Secure data protection and privacy

Security & Privacy by Design

Your data deserves serious protection. Here's how Dokyo keeps your documents, files, and workspace secure.

How We Protect Your Data

Every layer of Dokyo is built with security and privacy first. No exceptions, no afterthoughts.

Hosted in Europe

All Dokyo infrastructure runs on servers in the European Union. Your data never leaves the EU and benefits from the world's strictest data protection regulations.

Encryption in Transit

Every connection to Dokyo is encrypted using TLS 1.2 or higher (HTTPS). Whether you're editing a page or uploading a file, your data is always protected in motion.

Encryption at Rest

Your documents, files, and database records are stored on encrypted volumes. Even at the infrastructure level, your data is protected against physical access.

Secure Authentication

Passwords are hashed using bcrypt with a high work factor. Dokyo also supports passwordless login via OAuth (Google, GitHub), and session tokens are signed and rotated.

Workspace Isolation

Each workspace is fully isolated at the database level. Users can only access pages and data within workspaces they belong to, enforced server-side on every request.

No Third-Party Tracking

Dokyo includes no analytics trackers, ad networks, or third-party scripts. No Google Analytics, no Meta Pixel, no fingerprinting. Zero tracking, period.

CSRF & XSS Protection

All API endpoints are protected against cross-site request forgery (CSRF). User-generated content is sanitized to prevent cross-site scripting (XSS) attacks.

GDPR Aligned

Dokyo is designed with GDPR principles from the ground up. Data minimization, consent, user rights, and European hosting are built in, not bolted on.

Regular Security Updates

We monitor for vulnerabilities, apply patches promptly, and keep all dependencies and infrastructure up to date to protect against emerging threats.

Privacy by the Numbers

Trust built on concrete commitments, not promises.

0
third-party trackers or analytics
TLS 1.2+
encryption standard for all data in transit
100%
data stored in the EU only
Bcrypt
high-strength password hashing algorithm

Privacy Questions Answered

Where is my data stored?

All Dokyo infrastructure runs on servers in the European Union. Your data is never stored outside the EU and is subject to GDPR and other strict European data protection laws.

Does Dokyo track me?

No. Dokyo includes no analytics trackers, ad networks, or third-party scripts. We do not use Google Analytics, Meta Pixel, or fingerprinting. We do not sell your data or share it with advertisers.

What data does the AI assistant use?

The optional AI assistant is disabled by default. When you enable it, only the content you explicitly send to the assistant is processed. The AI does not train on your data, and your documents are never used to improve the model without your consent.

How long do you keep my data?

We keep your account data and content for as long as you have an active account. If you delete your account, we securely delete all your data within 30 days. Consent records are kept only as long as required by law.

What are my GDPR rights?

You have the right to access, correct, and delete your personal data. You can export your documents at any time and request a copy of all data Dokyo holds about you. Contact us at [email protected] to exercise these rights.

Is Dokyo compliant with other privacy laws?

Dokyo is built to comply with GDPR and other European privacy laws. We follow privacy-by-design principles, minimize data collection, and respect user rights across all jurisdictions.

Experience Privacy You Can Trust

Start using Dokyo free today. No credit card, no tracking, no surprises.

Get Started Free