Privacy Policy

Doculi only collects the information required to authenticate your WordPress site, verify licensing, and connect to your Google account. During Google OAuth we request the non-sensitive drive.file scope and access is limited to the individual files you explicitly select inside the Doculi interface. We never scan your entire Drive account, shared drives, or any file you did not choose.

When you import a document we temporarily read the file contents and metadata in memory to convert them into WordPress blocks. The converted post is stored only inside your own WordPress database; Doculi-operated services discard the raw Google content immediately after the import job completes. We retain job IDs, status information, and aggregated usage counts so you can track quotas, but no document bodies or media are persisted on Doculi infrastructure.

Refresh tokens and access tokens are encrypted at rest, transmitted over TLS, and never leave Doculi’s private network. We do not sell, rent, or share Google user data with advertisers or analytics providers, and we do not use Google content to build ads, profiles, or AI models. You can revoke Doculi’s access at any time from either the Doculi settings page or Google’s Security Center. Questions, access requests, or deletion requests can be sent to doculi.plugin@gmail.com; we respond within 30 days.

Google API Services Disclosure

Doculi’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Even though Doculi requests only non-sensitive scopes, we voluntarily apply the same safeguards required for sensitive and restricted scopes:

  • We limit our use of Google user data to providing, troubleshooting, and improving the Doculi import workflow that is clearly surfaced in the WordPress admin UI.
  • We never transfer Google user data to third parties except (a) to deliver the imported content to your WordPress site, (b) when required for security investigations, (c) when required by law, or (d) with your explicit consent as part of a merger, acquisition, or asset sale.
  • Human review of Google content only occurs with your affirmative request (for example, in a support ticket), when required to investigate abuse or legal issues, or when data has been aggregated and anonymized for internal operations.
  • We prohibit all other transfers, uses, or sales of Google user data, including any advertising, retargeting, scoring, or profiling use cases.
  • We ensure employees, contractors, and subprocessors who may access Google user data are bound by confidentiality and security obligations that satisfy Google’s Limited Use terms.

Doculi maintains logging, monitoring, and access controls that align with Google’s secure data handling guidance. If Doculi ever needs to expand scope access, we will update this disclosure, complete the required Google verification steps, and provide advance notice to administrators.