Docply Browse kits

Privacy Policy

Last updated: 10 May 2026 · Version 1.0

This Privacy Policy describes how personal data is collected, used, and processed in connection with the website docply.io (the "Website") and the services offered through it under the brand Docply ("Docply", "we", "us").

This Privacy Policy is issued in compliance with Regulation (EU) 2016/679 ("GDPR") and the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

1. Data Controller

The Data Controller is:

Alessandro Stella, individual professional with Italian VAT registration

Via Ticino 84/D, 20012 Cuggiono (MI), Italy

VAT number: IT12319920968

PEC (certified email): ales.stella@pec.it

Privacy contact: info@docply.io

Docply is a commercial brand operated by the same Data Controller.

No Data Protection Officer (DPO) has been appointed, as the processing carried out does not meet the criteria of Article 37 GDPR. The Data Controller is directly reachable for any data protection matter at the addresses above.

2. Categories of personal data collected

2.1 Data provided voluntarily by the User

When you contact us, place an order, or interact with us, we may collect:

  • Name and surname
  • Email address
  • Postal/billing address
  • VAT number (for B2B purchases)
  • Country of residence
  • Content of email communications (when contacting info@docply.io)

2.2 Data collected automatically through the Website

When you browse the Website, the following technical data may be collected:

  • IP address (anonymised before storage by Plausible Analytics)
  • Browser type and version
  • Operating system (aggregated)
  • Pages visited and time spent on each page (anonymised, aggregated)
  • Referrer URL (the website you arrived from)
  • Country of origin (aggregated, derived from IP without storing the IP)

The Website does not use cookies for tracking, profiling, advertising, or remarketing. Analytics is provided by Plausible Analytics, which is cookieless and GDPR-compliant by design.

2.3 Data collected during purchase

When you purchase a Kit, the Payment Provider (Lemon Squeezy) collects and processes the following data on its own behalf as Merchant of Record:

  • Full name
  • Email address
  • Billing address
  • VAT number (for B2B)
  • Payment data (card details, processed directly by the Payment Provider — Docply does not receive or store any payment data)
  • Order details

Docply receives from the Payment Provider only the order confirmation and the customer email (for delivery and post-purchase support purposes).

3. Purposes and legal bases of processing

We process personal data for the following purposes, based on the corresponding legal bases under Article 6 GDPR:

3.1 Performance of the contract — Article 6(1)(b) GDPR

  • Processing your order for a Kit
  • Delivering the Kit through download link
  • Providing post-purchase support
  • Sending service-related communications (e.g. Kit updates, license-related notifications)
  • Managing customer support requests

3.2 Compliance with legal obligations — Article 6(1)(c) GDPR

  • Tax and accounting obligations (retention of invoice data for 10 years as required by Italian tax law)
  • Compliance with applicable consumer protection law
  • Response to lawful requests from public authorities

3.3 Legitimate interest — Article 6(1)(f) GDPR

  • Aggregated, anonymous analytics on Website usage to understand and improve the Website (Plausible Analytics, no individual tracking)
  • Security of the Website and prevention of fraudulent activities
  • Communication with Users who have contacted us at info@docply.io

3.4 Consent — Article 6(1)(a) GDPR

Where required, for specific processing activities (e.g. future email marketing communications, if and when activated). At the time of this Privacy Policy, no consent-based processing is carried out by Docply directly on the Website.

4. Recipients of personal data — Third-party services

In order to operate the Website and deliver the services, personal data may be shared with the following third-party providers, each of which acts as an independent Data Controller or as a Data Processor in accordance with applicable agreements:

4.1 Plausible Analytics

  • Provider: Plausible Insights OÜ (Estonia, EU)
  • Role: Data Processor for cookieless web analytics
  • Data processed: Anonymised page views, referrer, country (derived from IP without storing IP), browser/OS aggregates
  • Location of processing: European Union (Frankfurt, Germany)
  • Privacy Policy: https://plausible.io/privacy

Plausible does not use cookies, does not collect personal data, and does not track Users across sites.

