Inkstamp
How it works Who it's for About Log in Book a call
How it works Who it's for About Log in Book a call

User Privacy Notice

Last Updated: March 28, 2026

Diorthos is intended for businesses in the United States.

1. What This Privacy Notice Covers

This Privacy Notice describes how Diorthos and its affiliates (collectively, "Diorthos," "we," "us," or "our") collect, use, disclose, and retain personal information for our own business purposes when you interact with Diorthos and our websites, services, content, software, applications, and related offerings (collectively, the "Services").

This Privacy Notice applies when you:

  • visit a website or online service that links to this Privacy Notice;
  • create, access, or administer a Diorthos account;
  • request a demo, complete a form, sign up for updates, or otherwise communicate with us;
  • purchase, use, or receive support for the Services;
  • attend a webinar, event, training session, partner program, or other Diorthos program;
  • apply to become, or participate as, a Certified Partner or other implementation partner; or
  • integrate your application or service with the Services, or otherwise interact with us in a business relationship.

This Privacy Notice does not apply to:

  • Customer Personal Data. This is personal data that our customers submit to us for processing through the Services and that we process on their behalf. If you use Diorthos through your employer or another organization, that organization controls how Customer Personal Data is handled. This generally includes personal data contained in documents and business workflows that a customer submits or connects to the Services, such as bills, receipts, contracts, bank statements, invoices, payroll data, tax records, time entries, approval records, and similar operational records processed through Filetray, Inkstamp, or related Services. For more information, please see our Privacy at Diorthos FAQs and our Data Processing Addendum.
  • Employment-related information. This Privacy Notice does not apply to personal information processed by Diorthos in its role as an employer or prospective employer.
  • Third-party services and content. Third-party sites, products, services, and integrations are governed by their own privacy notices.

We may also create and use de-identified information that can no longer reasonably be used to identify you. Where we maintain de-identified information, we will not attempt to re-identify it except as permitted by applicable law, such as to test whether our de-identification process is effective.

2. Personal Information We Collect

The personal information we collect depends on how you interact with us and the Services you use.

A. Information You Provide Directly to Us

We may collect the following categories of personal information directly from you:

  • Account information, such as your name, work email address, password, single sign-on details, and other account security or authentication information.
  • Contact and professional information, such as your name, company name, job title, department, business address, phone number, and email address.
  • Billing and transaction information, such as billing contact details, billing address, subscription details, payment-related records, and transaction history. Payment card details may be collected and processed by our payment processor on our behalf.
  • Communications and support information, such as the contents of emails, support tickets, chat messages, meeting notes, survey responses, and other communications you send to us.
  • Event, training, and marketing information, such as your registration details for webinars, partner or training programs, your preferences for receiving communications, and information you choose to provide when responding to forms or surveys.
  • Partner and implementation information, such as business and professional information you provide when applying to become a Certified Partner, participating in onboarding or certification, or working with us to implement the Services for a customer.

Providing personal information is voluntary, but some information is necessary for us to provide certain Services or respond to certain requests.

B. Information We Collect Automatically

When you use the Services or visit our websites, we may automatically collect:

  • Usage information, such as the pages or features you view, the actions you take, the time and duration of your activity, and referral URLs.
  • Log and device information, such as IP address, browser type, device type, operating system, app version, time zone, access times, diagnostic data, error logs, and similar technical information.
  • General location information, such as an approximate location inferred from your IP address.
  • Cookie and similar technology information, as described in our Cookie Notice.

C. Information We Collect from Other Sources

We may receive personal information from other sources, such as:

  • Your organization or account administrators, for example when they create an account for you, invite you to use the Services, or manage your access.
  • Certified Partners or implementation partners, for example when they refer you to us, help onboard your organization, or participate in implementation or support activities you request.
  • Public or business information sources, such as company websites, professional networking sites, event organizers, and commercially available business contact databases used to support sales, partnerships, or marketing.

