Privacy Policy
Last updated: January 1, 2025
At Docka, we take your privacy seriously. This policy describes what information we collect, how we use it, and your rights regarding your data.
Privacy at a Glance
- All credentials encrypted with AES-256
- We never sell your data to third parties
- No third-party tracking cookies
- Export or delete your data anytime
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address (required for login and notifications)
- Name (optional, for personalization)
- Password (stored as a secure hash, never in plain text)
- Organization name and details (if applicable)
Cloud Provider Credentials
To manage your infrastructure, we store:
- API keys and access tokens for connected cloud providers
- SSH keys and credentials for BYOS (Bring Your Own Server)
- Database connection strings and credentials
Security: All credentials are encrypted at rest using AES-256-GCM encryption. Encryption keys are stored separately and rotated regularly.
Infrastructure Data
When managing your infrastructure, we collect:
- Server configurations and metadata
- Application deployment configurations
- Domain and SSL certificate information
- Environment variables (encrypted)
Metrics and Logs
For monitoring purposes, we collect:
- Server metrics (CPU, memory, disk, network usage)
- Container and application metrics
- Deployment logs and build outputs
- Alert history and notification logs
Usage Data
To improve the Service, we collect:
- Feature usage patterns (which features you use)
- Error logs for debugging and support
- Session information (browser, device type)
- Referral source (how you found us)
2. How We Use Your Information
We use the collected information to:
- Provide the Service: Provision servers, deploy applications, manage databases, and perform all platform functions
- Authenticate you: Verify your identity and authorize access to resources
- Send notifications: Alert you about deployments, incidents, and important updates
- Provide support: Respond to your questions and troubleshoot issues
- Improve the platform: Analyze usage patterns to enhance features and performance
- Ensure security: Detect and prevent fraud, abuse, and security threats
- Communicate updates: Send product announcements and feature updates (with opt-out)
3. Data Security
We implement comprehensive security measures to protect your data:
Encryption at Rest
- AES-256-GCM for all credentials
- Separate key management system
- Regular key rotation
Encryption in Transit
- TLS 1.3 for all connections
- HTTPS everywhere
- Secure WebSocket (WSS) for agents
Access Controls
- Role-based access control (RBAC)
- Two-factor authentication
- Session management
Monitoring
- Comprehensive audit logging
- Security incident detection
- Regular security audits
Despite our best efforts, no security system is impenetrable. We encourage you to use strong passwords, enable two-factor authentication, and regularly rotate API keys.
4. Data Sharing
We do not sell your personal data to third parties. Ever.
We may share data in limited circumstances:
- Cloud providers: Credentials are shared only with providers you connect to perform requested operations
- Service providers: Limited data shared with hosting, email, and analytics providers under strict data protection agreements
- Legal requirements: When required by law, subpoena, or court order
- Business transfers: In the event of a merger, acquisition, or sale, your data may be transferred (with notice)
- With your consent: When you explicitly authorize sharing
5. Data Retention
We retain different types of data for different periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Server metrics (detailed) | 90 days (configurable) |
| Server metrics (aggregated) | 1 year |
| Deployment logs | 30 days (configurable) |
| Audit logs | 1 year |
| Billing records | 7 years (legal requirement) |
Upon account deletion, we remove your data within 30 days, except where retention is required by law.
6. Your Rights
You have the following rights regarding your data:
Access
Request a copy of all personal data we hold about you.
Export
Download your data in a machine-readable format (JSON).
Correction
Update or correct inaccurate personal information.
Deletion
Request deletion of your account and all associated data.
Opt-out
Unsubscribe from marketing emails at any time.
Portability
Transfer your data to another service provider.
To exercise these rights, contact us at privacy@docka.dev or use the settings in your dashboard.
7. Cookies and Tracking
We use cookies and similar technologies for:
- Essential cookies: Required for authentication and security
- Preference cookies: Remember your settings (theme, language)
- Analytics cookies: Understand how you use the platform (anonymized)
No third-party tracking: We do not use advertising cookies or share data with ad networks. Our analytics are self-hosted and privacy-respecting.
8. International Data Transfers
Your data may be processed in countries outside your residence. We ensure adequate protection through:
- Standard contractual clauses approved by relevant authorities
- Data processing agreements with all service providers
- Encryption of data in transit and at rest
9. Children's Privacy
Docka is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Sending an email to your registered address
- Displaying a prominent notice in the dashboard
- Updating the "Last updated" date at the top of this page
11. Contact Us
For privacy-related questions or to exercise your rights:
- Privacy Email: privacy@docka.dev
- General Support: Contact Form
- Security Issues: security@docka.dev
We aim to respond to all privacy inquiries within 30 days.