We know our customers value the security and privacy of their data. Docket is designed and built with the very best security tools and practices available in order to protect our users’ confidential information. Our experienced team protects customers from threats by applying security controls at every layer and applying 24/7 monitoring and alerting.
Data Center
We use a third-party, world-class data center that maintains several industry-recognized certifications, including ISO, SOC, PCI, and more. Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and more than 30 others. All data is encrypted at rest and in transit. Access to specific data by our application is managed at the database layer through rigorously applied policies.
Application & Servers
All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.
Authentication data is stored securely in the browser, inaccessible even to our client application. As with our data center, our application lives in a third-party, world-class hosting provider that maintains several industry-recognized certifications and is in compliance with numerous regulations, privacy standards, and frameworks.
Payments
Our payment processing is handled entirely through Stripe, a PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Through our integration with Stripe, Docket falls into the Level 4: SAQ A-EP compliance category. All payment processing is outsourced to Stripe, which is a PCI DSS validated processor. No electronic storage, processing, or transmission of cardholder data occurs on Docket’s systems or premises.