Effective July 7, 2026DocketVox — Secure Dictation for Legal Professionals
1. Information We Collect
1.1 Information You Provide Through OAuth
When you sign in via Google or Microsoft, we receive from the identity provider:
Your email address
Your name
Your profile picture (URL)
A unique identifier (Google sub or Microsoft oid)
We store this information in our database to recognize you on return visits. We do not receive or store your password — authentication is handled entirely by Google and Microsoft.
1.2 Email Send Permissions
For the Service to function as a dictation-to-email tool, we request the gmail.send scope from Google and the Mail.Send scope from Microsoft. These scopes allow the Service to send emails on your behalf using your authenticated account. We do not request access to read your inbox, contacts, or any other mail data.
1.3 Information You Voluntarily Provide
Recovery email addresses — used solely for PIN recovery (optional)
Client/matter references — included in sent email subjects (optional)
Note type labels — custom categories you create (stored locally in preferences)
Reminders — titles, deadlines, recurrence settings (optional, stored in database)
Preferences — theme, timestamp format, and other UI settings (stored in database)
1.4 Information Collected Automatically
Audit logs — timestamped records of authentication events, PIN operations, email-send attempts, reminder notifications, and preference changes. These logs contain metadata only (success/failure, event type, and user email). They do not contain note body text, email content, or dictation audio.
Session tokens — encrypted and stored in a secure HttpOnly cookie. Tokens are encrypted at rest using AES-128-GCM with a key derived from your Google/Microsoft user ID via PBKDF2.
2. What We Do NOT Collect
DocketVox is designed with privacy as a core principle. We deliberately do not collect, store, or process the following:
Note body text — dictated note text is transmitted directly from your browser to your email recipient via your own authenticated Gmail/Outbox. It is never written to disk, cached, or retained on our servers.
Voice recordings / audio — dictation is performed entirely in-browser using the Web Speech API. No audio files are uploaded to our servers.
Browsing history, IP address logs, or device fingerprints — beyond standard web server connection logs that are automatically rotated and not associated with user accounts.
3. How We Use Your Information
To authenticate you — recognizing your account on return visits
To send emails on your behalf — fulfilling the core function of the Service
To provide PIN protection — storing a salted, hashed PIN for optional app-level security
To send PIN reset emails — using your designated recovery email address
To send reminder notifications — if you configure reminders with deadlines
To maintain audit records — for security, troubleshooting, and compliance purposes
To improve the Service — aggregated, anonymized usage patterns
4. Data Storage & Security
4.1 Where Data Is Stored
All user data resides on a single virtual private server located in the United States. Data is stored in encrypted SQLite databases on an encrypted volume. We do not use third-party cloud databases, analytics services, or data processors.
4.2 Encryption
In transit: All connections are HTTPS (TLS 1.2 or higher).
At rest: Session tokens are encrypted using AES-128-GCM. PINs are salted and hashed (not stored in plaintext). Draft content tokens use client-side AES-256-GCM.
Database: The container filesystem is read-only at runtime; writable data directories are on an encrypted host volume.
4.3 Retention
Account data (name, email, preferences, reminder configurations) — retained until you request deletion.
Audit logs — retained for up to 90 days, then automatically pruned.
PIN reset tokens — deleted after use or 30 minutes, whichever comes first.
Decrypt tokens (one-time access links) — expire after a configurable period (default 7 days) and are deleted upon redemption or expiry.
5. Data Sharing & Disclosure
We do not sell, rent, or share your personal information with third parties for any purpose.
No advertising or marketing data sharing
No analytics services (no Google Analytics, no Mixpanel, no telemetry)
No third-party data processors beyond the OAuth providers (Google/Microsoft) that you authenticate with
We may disclose information only if required by law, such as in response to a valid court order or subpoena. We will make reasonable efforts to notify you before doing so, unless prohibited by law.
6. Your Rights & Choices
Access: You can view your account information at any time through the settings panel.
Export: You may request a copy of your data by emailing the contact address below.
Deletion: You may request deletion of your account and associated data. We will fulfill such requests within 30 days. Note that audit log entries required for security purposes may be retained in anonymized form.
Revoke OAuth access: You can revoke DocketVox's access to your Google or Microsoft account at any time through your account's security settings. Once revoked, the Service will no longer be able to send emails on your behalf.
7. Cookies & Local Storage
DocketVox uses the following browser storage:
HttpOnly session cookie — stores your encrypted authentication token. This cookie is not accessible via JavaScript, mitigating XSS-based theft.
Local storage — used for draft content encryption keys (client-side only), UI preferences (theme, collapsed sections), and the cache-busting version identifier. No personal data is stored in local storage beyond what is necessary for app functionality.
We do not use tracking cookies, advertising cookies, or any third-party cookies.
8. Children's Privacy
DocketVox is designed for use by legal professionals and is not intended for individuals under the age of 18. We do not knowingly collect information from minors. If we become aware that a minor has provided us with personal information, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account and/or through a notice in the application. Continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
10. Contact
For questions, data requests, or privacy concerns:
Email:support@DocketVox.com Response time: We aim to respond within 5 business days.