Privacy Policy — DOCKEX Fleet Data Protection

1. Introduction

DOCKEX LLC ("DOCKEX," "we," "our," or "us") operates a software platform that automates fleet compliance for commercial carriers — IRP and IFTA filings, IRS Form 2290, UCR, MCS-150, driver qualification files, document management, and compliance tracking ("the Service").

This Privacy Policy explains what information we collect when you visit dockex.io or use the platform at app.dockex.io, how we use and protect it, and the choices you have. By creating an account or using the Service, you agree to the practices described here.

Two roles, one policy. For most data — your account, your company, your visits to our website — DOCKEX decides how and why the data is processed, and this policy describes that directly. For driver data that a fleet (our customer) enters about its drivers, DOCKEX processes the data as a service provider on the customer's behalf and at its direction. Section 2.5 and Section 7 explain what that means for drivers.

This policy applies to dockex.io, app.dockex.io, and all associated subdomains and applications.

2. Information We Collect

2.1 Account Information

When you register for a DOCKEX account, we collect the information necessary to create and manage your account, including:

Full name and email address
Password (stored only as a cryptographic hash — we never store your plain-text password)
Account role and access permissions

2.2 Business Information

Because DOCKEX prepares government filings, we collect the business identifiers those filings require:

Company or legal business name
USDOT number and Motor Carrier (MC) number, where applicable
Employer Identification Number (EIN)
Business mailing and physical addresses
Power-of-attorney and filing-authorization documents you sign

2.3 Vehicle and Fleet Data

To manage your fleet and generate accurate filings, we collect data about the vehicles in your fleet, including:

Vehicle Identification Numbers (VINs), license plates, and issuing jurisdictions
Vehicle weight class, axle configuration, and fuel type
Registration expiration dates and renewal history
Mileage records by jurisdiction (for IFTA reporting) and fuel purchase records

2.4 Vehicle Location Data (Connected Telematics)

If you connect a telematics provider (Samsara, Motive, or Geotab), we import data from that provider under the access you grant during the connection flow. This can include vehicle location data — GPS positions, routes, and jurisdiction crossings — along with odometer readings and engine data, which we use to compute jurisdiction mileage for IFTA and IRP. What we store from the connection:

OAuth access tokens for the provider account you connect (encrypted at rest; never shown to other users)
Vehicle location and mileage data attributable to your fleet's vehicles

Vehicle location data can reveal information about the drivers operating those vehicles. You (the fleet) are responsible for any notice to or consent from your drivers that your jurisdiction requires for location tracking — the telematics device is yours, the provider relationship is yours, and DOCKEX imports only what you authorize. You can disconnect an integration at any time, which stops future imports.

2.5 Driver Data (Entered by Your Employer)

Fleets use DOCKEX to maintain driver qualification files. The fleet — the driver's employer or prospective employer — enters or uploads this data, and DOCKEX processes it as the fleet's service provider, on its documented instructions. Categories can include:

Driver name, contact details, date of birth, and license (CDL) number, class, and endorsements
Medical examiner's certificates and expiration dates
Motor vehicle records (MVRs)
Drug and alcohol testing program records and FMCSA Drug & Alcohol Clearinghouse query results
Employment history and other DOT-required qualification documents

Much of this data is regulated: DOT/FMCSA rules (49 CFR Parts 40, 382, 391) govern who may see it, how long it's kept, and how it may be used, and MVRs are consumer reports governed by the FCRA. DOCKEX uses driver data only to provide the Service to the employer — we do not use it for our own purposes, sell it, or share it except as the employer directs or the law requires.

If you are a driver: your employer controls this data. Direct access, correction, or deletion requests to your employer; we'll support them in honoring valid requests. Drivers of California-based fleets have rights under the CPRA, and those requests run through the employer as the business, with DOCKEX acting as service provider.

2.6 Documents

Files you upload — titles, registration certificates, cab cards, permits, proof of insurance, medical certificates, MVRs, and similar — are stored encrypted in access-controlled AWS S3 storage and retrieved only via expiring signed URLs.

