DocketKeeper

Privacy Policy

Last updated: March 5, 2026

This Privacy Policy describes how DocketKeeper (“we,” “us,” or “our”) collects, uses, and protects information when you use our legal practice management platform (“Service”). We take the privacy and confidentiality of your data seriously, particularly given the sensitive nature of legal practice data.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Bar number and jurisdiction (if provided)
  • Firm name and contact information

1.2 Practice Data

In the course of using the Service, you may enter data related to your legal practice, including but not limited to:

  • Client names, contact information, and case details
  • Matter information, deadlines, and calendar events
  • Trust accounting records and financial transactions
  • Time entries, billing records, and invoices
  • Documents and file uploads
  • Notes, communications, and work product

We refer to this collectively as “Practice Data.” You retain full ownership of all Practice Data.

1.3 Sensitive Financial Information

The Service may store sensitive financial information including Social Security numbers, bank account numbers, and tax identification numbers. This information is encrypted at rest using industry-standard encryption (AES-256 via Fernet) and is only decrypted when explicitly accessed by authorized users. All decryption events are logged in an audit trail.

1.4 Usage Data

We automatically collect certain technical information, including:

  • IP address and approximate location
  • Browser type and version
  • Pages visited and features used
  • Timestamps of access
  • Error logs and performance data

1.5 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers. We receive and store only a Stripe customer identifier, subscription status, and payment history metadata. Please review Stripe’s Privacy Policy for information about how they handle payment data.

2. How We Use Your Information

2.1 Service Operation

We use your information to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Calculate deadlines and generate compliance reports
  • Process trust accounting transactions and reconciliations
  • Generate invoices and track payments
  • Send transactional emails (password resets, deadline alerts, billing notices)

2.2 What We Do NOT Do

  • We do not sell your data. Ever. To anyone.
  • We do not use your Practice Data to train AI models. Your case data, client information, and work product are never used for machine learning training.
  • We do not share your Practice Data with third parties except as necessary to operate the Service (e.g., cloud infrastructure providers) or as required by law.
  • We do not serve advertisements or share your data with advertisers.
  • We do not access your Practice Data for any purpose other than providing the Service, unless you explicitly request support assistance or as required by law.

3. Data Security

3.1 Encryption

  • In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • At rest: Sensitive financial data (SSNs, bank accounts, tax IDs) is encrypted at rest using AES-256 encryption with versioned keys.
  • Database: Our database is hosted on encrypted storage with network-level access controls.

3.2 Access Controls

  • Role-based access controls limit data access within your organization.
  • All sensitive data access is logged with timestamps and user identifiers.
  • Administrative access to production systems is restricted and audited.

3.3 Infrastructure

The Service is hosted on reputable cloud infrastructure providers (Fly.io for backend services, Vercel for frontend delivery) with SOC 2 Type II compliance. Our database is PostgreSQL with automated backups and point-in-time recovery.

4. Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Account deletion: Upon account termination, we provide a minimum 30-day period for data export. After this period, your Practice Data will be permanently deleted from our production systems within 90 days.
  • Backups: Encrypted backups may retain data for up to 90 days after deletion from production systems, after which they are purged.
  • Audit logs: Trust accounting audit logs and security event logs may be retained for up to 7 years to support compliance requirements.

5. Your Rights

You have the right to:

  • Access your data: Export your Practice Data at any time through the Service.
  • Correct your data: Update your account information and Practice Data at any time.
  • Delete your data: Request deletion of your account and associated data by contacting us.
  • Data portability: Receive your data in a standard, machine-readable format.

5.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, request deletion, and opt-out of the sale of personal information. We do not sell personal information.

To exercise your California privacy rights, contact us at privacy@docketkeeper.com.

6. Third-Party Services

We use the following third-party services:

ServicePurposeData Shared
StripePayment processingEmail, payment method, billing address
Fly.ioBackend hostingAll data (encrypted in transit and at rest)
VercelFrontend hostingNo Practice Data (static assets and client-side rendering)
SentryError trackingError messages, stack traces (no Practice Data)

We select third-party providers that maintain appropriate security standards and limit data sharing to what is necessary for each service.

7. Attorney-Client Privilege

We recognize that Practice Data may include information protected by attorney-client privilege. We implement the following safeguards:

  • We will not voluntarily disclose Practice Data to any third party, except as required by law or court order.
  • If we receive a legal request for your data (subpoena, court order, etc.), we will notify you promptly unless prohibited by law, so you may seek protective measures.
  • Our employees and contractors are bound by confidentiality agreements and are trained on the sensitive nature of legal data.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled.
  • Preference cookies: Store your display preferences (theme, language). These can be cleared by your browser.

We do not use advertising cookies or third-party tracking pixels. We do not participate in cross-site tracking.

9. Children’s Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The “Last updated” date at the top of this page indicates when this policy was last revised.

12. Contact

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

See also our Terms of Service.