Bundledocs Privacy Policy

Effective Date: November  07, 2025

 

1. Who We Are

Meditati Ltd. ("we", "us", "our") is registered in Ireland and provides the Bundledocs platform (www.bundledocs.com and its subdomains). We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), relevant Irish data protection laws, and ISO/IEC 27001:2022 standards.

If you have questions or concerns, contact: compliance@bundledocs.com.

Our services and this statement are governed by the laws of the Republic of Ireland.

2. Our Role Under GDPR

  • Data Controller: When we collect personal data to manage your account, process payments, and send service communications.

  • Data Processor: When you upload or process documents or personal data using our platform.

3. Information We Collect & Use

A. When You Use Our Services (Controller Role)

  • Registration Data: Email and password to create an account.

  • Billing Data: Name, billing address, company (if applicable). Credit card details handled via secure, authorized third-party processors.

  • Communication & Marketing: Service updates and marketing messages (opt-out available).

  • Surveys/Contests: Optional, for user feedback or engagement.

B. When You Upload Content (Processor Role)

  • Any uploaded content is processed strictly on your behalf, never used for our own purposes.

  • We do not access or disclose this content unless instructed or legally required.

C. Lawful Basis for Processing (Under GDPR)

We rely on the following lawful bases to collect and process your personal data:

  • Performance of a contract (Article 6(1)(b) GDPR): To manage your account, provide access to the Bundledocs platform, and deliver services.

  • Compliance with legal obligations (Article 6(1)(c) GDPR): For record-keeping, tax, and regulatory requirements.

  • Legitimate interests (Article 6(1)(f) GDPR): For service improvements, security monitoring, and limited analytics (where not requiring consent).

  • Consent (Article 6(1)(a) GDPR): For optional communications such as newsletters or surveys. You may withdraw your consent at any time.

D. Automated Decision-Making and AI

We do not use automated decision-making processes, including profiling, that produce legal effects or similarly significant impacts on individuals.

Where AI or automated tools are used within our services or by our subprocessors (e.g., for analytics or operational efficiency), these tools do not make autonomous decisions about your personal data that affect your rights. Any such processing is conducted under strict oversight and in compliance with applicable data protection laws.

4. Your Rights Under GDPR

You have the right to:

  • Access the personal data we hold about you

  • Rectify inaccurate or incomplete data

  • Request erasure of your personal data

  • Restrict processing in certain circumstances

  • Object to processing based on our legitimate interests or direct marketing

  • Data portability, where applicable

  • Lodge a complaint with a supervisory authority

If you wish to exercise your rights, contact us at compliance@bundledocs.com.
You can also update certain details via your account or by emailing support@bundledocs.com.

We may need to verify your identity before processing your request. We aim to respond within one month, as required under the GDPR.

Our lead supervisory authority is the Data Protection Commission (DPC) in Ireland: www.dataprotection.ie

5. Cookies and Consent Management

We use cookies and similar tracking technologies to improve your experience on our site. Cookies fall into two main categories:

  • Essential Cookies: These are necessary for the operation of the service (e.g., authentication) and do not require your consent. Disabling these cookies may impact the functionality of our platform.

  • Analytics Cookies: These cookies help us understand how our site is used (e.g., Google Analytics). They require your consent before being set.

On your first visit, we display a cookie banner to request your consent for analytics cookies. You may manage or withdraw your cookie preferences at any time via the cookie settings link on our website or through your browser settings, subject to essential cookie functionality.

We do not use cookies for advertising or profiling purposes.

6. Log Files, Web Beacons & Profiling

We automatically collect certain information through log files and web beacons when you use our services. This includes data such as your browser type, IP address, pages visited, operating system, and timestamps.

This information is used primarily to monitor system security, analyze usage patterns, improve service performance, and conduct analytics.

IP addresses and other collected data may be considered personal data under GDPR. We process this information based on our legitimate interests in maintaining and improving the service, while taking appropriate steps to anonymize or pseudonymize data where possible.

Web beacons may be used in conjunction with cookies for analytics purposes.

We ensure that any user profiling performed is fully anonymized and cannot be linked to identifiable individuals.

Collected log and beacon data is not shared with third parties, except where required by law or contractual obligation.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including countries such as the United States (e.g., through our use of Microsoft Azure cloud services).

Where such transfers occur, we ensure appropriate safeguards are in place to protect your personal data in accordance with GDPR requirements. These safeguards include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Binding corporate rules or other binding legal agreements

  • Hosting with partners who comply with GDPR and maintain strong data protection measures

We regularly review these arrangements to maintain compliance and data security.

If you would like further information on the specific safeguards applied to your data transfers, please contact us at compliance@bundledocs.com.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

  • Data in transit is secured using industry-standard TLS encryption.

  • Stored data is encrypted using AES 256-bit encryption or equivalent.

  • Our sub-processors, including Microsoft Azure, comply with GDPR requirements and maintain robust security certifications.

  • Access to personal data is strictly controlled and limited to authorized personnel on a need-to-know basis.

  • We conduct regular security assessments and audits in line with ISO/IEC 27001:2022 to ensure ongoing protection of data.

  • In the event of a personal data breach, we will promptly assess the incident and notify affected individuals and relevant supervisory authorities in accordance with GDPR timelines and legal obligations.

9. Information Sharing

We only share your personal data with:

  • Authorized payment processors for billing purposes

  • GDPR-compliant sub-processors who assist in delivering our services

  • Legal authorities when required by law or to protect our rights

All recipients are contractually bound to maintain confidentiality and comply with applicable data protection laws.

Our current list of authorized sub-processors is available at our TrustCenter on the Bundledocs website.

10. Blogs, Forums & Public Posts

Any information you post in public forums or blogs is publicly accessible. We are not responsible for how third parties may use this information.

We may provide access to optional third-party platforms (e.g. idea or feedback portals). Use of these tools is voluntary and governed by the third party’s own terms and privacy policies. Bundledocs does not share your personal data with these platforms on your behalf.

11. Children’s Privacy

Bundledocs is not intended for children under 16. We do not knowingly collect personal data from minors. If a parent or guardian becomes aware that their child has provided us with personal data, they may contact us at compliance@bundledocs.com to request its removal.

12. Security Incident Response

In the event of a security incident, Bundledocs will promptly:

  • Investigate and remediate the issue

  • Notify affected individuals without undue delay

  • Comply fully with all applicable legal and regulatory requirements

13. Changes to this Statement

We may update this Privacy Statement from time to time. Material changes will be communicated via email and published on our website.

14. Contact

For any privacy-related questions or concerns, please contact us at: compliance@bundledocs.com

 

Get Started with Bundledocs Today...

Try For Free!