Skip to main content

Security & Data Handling

Use this page to understand how Doqlo handles document processing, where data is temporary, and which security responsibilities stay on your side.

Overview

Doqlo is designed to minimize long-term document retention. Editing happens in the browser by default, while export and delivery use limited server-side processing only where the current product requires it.

This page is a product-facing explanation of current behavior. It is not a legal policy replacement.

How Data Is Handled

  • Signature placement, text overlays, date overlays, and PDF editing actions happen in your browser.
  • During export, your document may be temporarily transmitted to Doqlo servers so the final output can be generated.
  • Doqlo is not a long-term document repository. Source PDFs and exported outputs are not offered as an archive or recovery service.
  • For Bulk Fill delivery, generated output artifacts may be held temporarily so a requested download can complete through Doqlo-controlled delivery.
  • Current application-level delivery validity is capped at about 6 hours, with cleanup managed under a 24-hour hard backstop.

Because temporary delivery artifacts are short-lived and access-limited, you should download and store the files you need on your own systems.

Security Basics

  • Account access is tied to authenticated Doqlo accounts. Current sign-in uses Google Sign-In.
  • Public API access uses BF export API keys. Keep keys on the server side and revoke or rotate them if you believe a secret was exposed.
  • Webhook integrations should verify Doqlo signatures before trusting the payload.
  • Temporary delivery access is application-controlled and time-limited rather than a public long-term file-hosting feature.
  • Public API and webhook integrations are intended for HTTPS-based transport.

Your Responsibilities

  • Upload only documents and data you are authorized to process.
  • Protect your account access, billing access, and any API credentials.
  • Review exported output for correctness before you rely on it in your own business process.
  • Secure your own webhook endpoint, infrastructure, and downstream systems.
  • Avoid sending sensitive or confidential documents to support unless they are necessary for the issue you are reporting.