Data Handling
This document explains how oklido collects, processes, stores, and protects your data.
Data Collection
What We Collect
| Data Category | Examples | Purpose |
|---|---|---|
| Identity | Name, email | Account management |
| Documents | Uploaded files | Core service |
| Metadata | File names, types, dates | Organisation, search |
| Usage | Features used, timestamps | Service improvement |
| Technical | IP address, browser | Security, debugging |
How We Collect Data
- Directly from you - Account registration, uploads
- Automatically - Usage tracking, error logging
- From third parties - Auth0 (authentication), email providers
What We Don't Collect
- Government ID numbers (unless in documents you upload)
- Health information (unless in documents you upload)
- Biometric data
- Location tracking
Data Processing
Document Processing
When you upload a document:
- Upload - File received over encrypted connection
- Storage - Encrypted and stored in AWS S3
- Extraction - Text extracted for search and classification
- Classification - AI determines document type
- Indexing - Metadata indexed for search
Email Processing
When syncing from Gmail/Outlook:
- Access - Emails read via OAuth (read-only)
- Filter - Only matching emails processed
- Extract - Attachments extracted
- Process - Same as document upload
- Email content - Read but NOT stored
Data Storage
Primary Storage
| Data | Location | Encryption |
|---|---|---|
| Documents | AWS S3 (London) | AES-256 |
| Database | AWS RDS (London) | AES-256 |
| Backups | AWS S3 (London) | AES-256 |
Security Measures
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.3)
- Access controls (IAM, RBAC)
- Audit logging
- Regular security testing
Data Access
Who Can Access Your Data
| Role | Access Level |
|---|---|
| You | Full access to your data |
| Your team members | Based on assigned role |
| External users | Only shared documents |
| oklido staff | No access (by design) |
| AWS | Infrastructure only (encrypted) |
oklido Staff Access
oklido staff cannot access your documents or data:
- No "god mode" or admin access to customer data
- Support staff can only see account metadata
- All access is logged and audited
- Background checks for all employees
Exceptions
We may access data only if:
- You explicitly request support assistance
- Required by law enforcement with valid legal process
- Necessary to investigate abuse or security incidents
Data Sharing
We Share Data With
| Recipient | Purpose | Data Shared |
|---|---|---|
| AWS | Infrastructure | Encrypted documents |
| Auth0 | Authentication | Email, name |
| Stripe | Payments | Billing info |
| Vercel | Hosting | Anonymous usage |
We Never
- Sell your data
- Share data for advertising
- Allow third-party tracking
- Share with data brokers
Data Minimisation
We only collect data necessary for:
- Providing the service you signed up for
- Maintaining security
- Complying with legal requirements
- Improving the service (anonymised)
Data Quality
You can update or correct your data:
- Profile data - Edit in Settings
- Document metadata - Edit in document details
- Billing information - Update in Subscription settings
- Other data - Contact support
Data Security
Comprehensive security measures protect your data:
Incident Response
If a data breach occurs:
- We contain and investigate immediately
- We notify affected users within 72 hours
- We notify the ICO if required
- We take steps to prevent recurrence
Full incident response policy →
Questions
For questions about data handling:
- Email: privacy@oklido.com