This Privacy Policy explains how DocMan Solutions, LLC, an Alabama limited liability company ("DocMan," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the DocMan mortgage loan document management application and related websites and services (collectively, the "Service"), available at docmansolutions.com.
When you sign in, we use Google OAuth 2.0 or Microsoft OAuth (Microsoft Entra ID). We receive your Google or Microsoft account email address, basic profile information, and OAuth access/refresh tokens needed to perform the actions you authorize. Loan officers and borrowers may also access scoped portals through time-limited (approximately 15-minute) single-use sign-in link emails; using such a link confirms your email address for that session only.
Through the Service, Customers create and manage loan records that may contain: borrower and co-borrower names and email addresses; property addresses; loan numbers and broker/investor reference numbers; loan type and program; notes; and the mortgage documents themselves. Mortgage documents commonly include sensitive financial and personal information (for example, identification, pay stubs, bank statements, and tax returns). DocMan does not solicit this information directly from borrowers — it is provided by Customers in the course of using the Service. DocMan has no obligations to You concerning the control, confidentiality or security of the Customer Content.
The mortgage documents themselves are never stored or saved by DocMan. They are stored only in your Google Drive or Microsoft OneDrive. DocMan reads and writes those files within your Drive to provide the Service and does not retain its own copy. The limited loan record fields above (names, emails, addresses, loan numbers, notes, document checklist status) are stored as configuration/metadata in your Google Drive or Microsoft OneDrive with only a transient, ephemeral working cache on DocMan's server — they are not maintained in a separate DocMan database. The single exception is a lender guideline PDF you choose to drop on the optional AI agent, which is transmitted for parsing as described in Section 4 and is not retained.
With your authorization, DocMan reads from and writes to folders in your own Google Drive or Microsoft OneDrive (which serves as the system of record for loan folders, subfolders, and files) and reads and sends messages through your Gmail or Outlook to surface loan-related email, file email attachments into your Drive or OneDrive, and send loan status and explanation emails. See Section 2.
Subscriptions and payments are processed by Stripe. We do not store full payment card numbers; Stripe processes payment details under its own privacy policy. We may retain billing status, plan, license key, and transaction metadata.
We collect standard server logs (IP address, timestamps, request paths, error traces) for security, debugging, and reliability. If you submit feedback or a bug/idea report through the in-app widget, we receive the message you send and your email address (if provided) so we can respond.
DocMan integrates with both Google and Microsoft. DocMan's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. DocMan's use of information received from Microsoft Graph and related Microsoft APIs adheres to Microsoft's API terms and use limitations. The following commitments apply to user data we receive from either provider:
You can review and revoke DocMan's access to your Google account at any time at myaccount.google.com/permissions, and to your Microsoft account at myaccount.microsoft.com/privacy/app-access. Revoking access will disable Drive-, OneDrive-, Gmail-, and Outlook-dependent features.
The Service includes an optional feature that extracts suggested required-document lists from a lender's guideline or conditional-approval PDF. When you use this feature, the contents of the PDF you drop are transmitted to Anthropic, PBC ("Anthropic") via the Claude API for the sole purpose of parsing and returning suggested requirements to you.
If you do not wish to use AI processing, simply do not use the AI agent feature; the Service is fully usable without it. Any use of the AI agent feature signals acceptance of, and willingness to be bound by, this policy.
When you send loan-status emails, explanation letters, or other communications through the Service, they are sent through your authorized Gmail or Outlook account, and the recipients and content are determined by you and your loan configuration. A copy of certain outbound communications and a chronological communication-history record may be retained within the loan's metadata, and outbound borrower-facing communications may be copied (CC/BCC) to a DocMan operations or audit address for support and quality purposes. Replies are routed to the loan officer via a Reply-To header. Do not send information through the Service that you are not authorized to send.
We do not sell personal information. We share information only as needed to run the Service, with the following categories of sub-processors and service providers:
| Provider | Purpose |
|---|---|
| Google LLC | OAuth authentication, Google Drive storage, Gmail send/read (acting on your authorization) |
| Microsoft Corporation | OAuth / Microsoft Entra ID authentication, Microsoft OneDrive storage, Outlook send/read via Microsoft Graph (acting on your authorization) |
| Anthropic, PBC | AI parsing of lender guideline PDFs you submit to the AI agent |
| Stripe, Inc. | Subscription billing and payment processing |
| Render (hosting provider) | Application hosting and compute (United States) |
We may also disclose information to comply with applicable law, legal process, or enforceable governmental requests; to protect the rights, property, or safety of DocMan, our Customers, or others; or in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.
DocMan does not store, maintain, or control your documents or sensitive information. Every document lives in your Google Drive or Microsoft OneDrive and is never saved by DocMan; DocMan has no long-term document database and is not a system of record.
To delete loan documents, delete them in your Google Drive or Microsoft OneDrive. To close your account or request deletion of account-level data we hold, contact us (Section 15). Borrower data deletion requests are handled by the Customer who controls the loan (Section 9).
We use industry-standard safeguards including encryption in transit (HTTPS/TLS), OAuth-scoped access, session secrets, and least-privilege access. OAuth tokens are stored to enable authorized background operations such as scheduled emails. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for safeguarding your Google or Microsoft account credentials and for the access decisions you make within your organization.
Customers (loan officers / lending teams): you may access, correct, export, or delete loan data through Google Drive, Microsoft OneDrive, and the Service, revoke Google or Microsoft access at any time, and contact us for account-level requests.
Borrowers and other loan parties: DocMan processes your information on behalf of the lending company you are working with. To exercise access, correction, deletion, or other rights regarding your loan information, please contact that lending company (your loan officer or broker), who is the controller of your data. If you contact us directly, we will refer your request to the appropriate Customer.
Depending on your location, you may have rights under laws such as the European Union's General Data Protection Regulation (GDPR) or the CCPA/CPRA (including the right to know, access, correct, delete, and not be discriminated against for exercising rights).
We use a strictly necessary session cookie to keep you signed in and to operate the Service securely. We do not use third-party advertising or cross-site tracking cookies. Disabling the session cookie will prevent sign-in.
The Service is operated from, and data is processed in, the United States. If you access the Service from outside the United States, you consent to the transfer and processing of information in the United States and other jurisdictions where our sub-processors operate, which may have different data-protection laws than your country. You are responsible for ensuring compliance with any applicable foreign law.
The Service is a business tool not directed to children and is not intended for use by anyone under 18. We do not knowingly collect personal information from children. If you are under the age of 18, you may not use or access the Service.
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice as appropriate. Your continued use of, or access to, the Service after changes become effective constitutes acceptance of the modified policy.
This Privacy Policy is governed by the laws of the State of Alabama, without regard to its conflict-of-laws rules. Any disputes arising under or relating to this Privacy Policy are subject to the dispute-resolution provisions of our Terms of Service.
Questions or requests regarding this Privacy Policy:
DocMan Solutions, LLC
Email: support@docmansolutions.com