On this page
Add a header to begin generating the table of contents
Introduction
DataDock, Inc. (“DataDock,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our website at datadock.ai, our application at app.datadock.ai, our APIs (including FilingFlow and GlobalComply), and our CivicLink platform (collectively, the “Services”).
By accessing or using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Services.
API customers: This Privacy Policy does not apply to data we process on behalf of customers through our API products. Processing of that data is governed by your DataDock customer agreement and applicable data processing addenda.
1. Information We Collect
Section 01
Information We Collect
We collect information you provide directly to us, information collected automatically when you use our Services, and information from third parties.
Information You Provide
- Account Information: When you register for a DataDock account, we collect your name, email address, company name, and password.
- Payment Information: Billing details collected through our payment processor (Stripe). We do not store full card numbers on our servers.
- API Credentials: API tokens generated on your behalf and associated usage metadata.
- Communications: Information you provide when you contact us via email, support tickets, or contact forms — including the contents of your messages.
- Professional Information: Company size, industry, and use-case details you provide when signing up or completing onboarding.
Information Collected Automatically
- Usage Data: API call logs, query parameters, response metadata, timestamps, and error rates associated with your account.
- Device and Browser Information: IP address, browser type and version, operating system, referring URLs, and pages visited.
- Cookies and Similar Technologies: Session cookies, preference cookies, and analytics identifiers. See Section 7 for more detail.
- Log Data: Server-side logs including request timestamps, HTTP status codes, and endpoint paths for security and operational purposes.
Information from Third Parties
- Authentication data if you sign in using Google or Microsoft SSO.
- Billing and fraud signals from our payment processor.
- Contact information if a colleague invites you to a shared DataDock organization account.
2. How We Use Your Information
Section 02
How We Use Your Information
We use the information we collect to operate and improve our Services, communicate with you, and fulfill our legal obligations.
- Provide and maintain the Services: Authenticate users, process API requests, deliver query results, and manage subscriptions.
- Billing and account management: Process payments, send invoices, enforce subscription limits, and manage plan upgrades or downgrades.
- Customer support: Respond to your requests, troubleshoot issues, and diagnose technical problems using usage and log data.
- Product improvements: Analyze aggregated, de-identified usage patterns to improve API performance, reliability, and feature design.
- Security and fraud prevention: Monitor for suspicious API usage, enforce rate limits, detect abuse, and protect against unauthorized access.
- Communications: Send transactional emails (account verification, API token delivery, billing receipts) and — with your consent — product updates and announcements.
- Legal compliance: Comply with applicable laws, respond to lawful requests, and enforce our Terms of Service.
We do not sell your personal information. We do not use your data to train machine learning models or share it with advertisers.
3. How We Share Your Information
Section 03
How We Share Your Information
We do not sell, rent, or trade your personal information. We share information only in the limited circumstances described below.
Service Providers
We engage trusted third-party vendors who process data on our behalf under contractual data protection obligations. These include:
- Cloud infrastructure: Microsoft Azure (hosting, compute, storage)
- Payment processing: Stripe
- Email delivery: Transactional email providers
- Analytics and monitoring: Self-hosted Prometheus, Grafana, and Loki (no third-party behavioral analytics)
- Customer support tooling: Helpdesk platforms used to manage support tickets
Legal Requirements
We may disclose your information if required by law, subpoena, court order, or other governmental or legal request, or when we believe disclosure is necessary to protect the rights, property, or safety of DataDock, our users, or the public.
Business Transfers
If DataDock is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
With Your Consent
We may share your information for other purposes with your explicit consent.
4. Data Retention
Section 04
Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Services. Specific retention periods are as follows:
- Account data:Retained for the duration of your account and for up to 90 days after account deletion, after which it is permanently deleted or anonymized.
- API usage logs: Retained for up to 12 months for billing, debugging, and abuse-prevention purposes, then deleted.
- Payment records: Retained for 7 years as required by applicable tax and financial regulations.
- Support communications: Retained for up to 3 years to allow follow-up on open matters.
- Server logs: Retained for up to 90 days for security monitoring, then purged.
You may request deletion of your account and associated personal data at any time by contacting us at contact@datadock.ai Certain data may be retained longer if required by law or legitimate business necessity.
5. Data Security
Section 05
Data Security
We implement commercially reasonable technical and organizational measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
- All data is encrypted in transit using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256 on Microsoft Azure infrastructure.
- API tokens are hashed and never stored in plaintext.
- Access to production systems is restricted via role-based access controls (RBAC) and multi-factor authentication.
- We maintain an internal security monitoring stack with real-time alerting for anomalous API activity.
No transmission over the internet or electronic storage method is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at contact@datadock.ai
6. Your Rights and Choices
Section 06
Your Rights and Choices
Depending on your location, you may have certain rights with respect to your personal information. We honor these rights regardless of where you are located.
Access and Portability
You may request a copy of the personal information we hold about you, including your account data and API usage records, in a structured, machine-readable format.
Correction
You may update or correct inaccurate account information directly from your account dashboard or by contacting us.
Deletion
You may request that we delete your personal information. We will honor deletion requests subject to our retention obligations described in Section 4.
Restriction and Objection
You may request that we restrict processing of your personal information or object to certain processing activities, including direct marketing.
Marketing Communications
You may opt out of marketing emails at any time by clicking “Unsubscribe” in any email we send, or by emailing contact@datadock.ai Transactional emails (e.g., billing receipts, API token confirmations) cannot be opted out of while your account is active.
To exercise any of these rights, contact us at contact@datadock.ai We will respond within 30 days. We may need to verify your identity before processing your request.
7. Cookies and Tracking
Section 07
Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve our Services. We do not use third-party advertising cookies or behavioral tracking across other websites.
Types of Cookies We Use
- Strictly necessary cookies: Required for authentication, session management, and security. These cannot be disabled.
- Functional cookies: Remember your preferences such as language and dashboard layout settings.
- Analytics cookies: Measure aggregate usage on our website to understand which pages are visited and how the site performs. We use privacy-respecting, self-hosted analytics that do not share data with third parties.
You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in to your account.
8. Third-Party Services
Section 08
Third-Party Services
Our Services may contain links to third-party websites, documentation, or integrations. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with DataDock.
If you use Google or Microsoft SSO to sign in, your authentication is governed by Google’s and Microsoft’s respective privacy policies. We receive only the information necessary to create and manage your account (name, email address, and authentication token).
9. International Data Transfers
Section 09
International Data Transfers
DataDock is headquartered in the United States. Our infrastructure is hosted on Microsoft Azure across multiple regions including US Central, US East, and US West. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for transferring personal data to the United States. To obtain a copy of the applicable safeguards, contact us at contact@datadock.ai
10. Children's Privacy
Section 10
Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you have reason to believe that a minor has provided personal information to us, please contact us at contact@datadock.ai and we will investigate and, if appropriate, delete the information from our systems.
11. Changes to This Policy
Section 11
Cookies and Tracking Technologies
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify registered users by email at least 14 days before the changes take effect.
- Display a prominent notice on our website or within the app dashboard.
Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this page periodically.
12. Contact Us
Section 12
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please reach out to us.
DataDock, Inc.
- Email: contact@datadock.ai
- Website: datadock.ai
- App: app.datadock.ai
We will respond to all inquiries within 30 days. For urgent security concerns, please mark your email subject line with [SECURITY] for prioritized handling.