Open web editor

Privacy Policy

Last updated: March 18, 2026

At Color Vivo Internet S.L. we take your privacy very seriously. This Privacy Policy explains how DocProtect handles — or, more precisely, does not handle — your personal data, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD). Our commitment is clear: your documents never leave your device.

1. Data controller

In accordance with Article 13 of the GDPR, the data controller is:

Color Vivo Internet S.L.
CIF: ESB13340724
Registered address: Calle Mesones 9, 13640 Herencia (Ciudad Real), Spain
Email: write to us via the Color Vivo contact form
Website: colorvivo.com
Service domain: docprotect.net

2. Privacy by design and by default

DocProtect has been engineered from the ground up following the principle of privacy by design and by default (Article 25 GDPR). All document processing is performed entirely on the user's device — in the browser (using the Canvas API and Web Workers), or natively on iOS and Android.

  • Your documents are never uploaded to, transmitted to or processed by any server.
  • No images are stored in the cloud, in databases or in any remote system.
  • There is zero server-client communication during document processing.
  • The web application functions completely offline once loaded, via Service Worker technology.
You can verify this yourself: disconnect your internet connection and the editor will continue to work normally.

3. Data we do NOT collect

DocProtect does not collect, store, process or transmit any of the following:

  • Document images or their pixel/content data.
  • Personal data extracted from documents (name, national ID number, address, date of birth, etc.).
  • User accounts, registration data or login credentials — there are no accounts.
  • Payment, financial or banking data (no payment processing is currently active).
  • Location, geolocation or GPS data.
  • Screen recordings, editor screenshots or usage telemetry from the editing tools.
  • Biometric data of any kind.

4. Technical data we may collect

Although DocProtect does not collect any document data, the website infrastructure may process limited technical information through the following mechanisms:

  • Cloudflare (security and CDN): The website uses Cloudflare as its content delivery network and security layer. Cloudflare may automatically process technical data such as your IP address, browser type, operating system, country of origin and request timestamps to protect the site against DDoS attacks, bots and other threats. This processing is essential for the secure operation of the service. For details, see Cloudflare's privacy policy.
  • Google Analytics 4 (consent-only): We may use Google Analytics 4 to understand general website usage patterns (pages visited, visit duration, device type, traffic sources). These analytics scripts and cookies are only activated if you provide express consent through the cookie consent banner. Analytics data is never linked to document content or personally identifiable information. Google Analytics is configured with IP anonymisation enabled. For details, see Google's privacy policy.

5. Legal basis for processing

The processing of the limited technical data described in section 4 is based on the following legal grounds:

  • Legitimate interest (Article 6(1)(f) GDPR): for the security and infrastructure measures provided by Cloudflare, which are necessary to protect the service, its availability and its users against cyber threats.
  • Consent (Article 6(1)(a) GDPR): for analytics cookies (Google Analytics 4), which are only activated after the user's explicit, informed and freely given acceptance through the cookie consent mechanism. Consent can be withdrawn at any time.

6. Data processors

DocProtect may share limited technical data with the following third-party data processors, each acting under appropriate contractual safeguards:

  • Cloudflare, Inc. (USA) — Content delivery network and DDoS protection. Processes connection metadata only. Operates under EU Standard Contractual Clauses (SCCs).
  • Google LLC (USA) — Web analytics via Google Analytics 4. Activated only with user consent. Operates under EU Standard Contractual Clauses (SCCs).
  • Stackscale / Proxmox (EU) — Infrastructure and hosting services. Servers located within the European Union.
None of these providers has access to processed document images, as they never leave the user's device. Document processing occurs entirely client-side.

7. International data transfers

Where technical data is processed by providers located outside the European Economic Area (specifically Cloudflare and Google, both headquartered in the USA), such transfers are carried out under the following safeguards:

  • EU Standard Contractual Clauses (SCCs) adopted pursuant to Commission Implementing Decision (EU) 2021/914.
  • Supplementary technical and organisational measures as appropriate.
Infrastructure hosting (Stackscale/Proxmox) is located within the EU and does not involve international data transfers.

8. Data retention

Because DocProtect does not collect or store personal data from documents, there is no document data to retain or delete.

For the limited technical data described in section 4:

  • Cloudflare logs: Retained by Cloudflare for a maximum of 72 hours for security purposes.
  • Google Analytics data: Retained for a maximum of 14 months (GA4 default), after which it is automatically aggregated and anonymised.
  • Cookie consent preference: Stored locally in your browser for 12 months.

9. Your rights

Since DocProtect does not collect personal data from your documents and does not require user accounts, we hold virtually no personal data about you. In practice, data subject rights apply only to the limited technical data described in section 4.

You may at any time:

  • Revoke cookie consent: Use the "Cookie settings" link in the website footer to change or withdraw your analytics cookie preference.
  • Request information: Contact us at write to us via the Color Vivo contact form to ask whether we hold any data related to your use of the Service.
  • Exercise GDPR rights: You may request access, rectification, erasure, restriction of processing, data portability or object to processing by writing to write to us via the Color Vivo contact form. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), the competent supervisory authority:
Agencia Española de Protección de Datos
C/ Jorge Juan 6, 28001 Madrid, Spain
www.aepd.es

10. Minors

DocProtect is not directed at persons under 16 years of age (Article 8 GDPR, Article 7 LOPDGDD). We do not knowingly collect data from minors. If you are under 16, you need verifiable consent from your parent or legal guardian to use the Service.

If we become aware that data has been inadvertently collected from a minor without appropriate consent, we will take immediate steps to delete such data.

11. Amendments and contact

Color Vivo Internet S.L. reserves the right to amend this Privacy Policy to adapt it to legislative changes, regulatory guidance or changes to the Service. Any amendment will be published on this page with an updated revision date. For material changes, we will make reasonable efforts to notify users.

For any enquiry regarding your privacy or this policy, you may contact us at:
Color Vivo Internet S.L.
Calle Mesones 9, 13640 Herencia (Ciudad Real), Spain
Email: write to us via the Color Vivo contact form
Website: colorvivo.com