Privacy Policy

Last updated: May 12, 2026

This Privacy Policy describes what information DocDist collects, how we use it, and who can see it. DocDist is a self-hosted document distribution service operated by the organization that runs this instance.

1. Information We Collect

From uploaders: your Google account identifier, name, and email address; an OAuth refresh token if you choose to import documents from Google Drive; metadata about the documents you import or upload; and the share links, expiration settings, and viewer allow-lists you configure.

From viewers: the name and email address you provide when accessing a share link, the IP address and user agent associated with your verification, and viewing-activity events generated while a document is open — including which pages you viewed and for how long, focus and visibility changes, mouse and click activity, keystrokes on the viewer page, clipboard and copy/cut attempts, and screenshot-key detections. We do not capture the contents of your keystrokes, your screen, or your clipboard — only that these events occurred.

Documents: imported documents are converted to images, watermarked per session, and stored on the service's storage backend.

2. How We Use Your Information

Uploader information is used to authenticate you, associate you with the documents you own, and manage your organization memberships. Viewer information is used to authenticate magic-link sessions, watermark document pages so that any leaked image can be traced back to the viewing session, and provide the document owner with a report of who viewed the document and how it was used.

Viewer activity is shared with the document owner and with other members of the owner's organization. We do not sell your information or share it with third parties outside the organization operating this instance, except where required by law or to operate the service (for example, sending magic-link verification emails through our email provider, Resend).

3. Data Retention and Security

Documents imported from Google Drive are cached on the service while in use and evicted when no active session requires them; directly uploaded documents are retained until the uploader deletes them. Stored documents and rendered page images are not encrypted at rest beyond the protections provided by the underlying storage backend. Viewer sessions expire automatically after 30 minutes of use or 10 minutes of inactivity, and session cookies are marked Secure and SameSite=Strict.

Deleting a document removes its share links, viewer sessions, recorded events, and stored renditions. Deauthorizing an uploader removes the uploader's account, their documents, and all associated data.

4. Your Choices

You may revoke DocDist's access to your Google Drive at any time from your Google account settings. Uploaders may delete their documents and share links from the dashboard; document owners may revoke an individual viewer's session from the viewer report. To request deletion of viewer data associated with your email, contact the administrator of this DocDist instance.

5. Changes to This Policy

We may update this policy at our discretion. The most-current version will always be available on this page, and the "last updated" date above will reflect the most recent revision.