Your code is your most valuable asset. We protect it.

Security and privacy aren't afterthoughts - they're fundamental to how Dockr is built. Here's exactly what we do to protect your source code and your team's data.

Your code is never used to train AI models - ours or anyone else's.

When Dockr analyses your repository, it reads your code to generate documentation. That code is encrypted at rest and in transit (TLS 1.3). It is never shared with third parties for training purposes, never used to improve our own models, and you can delete it at any time. Your intellectual property stays yours.

Security

Encryption at rest & in transit

All stored data is encrypted at rest. TLS 1.3 for all network communication. No plaintext storage. Encryption keys are managed separately from the data they protect.

Secure token management

OAuth 2.0 for Git authentication. Tokens are encrypted and rotate automatically. We never store your Git password. Tokens can be revoked at any time from your Git provider settings.

CSRF protection

Cross-Site Request Forgery prevention on all endpoints with token-based validation. Protects against common web attacks that attempt to perform actions on your behalf.

Comprehensive audit logging

Every action logged with timestamp and user identity. Immutable audit trail showing who accessed what and when. Compliance-ready for security reviews and incident forensics.

Regular security audits

Third-party penetration testing, vulnerability scanning, code security reviews, and dependency updates. We verify security - not just build for it.

Data isolation between organisations

Each organisation gets its own dedicated storage volume and separate encryption keys. Your data never shares disk space, a database partition, or application state with another customer.

Privacy

Your code stays yours

We process your code to generate documentation - we don't own it. You can disconnect a repository or delete your account at any time, and your data is removed within 30 days.

Never used for AI training

Your code never trains our AI models or any third-party model. Each analysis run is isolated. Your proprietary algorithms, business logic, and trade secrets are never learned from - only read to produce documentation for you.

Granular access controls

Role-based permissions at the organisation, team, and repository level. Admin, Editor, and Viewer roles. Audit exactly who has access to what - and revoke it instantly.

SOC 2 Type II - in progress

We are actively working toward SOC 2 Type II certification. GDPR-compliant for EU customers. CCPA-compliant for California. Data Processing Agreements (DPA) available on request.

Transparent data handling

No hidden data collection. No selling data to third parties. No advertising use. Our Privacy Policy documents exactly what we collect and why.

Private cloud deployment

Enterprise option. Deploy Dockr in your own AWS, Azure, GCP, or on-premises infrastructure. Your code never leaves your secure environment.

Common questions

Can Dockr employees see my source code?

No. Your source code is stored fully encrypted and is technically inaccessible to Dockr employees - the application reads it to generate documentation, but no human can view or read it. For support cases, we ask you to share a sample of the relevant code directly via email. That sample is used in an isolated test environment to reproduce and diagnose the issue, and fixes are then rolled out to production. At no point does any member of the Dockr team have access to your repository or any of its contents.

What happens to my code if I cancel my subscription?

A 7-day grace period applies after non-payment, during which your portal remains accessible. After account deletion, all your data - including repository content and generated documentation - is removed from our systems within 30 days, except where retention is required by law.

What if Dockr is breached?

Encryption means any data obtained in a breach would be useless without the encryption keys, which are stored separately. We have an incident response plan in place and would notify affected customers immediately. We patch critical vulnerabilities within 24–48 hours of discovery.

How do you handle security vulnerabilities in Dockr itself?

We run a responsible disclosure program. Report vulnerabilities to jayaveer@flytebit.com. We target patches within 24–48 hours for critical issues. Customers are notified if their data could have been affected.

Can I control where my data is stored geographically?

Private cloud deployment (enterprise option) lets you deploy Dockr in your own AWS, Azure, GCP, or on-premises infrastructure in any region you choose - your code never leaves your environment at all.

Have a security question?

Our team responds to all security inquiries within 1 business day.

jayaveer@flytebit.com

← Back to Dockr