Privacy Policy

1. Who We Are

Docketory (“we”, “us”, “our”) is a permitted legal support service operating under the Legal Services Act 2007. We are the data controller for the personal data we collect through our website at docketory.com and related services. You can contact us at support@docketory.co.uk for any data protection enquiries.

2. Data We Collect

We collect the following categories of personal data:

Account data: name, email address, phone number, and hashed password when you register. Case data: information you provide about your legal matter, including descriptions, dates, correspondence, and uploaded documents (evidence, notices, letters). Payment data: payment transactions are processed by Stripe. We do not store your card details — Stripe handles this as a PCI-DSS Level 1 compliant processor. Usage data: pages visited, device type, browser type, and IP address (collected via analytics if you consent). Communication data: emails and messages exchanged through our platform.

3. Legal Basis for Processing

We process your data under the following lawful bases: (a) Contract — to provide the services you have paid for; (b) Legitimate interests — to operate and improve our platform, prevent fraud, and ensure security; (c) Consent — for optional analytics cookies and marketing communications (you can withdraw consent at any time); (d) Legal obligation — to comply with applicable laws, court orders, or regulatory requirements.

4. How We Use Your Data

We use your data to: assess your case and provide the service you requested; create and manage your account; process payments; communicate with you about your case (email, SMS, WhatsApp, push notifications); store case documents securely in Google Drive; generate documents on your behalf; send deadline reminders; and improve our website and services through anonymised analytics.

5. Third-Party Processors

We share data with the following processors, each of which has their own privacy policy and data protection measures:

Stripe — payment processing. Resend — transactional email delivery. Twilio — SMS and WhatsApp messaging. Google Drive — secure case document storage. GoHighLevel — CRM and case management. Vercel — website hosting and serverless infrastructure. Neon / PostgreSQL — database hosting.

6. Data Retention

We retain your account and case data for 6 years after your last active case is closed, in line with the Limitation Act 1980 (which sets a 6-year limitation period for most civil claims). Payment records are retained for 7 years to meet HMRC requirements. Analytics data is retained in anonymised form. You may request early deletion, subject to our legal and regulatory obligations.

7. Cookies

Essential cookies: used for authentication, session management, and security. These cannot be disabled as they are necessary for the site to function. Analytics cookies: used to understand how visitors use our site. These are only set if you consent via our cookie banner. You can change your preferences at any time by clearing your cookies and revisiting the site.

8. Your Rights Under UK GDPR

You have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data (subject to legal retention requirements); restrict processing; data portability (receive your data in a structured, machine-readable format); object to processing based on legitimate interests; and withdraw consent at any time. To exercise any of these rights, contact us at support@docketory.co.uk. We will respond within 30 days.

9. Data Security

We use industry-standard security measures including: encrypted connections (TLS/SSL) for all data in transit; hashed passwords (bcrypt); access controls limiting who can view case data; and secure cloud infrastructure. While we take reasonable steps to protect your data, no system is completely secure and we cannot guarantee absolute security.

10. International Transfers

Some of our processors (Stripe, Google, Vercel) may transfer data outside the UK. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO. We ensure that all international transfers comply with UK GDPR requirements.

11. Children

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns first — please contact us at support@docketory.co.uk.

13. Changes to This Policy

We may update this policy from time to time. The date at the top indicates when it was last revised. We will notify registered users of material changes by email. Continued use of our services after changes constitutes acceptance of the updated policy.