4.2 Lemon Squeezy

  • Provider: Lemon Squeezy LLC (USA)
  • Role: Independent Data Controller, acting as Merchant of Record for transactions
  • Data processed: Name, email, billing address, VAT number, payment data, order details
  • Location of processing: United States (with EU sub-processors for EU customers)
  • Privacy Policy: https://www.lemonsqueezy.com/privacy
  • Transfer mechanism: EU-US Data Privacy Framework and/or Standard Contractual Clauses

4.3 Vercel (hosting)

  • Provider: Vercel Inc. (USA)
  • Role: Data Processor for Website hosting and content delivery
  • Data processed: IP address (transient, for content delivery), HTTP request logs, technical data
  • Location of processing: Global edge network with regional infrastructure (EU edge for EU visitors)
  • Privacy Policy: https://vercel.com/legal/privacy-policy
  • Transfer mechanism: EU-US Data Privacy Framework and/or Standard Contractual Clauses

4.4 Google Workspace / Gmail

  • Provider: Google Ireland Limited (EU) and Google LLC (USA)
  • Role: Data Processor for email communications (info@docply.io and related)
  • Data processed: Email content, sender/recipient metadata, attachments
  • Location of processing: European Union and United States
  • Privacy Policy: https://policies.google.com/privacy
  • Transfer mechanism: EU-US Data Privacy Framework and/or Standard Contractual Clauses

4.5 Other recipients

Personal data may also be disclosed to:

  • Tax advisors, accountants, and similar professionals bound by professional secrecy, for the purpose of fulfilling tax and accounting obligations;
  • Public authorities, where required by law;
  • Legal counsel, in case of dispute.

5. International transfers of personal data

Some of the third-party providers listed above are based in the United States or process data in the United States.

For all such transfers, we rely on:

  • EU-US Data Privacy Framework, where the recipient is certified;
  • Standard Contractual Clauses (SCC) approved by the European Commission, where the EU-US Data Privacy Framework is not applicable;
  • Additional supplementary measures as appropriate (encryption in transit and at rest, access controls).

Users may request a copy of the safeguards applied by contacting us at info@docply.io.

6. Retention periods

We retain personal data for the following periods:

  • Order data and invoices (name, email, billing address, VAT, order details): 10 years from the date of the transaction, in accordance with Italian tax law (Article 2220 of the Italian Civil Code and Presidential Decree 600/1973).
  • Email communications (correspondence with info@docply.io): 2 years from the date of the last interaction, unless a longer retention is required for an active matter (e.g. ongoing customer support, dispute, license verification).
  • Aggregated analytics data (Plausible): retained indefinitely in anonymous, aggregated form only. No individual User can be identified from this data.
  • Technical logs (Vercel, server-side): typically retained for short periods (30–90 days) for operational and security purposes, after which they are automatically deleted by the provider.

After the applicable retention period, personal data is deleted or anonymised in accordance with Article 5(1)(e) GDPR.

7. Rights of the data subject

Under Articles 15–22 GDPR, you have the following rights:

  • Right of access — to obtain confirmation of whether we process your personal data, and a copy of such data (Article 15)
  • Right to rectification — to correct inaccurate or incomplete data (Article 16)
  • Right to erasure ("right to be forgotten") — to request deletion of your data, subject to legal retention obligations (Article 17)
  • Right to restriction of processing — to limit how we process your data in specific circumstances (Article 18)
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (Article 20)
  • Right to object — to object to processing based on legitimate interest (Article 21)
  • Right to withdraw consent — where processing is based on consent, to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal (Article 7)
  • Right not to be subject to automated decision-making — including profiling, which we do not perform (Article 22)

To exercise any of these rights, please contact us at:

Email: info@docply.io

Certified email (PEC): ales.stella@pec.it

Postal address: Alessandro Stella, Via Ticino 84/D, 20012 Cuggiono (MI), Italy

We will respond within one month from receipt of the request, in accordance with Article 12(3) GDPR. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

8. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Article 77 GDPR).

The Italian supervisory authority is:

Garante per la protezione dei dati personali

Piazza Venezia 11, 00187 Roma, Italy

Website: https://www.garanteprivacy.it

Email: protocollo@gpdp.it

PEC: protocollo@pec.gpdp.it

9. Security of personal data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or destruction, in accordance with Article 32 GDPR.

Such measures include:

  • HTTPS/TLS encryption for all communications between the User and the Website;
  • Encryption at rest on third-party providers' infrastructure;
  • Access controls limited to the Data Controller and authorised processors;
  • Regular review of providers' security practices;
  • Use of providers certified under recognised security frameworks (e.g. SOC 2, ISO 27001) where applicable.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Children

The Website and the Kits are intended for professional and business use. We do not knowingly collect personal data from children under 16 years of age (Article 8 GDPR).

If you become aware that a child has provided us with personal data, please contact us at info@docply.io and we will take steps to delete such data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or third-party providers.

The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. Material changes will be communicated to existing customers by email and through a prominent notice on the Website.

We encourage Users to review this Privacy Policy periodically.

12. Contact

For any question, request, or concern regarding this Privacy Policy or the processing of your personal data, please contact us at:

Email: info@docply.io

Certified email (PEC): ales.stella@pec.it

Postal address: Alessandro Stella, Via Ticino 84/D, 20012 Cuggiono (MI), Italy