR): Your business information for SMS campaign registration and compliance verification
  • Mobile Carriers: Phone numbers and message metadata for delivery and compliance purposes
  • Legal Authorities: When required by law, subpoena, or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement enterprise-grade security measures to protect your personal data:

AES-256 Encryption

All documents and messages are encrypted at rest

TLS 1.3

Secure data transmission using the latest encryption protocols

SOC 2 Type II Aligned Standards

Our infrastructure and processes are designed in alignment with SOC 2 standards

IRS Publication 1075

Designed to meet federal standards for protecting tax information

Access Controls

Role-based permissions and two-factor authentication

Audit Logging

Complete trail of all system activities for security monitoring

6. Data Retention

We retain your personal data for as long as:

  • Your account is active and you continue using our services
  • Necessary to comply with legal obligations (e.g., tax records, TCR compliance)
  • SMS Consent Records: Retained for a minimum of 4 years after opt-out for TCPA compliance
  • Communication Logs: Stored for up to 7 years for legal and compliance purposes

7. Your Rights and Choices

You have the following rights regarding your personal data:

Access

Request a copy of the personal information we hold about you

Correction

Update or correct inaccurate information

Deletion

Request deletion of your data (subject to legal retention requirements)

Opt-Out of SMS

Unsubscribe from text messages at any time by replying STOP to any message or updating your account settings

Data Portability

Request your data in a machine-readable format

Objection

Object to certain processing of your data

8. GDPR and CCPA Rights

For users in the European Union and California, we provide additional rights aligned with GDPR and CCPA standards, including the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information (note: we do not sell personal information).

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our platform. Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Mail:XyloDocs Privacy Team, 123 Main Street, Suite 100, City, State 12345

Note: Replace the mailing address with your actual business address before going live.