Privacy Policy
Version 1.0 · Effective 2026-06-17
This Privacy Policy explains how ООО «ОКСИКОМ» ("we", "us", the "Operator") collects, uses, stores and protects personal data when you use docio at https://docio.io (the "Service"). It is a single, comprehensive notice that addresses the EU/UK General Data Protection Regulation (GDPR) and Russian Federal Law No. 152-FZ "On Personal Data" (152-FZ). Which rules apply to you depends on where you are and your citizenship — not on the interface language you choose.
1. Who we are
The data controller / operator is ООО «ОКСИКОМ», registered in the Russian Federation (OGRN 1217800001352, INN 7807245570, KPP 780701001), address: 198206, г. Санкт-Петербург, шоссе Петергофское, д. 43 к. 1 - 70. For any privacy question or to exercise your rights, contact us at privacy@docio.io.
2. What personal data we collect
- Account data — username, email address, a one-way hash of your password (we never store the plain password), and optional profile fields (display avatar, bio).
- Preferences — interface language, theme and notification settings.
- Authentication via third parties (OAuth) — if you sign in with GitHub, GitLab or Google, we receive your basic identity from that provider (provider user id, username, email, avatar). We never receive your password for those services.
- Repository content you provide — source code and related files you connect or upload, and the documentation, wikis, summaries, embeddings and search indexes we derive from them. This content may itself contain personal data if your code or commits include it.
- Usage and technical data — log records, IP address, browser/device information, timestamps and generation telemetry (such as token counts and timings) used to operate, secure and improve the Service.
- Communications — service emails we send you (e.g. generation-complete notifications, password reset) and your related preferences.
3. How we use your data and the legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and manage your account, authenticate you | Performance of a contract (Art. 6(1)(b)) |
| Process the repositories you provide to generate documentation | Performance of a contract (Art. 6(1)(b)) |
| Send service notifications and respond to requests | Contract / legitimate interest (Art. 6(1)(b)/(f)) |
| Secure the Service, prevent abuse and fraud | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Optional features that rely on your consent | Consent (Art. 6(1)(a)) |
We do not sell your personal data, and we do not use it for advertising or automated decision-making that produces legal effects about you.
4. AI processing and third parties (sub-processors)
The core of the Service is generating documentation from your code using AI. To do this we share the necessary content with the providers below. We share only what is required for each purpose.
| Recipient | Purpose | What is shared | Location |
|---|---|---|---|
LLM provider (via proxy omni.oxicom.ru) | Generate documentation and answer questions about your code | Relevant source-code snippets and prompts | May be outside the Russian Federation |
| OpenRouter | Generate vector embeddings for search | Code/text fragments to be indexed | Outside the Russian Federation |
| Resend | Deliver transactional email | Your email address and message content | Outside the Russian Federation |
| GitHub / GitLab / Google | Authentication and repository access you authorize | OAuth identity / repository access tokens | Outside the Russian Federation |
| Hosting & infrastructure | Run the Service and store data | All categories above | the Russian Federation |
We require our sub-processors to protect personal data and to process it only on our instructions.
5. International transfers
Our primary database is located in the Russian Federation. Some sub-processors in Section 4 may process data outside the Russian Federation (including outside the EEA). Where we transfer personal data across borders, we rely on an appropriate legal basis and safeguards (such as standard contractual clauses or your explicit consent). If you do not want your repository content sent to AI providers, do not use the AI generation features.
6. Cookies
We use only strictly necessary cookies: an authentication/session cookie to keep you signed in, and a NEXT_LOCALE cookie that remembers your language choice. These are required for the Service to function and do not require consent. We do not use advertising or third-party tracking cookies. If we add analytics or other non-essential cookies in the future, we will request your consent first.
7. Retention
We keep account data for as long as your account exists. Repository content and generated documentation are kept until you delete them or close your account. After account deletion we remove or anonymize your personal data within a reasonable period, except where we must retain certain records to comply with the law or to resolve disputes. Technical logs are kept for a limited period and then deleted or aggregated.
8. Security
We protect personal data with measures appropriate to the risk, including encryption in transit (HTTPS), hashing of passwords, encryption of stored third-party credentials, access controls and the principle of least privilege. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the authorities of incidents where required.
9. Your rights
Subject to applicable law, you may: access your data; correct inaccurate data; delete your data; restrict or object to processing; request portability; and withdraw consent at any time (without affecting prior processing). You can edit or delete your account from your account settings, or contact us at privacy@docio.io. We respond within the period required by law.
EEA / UK residents (GDPR)
You have the rights listed above and the right to lodge a complaint with your local data protection supervisory authority. Our legal bases for processing are set out in Section 3.
Russian Federation residents (152-FZ)
The operator is ООО «ОКСИКОМ». We process your personal data to provide the Service, on the basis of your consent and the performance of our agreement with you. Personal data of citizens of the Russian Federation is first recorded and stored in databases located in the Russian Federation, in accordance with Article 18(5) of 152-FZ. Cross-border transfers to the recipients in Section 4 are carried out with your consent and in compliance with 152-FZ. You may, in accordance with Article 14 of 152-FZ, request information about the processing of your personal data, require correction, blocking or deletion of data that is incomplete, outdated, inaccurate, unlawfully obtained or unnecessary for the stated purpose, and withdraw your consent at any time by writing to privacy@docio.io. You also have the right to appeal to the authorized body for the protection of the rights of personal-data subjects (Roskomnadzor).
10. Children
The Service is not directed to children. We do not knowingly collect personal data from children under the age required by your local law (16 in the EEA unless a lower age applies). If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new version number and effective date, and, where required, ask you to review or re-accept it.
12. Contact
Questions or requests: privacy@docio.io · ООО «ОКСИКОМ», 198206, г. Санкт-Петербург, шоссе Петергофское, д. 43 к. 1 - 70.