Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how Dokyo ("we", "us", "the service") collects, uses, stores, and protects your personal data when you use our application. We are committed to processing your data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR).

1. Who is the data controller

Dokyo is the sole operator of this service and acts as the data controller for all personal data processed through it. For any questions about your data or this policy, please contact us at [email protected].

2. What data we collect

  • Account data: your name, email address, and a securely hashed password (or an OAuth identifier if you sign in with Google or GitHub).
  • Content you create: pages, documents, database records, comments, files you upload, and workspace metadata.
  • Usage and technical data: minimal operational data such as authentication sessions and timestamps necessary to run the service.
  • Consent records: the date you accepted our Terms of Service and Privacy Policy, and any consent to optional AI features.

We do not use third-party analytics, advertising trackers, or fingerprinting. There is no Google Analytics, no Meta Pixel, and no ad networks.

3. Why we process your data (legal bases)

  • Performance of a contract: to provide the account, workspaces, and collaboration features you sign up for.
  • Consent: for optional features such as the AI assistant, which is disabled by default and only enabled when you explicitly choose to.
  • Legitimate interests: to keep the service secure, prevent abuse, and maintain reliability.
  • Legal obligation: where we are required to retain certain records by law.

4. The AI assistant

Dokyo includes an optional AI assistant that is disabled by default. When you enable and use it, the content of your request is sent to the configured AI provider in order to generate a response. No document content is sent to any AI provider unless you actively use the feature. You may also bring your own API key so that requests go directly to the provider of your choice. We ask for your explicit consent before the AI feature is first used.

5. How long we keep your data

We keep your personal data for as long as your account is active. When you delete your account, the data you own is permanently erased. Content you contributed to workspaces owned by other users is anonymised rather than deleted, so that those workspaces remain intact. Backups are rotated on a limited schedule and purged over time.

6. Who has access to your data

Your content is isolated per workspace and is only accessible to members of the workspaces you belong to. We do not sell your data and do not share it with third parties except sub-processors strictly necessary to operate the service (such as the hosting provider and, if you enable it, the AI provider).

7. Where your data is stored

Dokyo infrastructure is hosted in the European Union. Data is encrypted in transit (TLS 1.2+) and at rest on encrypted volumes.

8. Your rights under the GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Portability: export your data in a machine-readable format. You can do this any time from Settings → Account → Data & privacy → Export my data.
  • Rectification: correct inaccurate data, e.g. by editing your profile.
  • Erasure: delete your account and the data you own, from Settings → Account → Data & privacy → Delete my account.
  • Restriction and objection to certain processing.
  • Withdraw consent at any time, e.g. by disabling the AI assistant.
  • Lodge a complaint with your local data protection authority.

9. Data security

We protect your data with encryption in transit and at rest, hashed passwords (bcrypt), workspace-level isolation enforced server-side, and protections against CSRF and XSS. See our Security & Privacy page for details.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

11. Contact

For any questions about this Privacy Policy or to exercise your rights, please contact us at [email protected].

See also our Terms of Service and Security & Privacy page.