Effective date: 7 February 2026
Docket (dockethq.app) is an EU-first NIS2 incident and evidence platform operated by Patrick, based in Spain. We are in the process of incorporating as Docket SL, a Spanish Sociedad Limitada. Until incorporation is complete, the data controller for the purposes of the General Data Protection Regulation (GDPR) is:
Once Docket SL is registered, this policy will be updated to reflect the incorporated entity and its registered address.
This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website at dockethq.app and sign up for our early access waiting list. It applies to all visitors to our website and to everyone who submits their information through our early access form.
When you sign up for early access to Docket, we collect the following personal data:
| Data | Purpose |
|---|---|
| Email address | To contact you about early access, product updates, and launch announcements |
| Name | To personalise our communications with you |
| Company / Organisation | To understand our audience and tailor the product to the right market segments |
| Job title / Role | To understand which roles are interested in Docket and prioritise relevant features |
We do not collect any special categories of personal data (such as health data, biometric data, or data revealing racial or ethnic origin).
Providing your personal data through the early access form is entirely voluntary. There is no statutory or contractual obligation to do so. However, if you choose not to provide the requested information, we will be unable to add you to the early access waiting list or send you updates about Docket.
We process your personal data on the following legal bases under Article 6 of the GDPR:
| Processing activity | Legal basis |
|---|---|
| Sending early access updates and product announcements | Consent (Art. 6(1)(a)) — you actively opt in by submitting the early access form |
| Analysing signups to understand our audience | Legitimate interest (Art. 6(1)(f)) — understanding our market to build a better product |
You may withdraw your consent at any time by clicking the unsubscribe link in any email we send, or by contacting us at privacy@dockethq.app. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
We use the data you provide to:
We will not sell, rent, or share your personal data with third parties for their own marketing purposes.
We use the following third-party service to process your data on our behalf:
| Processor | Purpose | Location |
|---|---|---|
| Brevo (Sendinblue SAS) | Email marketing and contact management for the early access list | Paris, France (EU) |
Brevo processes your data under a Data Processing Agreement (DPA) in compliance with the GDPR. You can review Brevo's privacy policy at brevo.com/legal/privacypolicy.
If we add additional processors in the future (for example, analytics or hosting providers), this policy will be updated accordingly.
EU-first commitment: Your data stays in the European Union.
Docket is built on an EU-first architecture. Our website infrastructure and all data processing services are hosted within the European Union. We do not transfer your personal data outside the EU/EEA.
Should this ever change, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses approved by the European Commission) and update this policy before any transfer takes place.
We retain your early access signup data for as long as it is needed to fulfil the purposes described in this policy. Specifically:
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@dockethq.app. We will respond within 30 days, as required by the GDPR.
You also have the right to lodge a complaint with a supervisory authority. The relevant authority in Spain is:
Agencia Española de Protección de Datos (AEPD)
Our landing page does not use cookies for tracking or advertising purposes. If we use any essential cookies (for example, to remember your cookie preferences), they do not collect personal data and do not require consent.
Brevo's embedded forms may set strictly functional cookies required for the form to operate. These are limited to what is technically necessary and do not track you across other websites.
If we introduce analytics or other cookies in the future, we will update this section and implement a cookie consent mechanism before doing so.
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS), access controls, and use of reputable EU-based service providers.
Docket is a business-to-business product. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us at privacy@dockethq.app and we will delete it promptly.
We do not use your personal data for automated decision-making or profiling as defined under Article 22 of the GDPR.
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email (if we have your address) and update the effective date at the top of this page.
We encourage you to review this policy periodically.
If you have any questions about this privacy policy or how we handle your data, please contact us: