Data retention policy
Dokkio’s Information Security Policy identifies two classes of data that may be of a personal or confidential nature:
• Personal Information - a user’s first & last name, email address, and credentials for access to other information systems, such as Dropbox or Slack, which may contain Personal Information, etc., and
• User Data - file contents, file and folder names and organization, email messages, instant messages, etc., stored in or shared or exchanged via systems such as Dropbox or Slack, which Dokkio accesses.
Dokkio retains both Personal Information and metadata about User Data (such as database records describing connected files and folders, search indexes and both user-confirmed and suggested metadata about User Data) while a Dokkio account is active. Access to this information is required to support functionality provided by the Dokkio user interface, such as full-text search and organization by file category, by tag, or by context (by Customer or by Project, etc.). A Dokkio account owner may request deletion of their account by emailing
[email protected]. Upon request, the account is rendered inaccessible, and all Personal Information and User Data is eliminated from the Dokkio database and search index during normal processing cycles, but in any event within the 30 days required by GDPR and other privacy laws.
Data archiving and removal policy
Personal Information and User Data are archived for backup and disaster recovery purposes on a periodic basis, in encrypted form. Personal Information and User Data are removed from active processing systems (databases and search indexes) and stored backups upon request from a Dokkio account owner. Upon request, the account is immediately disabled, preventing further access to Personal Information or User Data through the Dokkio user interface. Personal Information and User Data are deleted from active databases and search indexes promptly during normal processing, and backup copies are deleted during normal backup rotation. In any event, Personal Information and User Data are removed from the Dokkio service within the 30 days required by GDPR and other privacy laws. Billing data will be stored for a minimum of seven years, in compliance with the Sarbanes-Oxley act.
Data storage policy
The Dokkio service operates in a secure environment hosted by Amazon Web Services (AWS). All communication between the Dokkio service and Dokkio clients (such as the Dokkio web interface running in an internet browser or as a browser extension) is encrypted using https. Data stored by the Dokkio service (in databases, search indexes, S3 buckets, etc.) is encrypted, and communication between major Dokkio subsystems is encrypted. The security and privacy of Dokkio storage is audited annually by a third party security auditing firm.
App/service has sub-processors
no
App/service uses large language models (LLM)
yes
LLM model(s) used
OpenAI gpt-3.5-turbo and Mistral 7B
LLM retention settings
Dokkio generates a summary for each file in a connected Slack account, which is displayed to the user and used to automatically tag the file. The stored summary is retained as long as the Dokkio account exists.
LLM data tenancy policy
Dokkio database's where we store the LLM output are multi-tenant
LLM data residency policy
We store all data in AWS us-east-1