SLDocs

Privacy Policy

Status: Being drafted

SLDocs is a service operated by Fiji Systems LLC dba SLDocs (“SLDocs,” “we,” “us”).

Our final Privacy Policy is being prepared and will be published before SLDocs leaves its pre-launch period. In the interim, the following describes what data we collect and how we protect it. We will replace this page with a signed, dated policy that covers every feature once the application is feature-complete.

What we collect

Information you provide directly: name, email address, password (hashed), optional profile information (phone, address, identity digits — encrypted at rest with a per-user envelope-encryption key), the documents you upload (encrypted at rest with a per-document key wrapped by a tenant-scoped Google Cloud KMS key), and information about people you designate as recipients or trusted contacts.

Information generated by your use of the service: audit log entries (who did what and when), authentication events, billing records, and email-delivery metadata.

How we protect it

Every document uploaded is encrypted with AES-256-GCM using a unique data encryption key (DEK) per document. That DEK is wrapped by a tenant-scoped key in Google Cloud KMS. Ciphertext is stored in Cloudflare R2; plaintext only exists in process memory during a single decryption operation and is zeroed afterward. Sensitive profile fields (phone, date of birth, ID last-three) use the same envelope-encryption pattern with a per-user key.

Who else processes your data

See our Subprocessors page for the complete list of third-party providers we rely on, what each one processes, and whether they ever see plaintext document content.

Cookies

SLDocs sets only strictly-necessary cookies — authentication, CSRF, white-label tenant resolution, and (during pre-launch) the access-code gate. We do not use cookies for analytics, advertising, profiling, or any non-essential purpose. See our Cookie Policy for the full table.

Geographic scope

SLDocs is offered to U.S. residents and U.S.-organized entities only. Account holders attest to U.S. residency at sign-up. Users may designate recipients (executors, trustees, next-of-kin) who live anywhere — this is incidental processing driven by the user's choice, not active targeting of non-U.S. data subjects.

Your rights

You can request a copy of the personal data we hold about you, or request that your account and data be deleted, by emailing info@sldocs.com. If you are listed as a recipient or trusted contact on someone else's vault and you would like that listing removed, you can request removal at the same address — we will remove the listing and notify the vault owner so they can designate a replacement. Some records (audit logs, anonymized financial transaction records) are retained for up to 7 years to meet U.S. tax and legal-defense obligations.

Contact

Questions about this policy or to exercise any of the rights above? Email info@sldocs.com.