Privacy Policy

Effective date: April 1, 2025
Last updated: August 4, 2025

Dokai, Inc. ("Dokai," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our software-as-a-service platform, websites, and related services (collectively, the "Services").

1. Scope and Roles

  • Customer-Provided Data (Processor role): When a customer uploads or generates content in their Dokai workspace, we act as a data processor/service provider and handle it only on the customer's documented instructions.

  • Sign‑in/Account Data (Controller role): For data we collect to operate accounts and our website (e.g., SSO name and email), Dokai acts as a data controller/business.

  • Third‑Party/Licensed Data (Controller role): For datasets we license or obtain from data providers ("Third‑Party Data") and make available to multiple customers pursuant to license terms, Dokai acts as a data controller/business for that dataset.

Important: 

  • Dokai does not use one customer’s data to train models or otherwise benefit other customers.

  • Users must follow authentication, access, and device security requirements as outlined in the AUP when accessing any data.

2. Categories of Information We Collect

A. Sign‑in & Account Data (you provide or your SSO provides)

  • Name (as supplied by your identity provider)

  • Business email address

  • Authentication and session metadata (e.g., login timestamps, SSO provider, IP address, user agent)

  • Organization and role (if supplied by your IdP)

B. Service & Security Metadata (collected automatically)

  • Device and browser information

  • Log files and diagnostic data

  • Usage events needed to maintain and secure the Services

C. Third‑Party/Licensed Data (shared across customers under license)

  • Business and professional information such as company names, domains, firmographics, technographics, role/function, inferred interests, and business contact information (e.g., work email patterns or business phone numbers) obtained from data providers and publicly available sources.

  • Some Third‑Party Data may be personal data (e.g., business contact information); we contractually require providers to collect and share such data lawfully and to honor opt‑out and deletion requests.

D. Support Communications

  • Content of support tickets, emails, and chats

3. How We Use Information

A. To provide and secure the Services

  • Authenticate users, enable SSO, and manage accounts

  • Provide core features, availability, and support

  • Monitor, prevent, and detect fraud or abuse; maintain security and integrity

B. To operate licensed data products (Third‑Party Data)

  • Curate, normalize, and deliver Third‑Party Data to multiple customers according to our and our providers’ license terms

  • Refresh and quality‑check records; deduplicate; maintain accuracy

  • Enforce usage restrictions (e.g., acceptable use, rate limits)

C. Communications

  • Send service, security, and transactional notices

  • Provide product updates and administrative messages

D. Legal & Compliance

  • Comply with applicable laws, enforce agreements, and protect rights and safety

We do not sell your Sign‑in & Account Data. We may license or otherwise provide access to Third‑Party Data to multiple customers as part of our Services; see Section 6 and the U.S. State Privacy Notice for opt‑out rights where applicable.

4. AI & Model Use

  • Dokai does not use Customer‑Provided Data to train, fine‑tune, or improve models for the benefit of other customers.

  • If we use third‑party model providers, we configure them to not retain prompts or outputs for training whenever the provider offers such controls. If a provider requires limited retention for abuse monitoring, we bind them by contract to confidentiality and restricted use.

  • We may use aggregate, de‑identified telemetry (not Customer‑Provided Data) to improve reliability and performance.

5. Sources of Information

  • You or your organization (e.g., via SSO)

  • Your device/browser during use of the Services

  • Data Providers and public sources for Third‑Party Data (e.g., official registries, corporate websites, professional profiles, licensed aggregators)

6. Disclosure of Information

We disclose information only as described below:

A. Service Providers / Subprocessors

We engage vetted vendors (e.g., hosting, authentication, logging, email delivery) under written agreements requiring confidentiality and adherence to data protection laws.

B. Customers (re: Third‑Party Data)

Subject to our licenses and acceptable‑use terms, we provide Third‑Party Data to multiple customers. Such disclosures are inherent to the product. Customers must use this data responsibly and lawfully and may be required to maintain their own suppression/opt‑out lists.

C. Legal, Safety, and Corporate Events

We may disclose information to comply with law, respond to lawful requests, protect rights/safety, or in connection with mergers, acquisitions, or financing.

We do not disclose Customer‑Provided Data to other customers. We do not sell Sign‑in & Account Data.

7. Retention

  • Sign‑in & Account Data: kept for the duration of your account and a reasonable period thereafter for audit, security, and legal compliance, then deleted or archived.

  • Service & Security Logs: retained per our security policy for threat detection and auditing.

  • Third‑Party Data: retained and refreshed in line with our provider contracts and product requirements.

We will delete or de-identify data sooner when legally required or upon valid request, subject to necessary exceptions.

8. Security

We apply administrative, technical, and physical safeguards designed to protect data, including (as applicable):

  • Encryption in transit and at rest
  • Access controls for administrative access
  • MFA for all access
  • Principle of least privilege and regular access reviews
  • Vulnerability management and logging/monitoring
  • Secure password and device management per AUP requirements
  • Principle of least privilege with regular access reviews
  • Monitoring, logging, and incident response aligned with AUP

9. Your Privacy Choices & Rights

Rights depend on your location and applicable laws. Requests can be sent to security@dokai.ai.

A. Global Rights (GDPR/UK GDPR/LGPD/PDPA and similar)

Subject to conditions and exceptions, you may request to:

  • Access, correct, or delete personal data

  • Object to or restrict processing

  • Port your data

  • Withdraw consent (where processing is based on consent)

How to submit: Email privacy@dokai.ai with your request and sufficient information to verify your identity. If your data was provided by your employer, contact your administrator first.

B. U.S. State Privacy Notice (including California CPRA)

For certain U.S. states, you have additional rights and disclosures:

  • Categories collected: identifiers (name, business email), internet activity (log data), professional info, and for Third‑Party Data, business contact details and firmographic/technographic attributes.

  • Purposes: as set out in Sections 3 and 6.

  • Disclosures: to service providers and (for Third‑Party Data) to multiple customers under license.

  • Sale/Share: We do not sell Sign‑in & Account Data. Our provision of Third‑Party Data to customers may be considered a “sale” or “sharing” under CPRA.

  • Opt‑Out Methods: (i) email privacy@dokai.ai

  • Non‑discrimination: We will not discriminate against you for exercising your rights.

10. Cookies and Similar Technologies

We use strictly necessary cookies for authentication and security. We may use limited analytics cookies to understand product usage. 

11. Third‑Party Data - Additional Disclosures

  • Lawful Sourcing: We contract with providers that represent and warrant lawful collection and sharing of data, including honoring applicable consent, notice, and opt‑out obligations.

  • Public Sources: Some records are compiled from public or widely available sources; accuracy and availability can vary.

  • Sensitive Data: We do not intentionally include sensitive categories (e.g., health, precise geolocation, biometric, racial/ethnic origin) in Third‑Party Data.

  • Customer Responsibilities: Customers must use Third‑Party Data in compliance with applicable laws, maintain their own suppression lists, and provide any required notices to their contacts.

12. Data Governance & Accountability

  • Designated privacy lead/DPO reachable at privacy@dokai.ai
  • Vendor and data transfer assessments

  • Policies for classification, access, retention, and incident response

  • Regular review of this Policy and our data handling practices

13. Changes to this Policy

We may update this Policy periodically. If we make material changes, we will notify account owners via email or in‑product notice and update the "Last updated" date above. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

Double revenue per sales rep: empower your GTM team with an AI Sales Whisperer
Use Cases
Prospect Research
Marketing Inbound Leads
Disqualifying Accounts
Contact
LinkedIn
support@dokai.ai
Trust Center
©2025 RAII, Inc. All rights reserved.