DocuChase is GDPR, CCPA, and Australian Privacy Act Compliant (2026)
When bookkeepers and accountants use DocuChase to collect documents from clients, they're handling sensitive financial data — bank statements, tax returns, invoices, payroll.
That data deserves serious protection.
Here's exactly how DocuChase handles your clients' documents and what compliance standards we meet.
What data DocuChase handles
When you use DocuChase, your clients upload:
Bank statements
Tax documents
Invoices and receipts
Payroll records
Financial summaries
This is sensitive financial data. We treat it accordingly.
How we protect your data
Encryption in transit Every file transfer is protected with TLS encryption. No data travels unprotected between your client's browser and our servers.
Encrypted storage Files are stored on AWS infrastructure via Supabase — the same enterprise-grade infrastructure trusted by thousands of companies worldwide. Data is encrypted at rest using AES-256.
Expiring access links When you share a portal link with your client, that link is unique to them. Signed URLs control exactly who can access what, and access can be revoked at any time.
Data isolation Each bookkeeper only sees their own clients and documents. Row-level security ensures complete data isolation between accounts.
No data selling DocuChase never sells, shares, or monetizes your clients' documents. Ever.
Compliance coverage
GDPR (EU and UK) DocuChase complies with the General Data Protection Regulation for users in the European Union and United Kingdom.
Your rights under GDPR:
Right to access your data
Right to correct inaccuracies
Right to delete your data
Right to data portability
Right to restrict processing
To exercise any of these rights, contact [email protected]
CCPA (California) California residents have specific rights under the California Consumer Privacy Act. DocuChase does not sell personal information. You can request access or deletion at any time.
Australian Privacy Act 1988 DocuChase complies with Australia's Privacy Act for users in Australia. Complaints can be directed to the Office of the Australian Information Commissioner.
PIPEDA (Canada) Canadian users are protected under the Personal Information Protection and Electronic Documents Act.
Standard Contractual Clauses (EU) For international data transfers, we use European Commission Standard Contractual Clauses — the gold standard for GDPR-compliant data transfers outside the EU.
Our infrastructure partners
We've chosen infrastructure partners who take security as seriously as we do:
Supabase — SOC 2 Type 2 certified, GDPR compliant, built on AWS
Resend — transactional email with enterprise-grade deliverability
LemonSqueezy — handles all payment processing. We never store credit card data.
Your full privacy policy
For complete details on how we collect, use, and protect your information:
Read our full Privacy Policy → getdocuchase.com/privacy-policy
Questions? Contact us at: [email protected]
DocuChase is built for bookkeepers who handle sensitive client data every day. Security and compliance aren't afterthoughts — they're built into the foundation.
Try DocuChase free → getdocuchase.com