2.7 Payment Information

All payment processing is handled entirely by Stripe, Inc., a PCI DSS Level 1 certified payment processor. DOCKEX does not collect, store, or have access to your full credit card number, CVV, or bank account details. We receive from Stripe only a tokenized reference, the last four digits of your card, card brand, and billing postal code for display purposes. For details on how Stripe handles your payment data, please review Stripe's Privacy Policy at stripe.com/privacy.

2.8 Usage and Technical Data

We automatically collect certain technical and behavioral information when you access our website or platform, including:

IP address and approximate geographic location derived from IP
Browser type, version, operating system, and device identifiers
Pages visited, features used, actions taken, and timestamps
Referring URLs, session duration, and frequency of use
Error and crash diagnostics (via Sentry — see Section 9)

2.9 Communications

If you contact us by email or through support channels, we retain the content of your messages, your email address, and any attachments you provide to respond to your inquiry and maintain a record of our communication.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Account management, compliance tracking, driver qualification files, document storage, and every platform feature.
Preparing and submitting filings: Preparing IRP, IFTA, Form 2290, UCR, and MCS-150 filings and, where you have authorized us, submitting them to the relevant agencies. This inherently requires sharing your business and fleet data with those agencies — it is the core function of the Service.
Computing jurisdiction mileage: Processing telematics and location data you have connected to calculate IFTA and IRP mileage.
Billing and Payments: Subscription charges, filing fees, commissions, and invoices via Stripe.
Customer Support: Responding to your questions and troubleshooting issues.
Platform Improvement: Analyzing usage patterns and diagnosing errors (Google Analytics 4 in aggregate, Sentry for errors).
Security and Fraud Prevention: Detecting unauthorized access and abuse, including bot protection on public forms (Cloudflare Turnstile).
Legal Compliance: Complying with applicable laws, regulations, legal processes, and governmental requests.
Communications: Transactional email via Postmark (filing confirmations, renewal and deadline reminders, account alerts) and, with your consent, product updates. You may opt out of non-essential communications at any time.

We do not sell personal information, and we do not use customer fleet or driver data for advertising.

4. How We Share Your Information

DOCKEX does not sell, rent, or trade your personal information. We share it only in the circumstances described below.

4.1 Government Agencies and Filing Channels (At Your Direction)

The core of the Service is submitting filings you direct: IRP and IFTA filings to state agencies (for Oklahoma carriers, the Oklahoma Corporation Commission and Service Oklahoma), Form 2290 to the IRS via IRS-authorized e-file providers, UCR via the national UCR portal, and MCS-150 to FMCSA. Your business identifiers, fleet data, and filing details transmit to these bodies as a direct function of the service you engaged us to perform, at your direction.

4.2 Service Providers (Subprocessors)

We use a small set of providers who process data on our behalf under written agreements that restrict their use of your data to the services they provide to us. The current list — also in the table in Section 9:

Amazon Web Services — cloud hosting and encrypted document storage
Stripe — payment processing
Cloudflare — CDN, DNS, and Turnstile bot protection (proxies website traffic)
Google Analytics 4 — website and product analytics
Sentry — error and crash monitoring
Postmark — transactional email delivery

We will update this list when it changes (see Section 11).

4.3 Telematics Providers (At Your Direction)

When you connect Samsara, Motive, or Geotab, data flows from that provider to DOCKEX under your authorization. We do not send your DOCKEX data to telematics providers beyond what the connection handshake requires.

4.4 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of DOCKEX, our users, or the public.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or a portion of DOCKEX's assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information.

4.6 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service, then per this schedule:

Category	Retention
Account and business data	Life of the account plus the 12-month read-only window below
Fleet, mileage, fuel, and filing records	Minimum four (4) years from the filing date — aligned to IFTA audit and IRP record-retention requirements. Keep your own copies too.
Copies of submitted filings and authorizations (POAs)	At least four (4) years; longer where the filing type requires it
Driver qualification records	Retained per your (the employer's) instructions and DOT minimums; deleted on your instruction subject to legal holds. Drug and alcohol records follow 49 CFR Part 382 retention periods.
Financial and billing records	Minimum seven (7) years per tax law
Usage and technical logs	Up to twelve (12) months
Demo sandbox data	Deleted at sandbox expiry (~24 hours), unless you convert the sandbox to a real account

The read-only promise. When your subscription or trial ends, your account converts to read-only and your data stays exportable for at least twelve (12) months. After that window we may delete it following thirty (30) days' email notice — except records we are legally required to keep (above). You can request earlier deletion any time at contact@dockex.io, subject to the same legal carve-outs. This matches Section 9.5 of our Terms of Service.

