Security at DocJacket

How we protect your data

All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. Our servers are located in the United States. Backups run automatically every day with 35-day retention and geo-redundant storage across multiple locations.

If something goes wrong, we can restore your data to any point within the past month.

What we don't do

• We don't sell your data.
• We don't share it with third parties.
• We don't use your data to train AI models.
• We don't access your account without your permission. If we need to troubleshoot something, we'll ask you to share what's needed.

Data isolation

Each organization's data is separated at the database level. Agents only see transactions they're assigned to. Your data is never mixed with another brokerage's.

Email integrations

DocJacket connects to Gmail and Outlook to organize transaction-related emails. We only access what you authorize, and you can disconnect at any time. We don't log into your email account, scrape data, or do anything behind your back.

Payments

All billing is handled by a PCI DSS Level 1 certified payment provider. We never see or store your credit card number.

Compliance

DocJacket supports WORM-compliant document storage per California Code of Regulations § 2729. Transaction documents are stored on immutable, non-erasable storage and retained for the required period. Built on enterprise-grade immutable cloud storage.

Infrastructure

DocJacket runs on enterprise-grade cloud infrastructure in the United States, maintained by a provider that holds SOC 2 Type II, ISO 27001, and 90+ compliance certifications. Those are our infrastructure provider's certifications — we mention them so you know the environment your data lives in, not to claim them as our own.

Authentication & access

Multi-factor authentication is available for all accounts. Access is role-based — team members only see what they need to see.

What we're working toward

We're a bootstrapped company and we're honest about where we are. We don't have a dedicated security team or 24/7 monitoring staff. What we do have is a founder who built the entire stack, understands every layer of it, and takes data protection seriously.

As DocJacket grows, so will our security infrastructure. We'd rather tell you what's real today than make promises we haven't earned yet.

What happens to your data if you cancel?

Before canceling, you can export all of your data directly from your account. Your account stays active through the end of your billing period. After cancellation, we retain your data for 30 days so you can reactivate if you change your mind. After that, it's permanently deleted.

Your data is yours — we don't keep it after you leave.

Something wrong? Found a vulnerability?

Email casey@docjacket.com directly. No ticket system. No wait. If you've found a security issue, we take it seriously and will respond promptly.