Examples

Examples of how this works in practice:

  • When you create a Diorthos account, we may collect your name, work email address, company, and login credentials.
  • When you request a demo or apply to become a Certified Partner, we collect the contact, business, and professional information you submit and any follow-up communications.
  • When you contact support, we collect your contact details and the contents of your request.
  • When you use the Services, we collect logs and usage information to operate, secure, and improve the Services.
  • When you purchase a subscription, we collect billing details and transaction records needed to manage the subscription and payment process.
  • Personal data contained in customer-submitted business records and workflows processed through the Services is generally Customer Personal Data and is governed by our customer-facing documentation rather than this Privacy Notice.

3. How We Use Your Personal Information and Our Legal Bases

We use personal information for the following purposes:

Purpose Personal information typically used Legal basis (EEA/UK only)
Register and administer accounts Account information, contact and professional information, log and device information Performance of a contract; legitimate interests in maintaining secure accounts
Provide, operate, and support the Services Account information, contact and professional information, billing and transaction information, communications and support information, usage information, log and device information, general location information Performance of a contract; legitimate interests in operating and improving the Services
Process billing and manage subscriptions Billing and transaction information, contact and professional information, communications and support information Performance of a contract; compliance with legal obligations
Communicate with you about the Services Account information, contact and professional information, communications and support information Performance of a contract; legitimate interests in customer communication and support
Manage demos, onboarding, training, and partner relationships Contact and professional information, communications and support information, event, training, and marketing information, partner and implementation information Legitimate interests in sales, onboarding, training, implementation, and partner program administration
Protect the Services, prevent misuse, and comply with law Account information, contact and professional information, billing and transaction information, communications and support information, usage information, log and device information, general location information Legitimate interests in protecting our business and users; compliance with legal obligations
Improve and develop our websites, Services, and business operations Communications and support information, usage information, log and device information, cookie and similar technology information Legitimate interests in understanding, maintaining, and improving our Services; consent where required by law
Send marketing communications and manage preferences Contact and professional information, event, training, and marketing information, cookie and similar technology information Legitimate interests in promoting our business; consent where required by law

Where we rely on legitimate interests, those interests generally include operating, securing, supporting, improving, and marketing the Services in a way that is proportionate and respects your rights.

4. How We Disclose Your Personal Information

We disclose personal information only as reasonably necessary for the purposes described in this Privacy Notice, including to the following categories of recipients:

  • Affiliates. We may disclose personal information within the Diorthos corporate group for internal administrative, support, security, and business operations purposes.
  • Service providers and contractors. We use third-party providers that help us operate the Services and our business, such as hosting and cloud infrastructure providers, identity and authentication providers, payment processors, customer support tools, analytics providers, email and communications providers, and other business operations vendors.
  • Your organization and account administrators. If you use the Services through an organization, we may disclose information about your account and use of the Services to that organization and its authorized administrators, consistent with the Services and account settings.
  • Certified Partners and other implementation partners you choose to work with. If you engage a Certified Partner or other implementation, onboarding, or migration partner, we may disclose the information reasonably necessary to support that relationship and the Services you request.
  • Integration, implementation, or migration partners you direct us to work with. If you choose to use third-party integrations or ask us to coordinate with a third party in connection with your account, we may disclose the information reasonably necessary to enable that request.
  • Professional advisors. We may disclose personal information to lawyers, auditors, accountants, insurers, and similar professional advisors where necessary.
  • Legal, compliance, and safety recipients. We may disclose personal information to courts, regulators, law enforcement, or other third parties where we believe disclosure is necessary to comply with law, enforce our agreements, protect our rights, investigate security incidents, or prevent fraud or abuse.
  • Business transaction counterparties. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be disclosed to relevant counterparties and advisors, subject to appropriate safeguards.
  • With your consent or at your direction. We may disclose personal information when you ask us to do so or otherwise consent.

5. How Long We Keep Your Personal Information

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Notice, including to provide the Services, maintain appropriate business and financial records, resolve disputes, enforce our agreements, and comply with legal obligations.

