Privacy notice.

This notice covers two things and only those two:

1. This marketing / documentation site at the URL you are reading this on.
2. The doks open-source software distributed at github.com/getdoks/doks, in the form it is shipped (not after you modify it).

It does not cover sites or services built using doks by third parties. Those operators are independent data controllers; check their own privacy notices.

"We", "us", and "our" refer to the maintainers of the doks open-source project. "You" refers to the person reading this site or running the doks software.

Nothing optional. No analytics, no cookies, no tag managers, no fingerprinting, no email capture, no chat widgets, no advertising pixels, no A/B testing.

Server access logs

The hosting provider that serves these static pages may write standard HTTP access logs containing IP address, user-agent string, requested path, response code, and timestamp. These logs:

• Are kept for no longer than 30 days for abuse and operational diagnostics;
• Are not aggregated, profiled, sold, or used for any analytics purpose;
• Are accessed only when investigating a specific incident.

Web fonts

The site currently loads typography from Google Fonts. When your browser fetches those fonts, your IP address is sent to Google. We are evaluating self-hosting the font files to remove this third-party request entirely. Until then, Google's use of that data is governed by Google's privacy policy.

Outbound links

Links to GitHub, provider documentation, or other external sites open separate sessions governed by those operators' policies. We do not pass any identifier or referrer-derived ID across the boundary.

doks is software you self-host. When you run it, it acts on your behalf, not ours.

Outbound calls

A running doks instance makes network calls to:

• Your chosen embedding provider (Voyage AI is the reference) using your API key;
• Your chosen chat provider (Anthropic, z.ai, DeepSeek, OpenAI, Gemini, or Mistral) using your API key.

Local storage

Embeddings and chunk metadata are stored in a single SQLite file at data/docs.db inside your repo. There is no remote database.

What does not happen

doks does not phone home. There is no telemetry endpoint, no update check that pings us, no licence-server callback. The maintainers cannot see your traffic, your visitors, your queries, or your keys.

End-user questions

Visitors who use the chat panel of a doks site send their question to the chat provider that operator has configured. The doks code does not log questions server-side beyond what the chat provider itself does. As a deployer, you are responsible for disclosing this to your visitors and for your provider's data-processing terms.

For visitors in the EU, UK, or other jurisdictions with comparable rules, the lawful bases under GDPR Article 6 are:

Legitimate interest

Short-term retention of access logs for security, abuse mitigation, and basic operational integrity. Balanced against your interests; if you object, write to the contact below.

Legal obligation

Disclosing logs in response to a valid legal request from a competent authority.

We do not rely on consent for anything on this site because there is nothing requiring consent.

If you live in the EU, UK, EEA, or any jurisdiction with comparable data-protection law, you have the rights below. They apply to the personal data we hold about you, which in practice is limited to short-term log entries.

• Right of access — ask whether we hold any data about you, and request a copy.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure ("right to be forgotten") — ask us to delete data we hold about you, subject to limited legal exceptions.
• Right to restrict processing — ask us to pause processing while a dispute is resolved.
• Right to object — object to processing based on legitimate interest.
• Right to data portability — receive your data in a portable, machine-readable form.
• Right to lodge a complaint — with your local supervisory authority. In Ireland this is the DPC; in the UK the ICO; elsewhere see the EDPB members list.

To exercise any of these, open an issue at github.com/getdoks/doks/issues with the label privacy, or write to the contact in section 12. We respond within 30 days.

Access logs

30 days, then deleted.

GitHub issue history

Indefinitely (public record on GitHub, governed by their policy). Delete or edit your own comments at any time using GitHub's tools.

Anything you e-mail us

Until the matter is closed plus a reasonable archival window of up to 12 months.

The hosting provider may serve this site from data centres in multiple regions. Where personal data (in the form of access logs) flows outside the EEA / UK, transfers rely on adequacy decisions where they exist, or on Standard Contractual Clauses (SCCs) with the provider where they do not.

The Google Fonts request mentioned in section 2 may be served from any Google edge location worldwide.

This site is a developer-facing technical resource. It is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has interacted with us, write in and we will delete what we have.

• HTTPS is enforced for all requests.
• The static-site build artefact contains no secrets and no database; there is no admin panel to compromise.
• The repository follows least-privilege access on GitHub; pushes to main require a PR review.
• Vulnerability reports are handled per the security disclosure process.

No system is perfectly secure. If a breach occurs that affects personal data, we follow section 10.

If we become aware of a personal-data breach affecting EU / UK individuals that is likely to result in a risk to their rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and notify affected individuals without undue delay where Article 34 applies. The breach will also be disclosed publicly in the project's GitHub releases.

The latest version always lives at this URL. The "Effective" date and version at the top reflect the current revision. Material changes (definition: changes that expand the data we collect, change a legal basis, or affect your rights) will be summarised in the project's GitHub releases and dated there. You are not personally notified because we do not have your e-mail.

This is a public open-source project. The primary channel is a GitHub issue at github.com/getdoks/doks/issues, labelled privacy. For matters that should not be public (e.g. an access request that contains your data), write to privacy@datadistill.co.

There is no postal address because there is no incorporated entity behind doks. If a postal address becomes legally required for your jurisdiction, please ask and we will provide one.