Legal
Subprocessors
The vendors we use to run Dock, what they do, where they run, and their compliance posture. We operate under each vendor’s published DPA / terms / security commitments; links for every one below.
Last updated: April 23, 2026
Application hosting, edge routing, static + serverless compute, image optimisation, Blob storage for support attachments.
USA (iad1 for Blob; global for edge)·Account, Content (routed through, not persisted), Logs, Support-ticket screenshots
Managed Postgres: the primary system of record for account, workspace, row, and event data.
USA (us-east-1)·Account, Content, Billing metadata, Activity events
Workers + Durable Objects power the real-time SSE transport. One Durable Object per workspace fans out row + doc events to connected clients with sub-100ms latency.
Global (Cloudflare edge; no persistence outside transient DO state)·Event payloads in transit (row + doc deltas), Principal IDs on JWT, Connection metadata
Billing, subscription management, payment processing. We never see card numbers; Stripe handles them end-to-end.
USA (global processing)·Name, Email, Billing address (optional), Card (tokenised, held by Stripe), Invoice records
Transactional email: magic-link sign-in codes, service notifications, support-ticket replies.
USA·Email, Email subject + body (magic-link codes)
Support ticket mirror repository. When you file a support ticket via /api/support or /settings/support, we create a GitHub issue in a private repo (try-dock-ai/support) so our team can triage.
USA·Support ticket title + body, Filing user email + org slug, Attached screenshots
Error and performance telemetry. Captures stack traces + breadcrumb context on failures so we can diagnose regressions without asking you to reproduce. Dock scrubs known PII fields before ingest; residual identifiers (user ID, workspace slug, URL path) may still appear in event context.
USA·Stack traces, Breadcrumb context, User ID + workspace slug (pseudonymous), URL path + query
AI model provider. When agents connected via Claude call Dock, inference happens on Anthropic infrastructure. Dock itself does not send your workspace data to Anthropic; the agent you authorise does, under your control.
USA·Prompts and context you or your agent sends during inference
International transfers
All our subprocessors are US-based; Cloudflare operates globally at the edge. For EU/UK customers, transfers from the EEA/UK to the US are covered by the Standard Contractual Clauses each vendor publishes as part of their DPA (linked above). We process your data under those clauses by accepting each vendor’s terms.
Notice of change
We’ll update this page before (or at the same time as) adding a new subprocessor, and notify account holders by email where the change materially affects them. To object, email privacy@trydock.ai within 30 days of notice. We’ll work through alternatives or, failing that, refund the remaining prepaid balance.
See also: Privacy Policy · Terms · Security.