The table below describes our typical retention approach:

Category Typical retention period
Account and profile information While your account is active and for up to 12 months after account closure or deactivation, unless a longer period is needed for security, dispute resolution, or legal compliance
Billing and transaction records For up to 7 years after the relevant transaction or end of the customer relationship, unless a longer period is required by law
Support tickets and business communications For up to 24 months after closure of the request or last meaningful interaction, unless we need to retain them longer for legal, contractual, or security reasons
Security logs and audit trails Generally for up to 12 months, and longer if reasonably necessary to investigate incidents, detect abuse, or comply with legal obligations
Marketing preference records Until you opt out or withdraw consent, plus as long as reasonably necessary to maintain suppression lists and honor your preferences
Cookie or consent preference records As long as reasonably necessary to demonstrate compliance and manage your choices

In some cases, we may retain information longer where required or permitted by law, including for tax, accounting, litigation hold, compliance, or fraud prevention purposes. We may also retain de-identified information for longer periods.

6. International Transfers

Diorthos and our service providers may process personal information in the United States and other countries where we operate. Those countries may have data protection laws that differ from the laws of your country.

Where required by applicable law, we use appropriate safeguards for international transfers of personal information, such as approved contractual protections or other lawful transfer mechanisms.

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate our websites and Services, remember your preferences, understand how users interact with our sites and Services, and improve performance.

Where required by law, we obtain consent before using non-essential cookies or similar technologies. You can manage cookie preferences through your browser settings and, where available, through our cookie tools. For more information, please see our Cookie Notice.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure.

These safeguards include, as appropriate, access controls, encryption in transit, logging and monitoring, vendor diligence, and policies and procedures designed to limit access to personal information to those with a legitimate business need.

No method of transmission over the internet or method of storage is completely secure, so we cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your location and applicable law, you may have rights regarding your personal information, including the right to:

  • know whether we process your personal information and access it;
  • request correction of inaccurate personal information;
  • request deletion of personal information, subject to legal exceptions;
  • receive a portable copy of certain personal information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • opt out of certain processing, such as certain marketing communications and, where applicable, targeted advertising, sale, sharing, or profiling; and
  • appeal a decision on your privacy request where required by law.

How to Submit a Request

You may submit privacy requests by emailing privacy@diorthos.com and by using our privacy request form.

Verification and Authorized Agents

To protect personal information, we may need to verify your identity before processing a request. We may ask you to provide information that helps us confirm you are the person to whom the request relates.

Where permitted by law, you may also designate an authorized agent to make a request on your behalf. We may ask the agent to provide proof of authorization and may also ask you to verify your identity directly.

Marketing Choices

You can opt out of promotional emails by using the unsubscribe link in the message. If you receive marketing SMS messages from us, you may opt out by following the instructions in the message. Even if you opt out of marketing communications, we may still send service-related or transactional messages.

EEA and UK Users

If you are in the EEA or the UK, you may have the right to access, correct, erase, restrict, object to, or request portability of your personal information, and to withdraw consent where applicable. You also have the right to lodge a complaint with your local supervisory authority.

We generally respond to EEA and UK rights requests within one month, although we may extend that period where permitted by law, for example where a request is complex.

U.S. State Privacy Rights

If you are covered by a U.S. state privacy law, you may have rights to access, delete, correct, obtain a copy of, or opt out of certain uses of your personal information, subject to applicable exceptions and limitations.

If we deny your request, you may have the right to appeal our decision. To appeal, please reply to our response or contact us at privacy@diorthos.com with the subject line "Privacy Appeal."

10. Children's Personal Information

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16 without appropriate consent where required by law. If you believe a child has provided us with personal information, please contact us at privacy@diorthos.com.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our Services, business practices, or legal obligations. When we make changes, we will update the Last Updated date at the top of this Privacy Notice and provide any additional notice required by law.

