Privacy Policy
Last updated June 2, 2026
This policy explains what information DOKA collects, how we use it, and the choices and rights you have. It applies to our website and the DOKA application.
Information we collect
We collect only what we need to provide the service:
- Account information — your email address (used for magic-link sign-in) and, if you sign in with Google, your name and profile photo.
- Workspace content — the pages, comments, version history, and templates you and your team create.
- Usage & device data — log data such as IP address, browser type, and the actions you take, used to operate and secure the service.
- Billing details — for paid plans, subscription and payment metadata processed by our payment provider. We never see or store full card numbers.
Your AI API key
DOKA lets you bring your own Anthropic API key to power the AI assistant. We treat this key as highly sensitive:
- It is encrypted at rest using AES-256-GCM with a server-side master key.
- It is decrypted only on our server, only to make AI requests on your behalf.
- It is never written to logs, never sent back to your browser, and never shared with anyone.
- You can rotate or remove your key at any time from your account settings.
Prompts and page context you send to the AI assistant are transmitted to Anthropic to generate responses, subject to Anthropic's terms and privacy practices.
How we use information
- Provide, maintain, and improve the service.
- Authenticate you and keep your account and workspaces secure.
- Process payments and manage subscriptions and seats.
- Respond to support requests and send essential service notices.
- Detect, prevent, and investigate abuse or security incidents.
Sharing and subprocessors
We do not sell your personal data. We share data only with service providers who help us run DOKA, under contractual confidentiality and data-protection obligations. These include hosting and database infrastructure, our transactional email provider, our payment processor, and Anthropic for AI requests you initiate.
Data retention
We retain your information for as long as your account is active or as needed to provide the service. When you delete your account, we permanently delete your personal data and encrypted API key after a short grace period, except where we are legally required to retain certain records.
Your rights
Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. DOKA provides self-service tools for the most common requests:
- Export a copy of your data, including your workspaces' content, from your account privacy settings.
- Delete your account and associated data, with a 14-day cancellation grace period.
To exercise any other right, contact us at privacy@dokadoc.com.
Cookies
We use strictly necessary cookies to keep you signed in and to secure the service. We do not use third-party advertising or cross-site tracking cookies.
Security
We use industry-standard measures to protect your data, including encryption in transit, encryption of sensitive secrets at rest, and least-privilege access controls. No system is perfectly secure, but we work continuously to protect your information.
International transfers
Your information may be processed in countries other than your own. We rely on appropriate safeguards for such transfers where required by applicable law.
Children
DOKA is not directed to children under 16, and we do not knowingly collect personal data from them.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you.
Contact
Questions about this policy or your data? Email us at privacy@dokadoc.com.