Docket

Privacy Policy

Last updated: April 16, 2026

Docket Inc. ("Docket," "we," "us," or "our") operates the Docket document management platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using Docket, you agree to the collection and use of information in accordance with this policy.

1. Information we collect

Account information

  • Name and email address (from Google OAuth sign-in)
  • Google account identifier

Documents and content

  • Email attachments ingested via the Gmail API
  • Files you manually upload (PDFs, images, and other documents)
  • AI-extracted metadata such as vendor names, amounts, dates, and categories
  • Document embeddings (vector representations used for semantic search)

Usage data

  • Log data including IP address, browser type, and device information
  • Feature usage and interaction patterns
  • AI chat queries and conversation history within Docket

Cookies

We use essential session cookies to keep you signed in. We do not use third-party advertising or tracking cookies.

2. How we use your information

  • To provide the Docket service — ingesting, categorizing, storing, and searching your documents
  • To process documents with AI for field extraction and automatic categorization
  • To generate embeddings that power semantic search and the AI chat agent
  • To respond to your queries through the AI chat interface
  • To send you account-related notifications and support communications
  • To improve and maintain the reliability and security of the service

3. Google API Services — Gmail data usage

Docket accesses your Gmail account through the Google API with the following limited scopes:

  • gmail.readonly — to read your emails and download attachments for document ingestion
  • gmail.labels — to create and manage a "Docket" label in your inbox so you can see which emails have been processed

Gmail data is used solely to identify and extract document attachments for storage and categorization within your Docket account.

Limited use disclosure

Docket's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Gmail data is used only to provide the user-facing document management features you see in Docket
  • Gmail data is not used for serving advertisements or ad targeting
  • Gmail data is not sold to third parties
  • Gmail data is not used for any purpose other than providing and improving Docket's core features
  • No human reads your Gmail data unless (a) you give explicit consent, (b) it is necessary for security or abuse investigation, (c) it is required by law, or (d) the data is aggregated and anonymized for internal operations

You can revoke Docket's access to your Gmail account at any time through your Google Account permissions page.

4. AI processing

Documents you upload or ingest are processed by OpenAI's API (GPT-4o) for field extraction, categorization, and to power the AI chat agent. Here is what you should know:

  • Document content (images or text) is sent to OpenAI for processing
  • OpenAI does not use API inputs or outputs to train its models
  • OpenAI retains API data for up to 30 days for abuse monitoring, then deletes it
  • Generated embeddings are stored in our database and are not retained by OpenAI
  • AI-generated outputs (extracted fields, categories, chat responses) may contain errors — you should verify critical information

5. Data storage and security

  • Files are stored in Cloudflare R2 with encryption at rest
  • Structured data and embeddings are stored in Neon PostgreSQL with encryption at rest and in transit
  • The application is hosted on Vercel with TLS/HTTPS for all connections
  • We use industry-standard access controls and authentication measures
  • Access to production systems is restricted to authorized personnel

6. Third-party service providers

We share data with the following service providers, solely to operate Docket:

ProviderPurposeData shared
Google (OAuth)Authentication & Gmail accessEmail, name, Google ID, email content
OpenAIAI document processing & chatDocument content (images/text)
Cloudflare R2File storageUploaded and ingested files
NeonDatabase hostingStructured data, embeddings
VercelApplication hostingRequest logs, application data
InngestBackground job processingJob metadata, document references

We do not sell your personal data. We may disclose information if required by law, to protect our rights, or to prevent fraud or abuse.

7. Data retention

  • Your documents and data are retained for as long as your account is active
  • Deleted documents are soft-deleted first, then permanently purged after 30 days
  • If you close your account, all your data — including files, metadata, and embeddings — will be permanently deleted within 90 days
  • Backups that contain your data are retained for up to 30 days after deletion

8. Your rights

You have the right to:

  • Access and download your documents and data
  • Request deletion of your data
  • Revoke Gmail access at any time
  • Object to AI processing of your documents
  • Request a copy of your personal data in a portable format

To exercise any of these rights, contact us at privacy@believelabs.com. We will respond within 30 days.

9. Children's privacy

Docket is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the application. Continued use of Docket after changes take effect constitutes acceptance of the updated policy.

11. Contact us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@believelabs.com.