12. How to Contact Us

If you have questions about this Privacy Notice or our privacy practices, please contact us at:

Email: privacy@diorthos.com
Mail: Diorthos LLC, 6650 Rivers Ave. Ste 100, Charleston, SC 29406 USA

If your question relates to Customer Personal Data processed on behalf of your organization, please contact your organization's administrator.

13. Additional Information for California Residents

This section supplements the rest of this Privacy Notice and applies to California residents covered by the California Consumer Privacy Act, as amended (the "CCPA").

Categories of Personal Information Collected, Sources, Purposes, Recipients, and Retention

In the preceding 12 months, we may have collected the following categories of personal information:

CCPA category Examples Sources Business or commercial purposes Categories of recipients Retention
Identifiers Name, email address, business address, account ID, IP address Directly from you; your organization; automatically from your device Account creation, service delivery, support, security, communications Affiliates; service providers; your organization and administrators; advisors; authorities where required See Section 5
California customer records information Billing contact details, subscription records, transaction-related records Directly from you; payment and business systems Billing, subscription management, recordkeeping, support, compliance Affiliates; payment processors; service providers; advisors; authorities where required See Section 5
Commercial information Products or Services purchased, subscription history, customer relationship information Directly from you; internal systems Contract management, billing, customer support, business operations Affiliates; service providers; advisors; authorities where required See Section 5
Internet or other electronic network activity information Usage data, browser information, device information, log data, interactions with our websites or Services Automatically from your device or browser Service operation, analytics, security, troubleshooting, improvement Affiliates; service providers See Section 5
Geolocation data Approximate location inferred from IP address Automatically from your device or browser Security, localization, service operation, analytics Affiliates; service providers See Section 5
Professional or employment-related information Company name, job title, department, business contact information Directly from you; your organization; public business sources Account administration, relationship management, sales, support Affiliates; service providers; your organization; advisors See Section 5
Audio, electronic, visual, or similar information Emails, support messages, chat transcripts, survey responses, other communications with us Directly from you Support, account administration, service improvement, dispute resolution Affiliates; service providers; advisors; authorities where required See Section 5
Inferences General preferences and interests inferred from your interactions with our websites, communications, or Services Derived from the information above Personalization, relationship management, product improvement, marketing Affiliates; service providers See Section 5
Sensitive personal information Account log-in credentials and, where applicable, payment information submitted in connection with a purchase or subscription Directly from you; our service providers acting on our behalf Account security, payment processing, fraud prevention, and other purposes permitted by the CCPA Affiliates; authentication providers; payment processors; security providers See Section 5

We do not collect or use sensitive personal information for purposes other than those permitted by the CCPA.

Sale or Sharing of Personal Information

Diorthos does not sell personal information and does not share personal information for cross-context behavioral advertising.

Your California Rights

Subject to the CCPA and applicable exceptions, California residents may have the right to:

  • know the categories and specific pieces of personal information we have collected about you;
  • know the categories of sources from which personal information is collected;
  • know the business or commercial purposes for collecting, using, disclosing, selling, or sharing personal information;
  • know the categories of third parties to whom personal information is disclosed;
  • request deletion of personal information;
  • request correction of inaccurate personal information;
  • request a portable copy of certain personal information; and
  • opt out of the sale or sharing of personal information, if Diorthos engages in those activities.

How California Residents Can Exercise Their Rights

California residents may submit requests by emailing privacy@diorthos.com and by using our privacy request form.

We will verify your request using information associated with your account or prior interactions with us. Authorized agents may submit requests on your behalf where permitted by law, subject to verification and proof of authorization.

Where required by law, we will confirm receipt of a request to know, delete, or correct within 10 business days and respond within 45 calendar days, unless an extension is permitted.

Non-Discrimination

We will not discriminate against you for exercising rights you have under the CCPA.

Inkstamp
in X
Product
How it works Log in
Partners
Become a Partner
Resources
The bank moment The big signature The cash surprise Stale numbers Docs (coming soon)
Company
Contact
© 2026 Diorthos LLC. All rights reserved.
Privacy Terms