Security & Privacy
Your data deserves serious protection. Here's how Dokyo keeps your documents, files, and workspace secure by design, not as an afterthought.
No tracking, no analytics, no data sharing with third parties. Ever.
Servers located in the EU, subject to strict European data protection laws.
We only store what's necessary to provide the service. Nothing more.
How we protect your data
Hosted in Europe
All Dokyo infrastructure runs on European servers. Your data never leaves the EU, benefiting from some of the strongest data protection regulations in the world.
Encryption in Transit
All connections to Dokyo are encrypted using TLS 1.2+ (HTTPS). Whether you're editing a page or uploading a file, data in transit is always protected.
Encryption at Rest
Your documents, files, and database records are stored on encrypted volumes. Even at the infrastructure level, your data is protected against physical access.
Secure Authentication
Passwords are hashed using bcrypt with a high work factor. Dokyo supports OAuth (Google, GitHub) for passwordless login, and session tokens are signed and rotated.
Workspace Isolation
Each workspace is fully isolated at the database level. Users can only access pages and data within workspaces they belong to, enforced server-side on every request.
No Third-Party Tracking
Dokyo does not include any analytics trackers, ad networks, or third-party scripts. No Google Analytics, no Meta Pixel, no fingerprinting. Zero tracking.
CSRF & XSS Protection
All API endpoints are protected against cross-site request forgery (CSRF). User-generated content is sanitized to prevent cross-site scripting (XSS) attacks.
GDPR Aligned
Dokyo is designed with GDPR principles in mind: data minimization, purpose limitation, and user rights. You can export or delete your data at any time.
Regular Security Updates
Dependencies are kept up to date, and security patches are applied promptly. The application is built with modern frameworks that receive active security maintenance.
A note about AI
Dokyo includes an optional AI chatbot feature that is disabled by default. We believe tools should be opt-in, not forced upon you. When enabled, AI queries are processed through privacy-respecting providers, and you can always bring your own API key for full control over where your data goes. No document content is ever sent to AI providers unless you explicitly use the AI feature.
Questions about security?
We take security seriously. If you discover a vulnerability or have questions about how your data is handled, please reach out to us.
Get Started Free