Docketory

Privacy Policy

Last updated: 30 March 2026

1. Who We Are

Docketory (“we”, “us”, “our”) is a permitted legal support service operating under the Legal Services Act 2007. We are the data controller for the personal data we collect through our website at docketory.com and related services. The data controller is Fanaka Capital Ltd, trading as Docketory. You can contact us at support@docketory.com for any data protection enquiries. ICO registration status: ICO registration pending.

2. Data We Collect

We collect the following categories of personal data:

Account data: name, email address, phone number, and hashed password when you register. Case data: information you provide about your legal matter, including descriptions, dates, correspondence, and uploaded documents (evidence, notices, letters). Payment data: payment transactions are processed by Stripe. We do not store your card details — Stripe handles this as a PCI-DSS Level 1 compliant processor. Usage data: pages visited, device type, browser type, and IP address (collected via analytics if you consent). Communication data: emails and messages exchanged through our platform.

3. Legal Basis for Processing

We process your data under the following lawful bases: (a) Contract — to provide the services you have paid for; (b) Legitimate interests — to operate and improve our platform, prevent fraud, and ensure security; (c) Consent — for optional analytics cookies and marketing communications (you can withdraw consent at any time); (d) Legal obligation — to comply with applicable laws, court orders, or regulatory requirements.

4. How We Use Your Data

We use your data to: assess your case and provide the service you requested; create and manage your account; process payments; communicate with you about your case (email, SMS, WhatsApp, push notifications); store case documents securely in Google Drive; generate documents on your behalf; send deadline reminders; and improve our website and services through anonymised analytics.

5. Third-Party Service Providers

We use trusted sub-processors to run our service. Each provider is contractually required to protect personal data and only process it for agreed purposes.

Vercel Inc. — Website hosting and CDN. Data location: Global edge network and the US.

Neon Inc. — Database hosting (PostgreSQL). Data location: AWS EU West 1 (Ireland).

Stripe Inc. — Payment processing. Data location: US/EU.

Resend Inc. — Transactional email delivery. Data location: US.

GoHighLevel (HighLevel Inc.) — CRM and client pipeline management. Data location: US.

Google LLC (Google Drive) — Case document storage via Shared Drive. Data location: EU/Global.

Google LLC (Google Analytics) — Website analytics (consent-gated via Google Consent Mode v2). Data location: US/EU.

Anthropic PBC — AI-assisted ticket scanning. Data location: US.

Sentry (Functional Software Inc.) — Error monitoring and performance tracking. Data location: US.

UptimeRobot — Uptime monitoring (no personal data processed). Data location: EU.

Where data is transferred outside the UK, we apply appropriate safeguards, including Standard Contractual Clauses (SCCs) or UK adequacy decisions where applicable.

6. How Long We Keep Your Data

We keep data only as long as needed for service delivery, legal compliance, and dispute handling.

Free ticket tracker data (Ticket, Evidence, TicketDeadlines): retained for 2 years after the last activity on the ticket, then anonymised or deleted.

Managed case data (Case, CaseTimeline, CaseDocuments, CaseDeadlines): retained for 6 years after case closure, in line with the Limitation Act 1980 for contract and tort claims.

Account data (name, email, phone, password hash): deleted within 30 days of a deletion request. Orphaned ticket/case records are anonymised and retained under the schedules above.

Payment data: we do not store full card details. Stripe retains transaction records under its own retention policy. We retain payment reference IDs for 6 years for accounting and tax compliance (HMRC requirements).

Analytics data: Google Analytics data is retained for 14 months. No personal identifiers are sent to GA4.

Error monitoring data: Sentry retains error logs for 90 days.

Rate limiting data: automatically purged daily by scheduled cleanup.

7. Cookies

We use cookies and similar technologies on our site. You can manage your preferences at any time using the “Cookie Settings” link in the footer.

Necessary cookies

Required for core site functionality including authentication, form submissions, and consent preferences. These cannot be disabled.

Analytics cookies

We use Google Analytics 4 (GA4) to understand how visitors interact with our site. These cookies are only set after you give explicit consent. Data is processed by Google LLC under their privacy policy.

Marketing cookies

We do not currently use marketing cookies. This category exists as a placeholder for future use. If enabled, we will update this policy before any marketing cookies are set.

8. Your Rights Under UK GDPR

You have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data (subject to legal retention requirements); restrict processing; data portability (receive your data in a structured, machine-readable format); object to processing based on legitimate interests; and withdraw consent at any time. To exercise any of these rights, contact us at support@docketory.com. We will respond within 30 days.

Subject Access Request (SAR) Process

Right of Access (Article 15): email support@docketory.com with “Subject Access Request” in the subject line. We will respond within 30 days with a copy of the personal data we hold.

Right to Erasure (Article 17): email support@docketory.com with “Account Deletion Request” in the subject line, or use the “Delete My Account” option in your dashboard settings. We process requests within 30 days.

Right to Rectification (Article 16): contact support@docketory.com to correct inaccurate personal data.

Right to Data Portability (Article 20): request a machine-readable export of your data via support@docketory.com.

9. Data Security

We use industry-standard security measures including: encrypted connections (TLS/SSL) for all data in transit; hashed passwords (bcrypt); access controls limiting who can view case data; and secure cloud infrastructure. While we take reasonable steps to protect your data, no system is completely secure and we cannot guarantee absolute security.

10. International Transfers

Some of our processors may transfer data outside the UK. Where this occurs, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) and UK adequacy decisions where applicable. We ensure international transfers comply with UK GDPR.

11. Children

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns first — please contact us at support@docketory.com.

13. Changes to This Policy

We may update this policy from time to time. The date at the top indicates when it was last revised. We will notify registered users of material changes by email. Continued use of our services after changes constitutes acceptance of the updated policy.

This privacy policy should be reviewed by a qualified data protection professional. For questions, contact support@docketory.com. See also our Terms & Conditions.