6. Security

We take the security of your data seriously and implement industry-standard technical and organizational safeguards to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption of data in transit using TLS (Transport Layer Security)
Encryption of data at rest within our storage infrastructure
Cryptographic hashing of all user passwords (passwords are never stored in plain text)
Role-based access controls limiting access to customer data
Document storage in access-controlled, encrypted AWS S3 buckets, served via expiring signed URLs
Authentication via httpOnly, secure session cookies — tokens are never placed in URLs or browser storage
Telematics OAuth tokens encrypted at rest
Continuous error monitoring (Sentry) and bot protection on public endpoints (Cloudflare Turnstile)
Regular review of security practices and access permissions

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at contact@dockex.io.

7. Your Rights

Depending on your state of residence you may have specific legal rights, and DOCKEX honors the following for all account holders regardless of jurisdiction:

Access

Request a copy of the personal information we hold about you, including the categories of information collected, the purposes for which it is used, and the third parties with whom it has been shared.

Correction

Request correction of inaccurate or incomplete personal information. Most account and fleet data can be corrected directly within the DOCKEX platform.

Deletion

Request deletion of your personal information, which we honor subject to the legal retention obligations described in Section 5. Deletion of your account data will end your ability to use the Service.

Portability / Export

Export your data in standard formats at any time, including during the post-termination read-only window described in Section 5.

No Sale, No Opt-Out Needed

We do not sell personal information or share it for cross-context behavioral advertising. No opt-out is necessary.

Non-Discrimination

Exercising your privacy rights will not result in denial of service, different pricing, or a different level of quality of the Service.

California Residents (CCPA/CPRA)

California residents have the rights to know, access, correct, delete, and port personal information; to opt out of sale or sharing (we do neither); to limit use of sensitive personal information (we use sensitive data — like driver's license numbers — only to provide the Service); and to non-discrimination. Submit requests using the contact information in Section 12; we do not require account creation to submit a request, and you may use an authorized agent.

Colorado, Virginia, Texas, and Other State-Law Residents

If your state's privacy law applies to you (e.g., Colorado Privacy Act, Virginia CDPA, Texas DPSA), you have substantially similar access, correction, deletion, and portability rights, plus the right to appeal a refusal — reply to our decision email and a different reviewer will take a second look.

Drivers

If your employer manages your records in DOCKEX, your privacy rights run through your employer — they control the data; we are their service provider. Send requests to your employer; we support them in honoring valid requests. If you contact us directly, we will refer the request to your employer and tell you we did.

To exercise any of these rights, please contact us at contact@dockex.io. We will acknowledge your request within 48 hours and substantively respond within forty-five (45) days (extendable once by 45 days where the law allows, with notice). We may require additional information to verify your identity before processing your request.

8. Cookies and Tracking Technologies

DOCKEX uses cookies and similar technologies to operate and improve the Service. A cookie is a small text file stored on your device by your browser.

Essential Cookies

Required for the platform to function — authenticated sessions (httpOnly, secure cookies), login state, and security, including Cloudflare's bot-protection cookies. You cannot opt out of essential cookies without ceasing use of the Service.

Analytics Cookies — Google Analytics 4

We use Google Analytics 4 (GA4) to understand how visitors use dockex.io and the platform — pages visited, features used, and where people hit friction — in aggregate. GA4 sets cookies and collects device and usage data governed by Google's privacy policy at policies.google.com/privacy. To opt out, install Google's browser opt-out add-on at tools.google.com/dlpage/gaoptout, or use your browser's cookie controls.

Error Monitoring — Sentry

Sentry captures crash and error context (which can include IP address and browser metadata) so we can fix bugs. It is not used for advertising.

Managing Cookies

Most browsers allow you to control cookies through their settings. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, disabling essential cookies will prevent you from using authenticated features of the DOCKEX platform.

We do not use third-party advertising cookies and do not respond to "Do Not Track" signals beyond the practices already described.

9. Third-Party Services & Subprocessors

These providers help us deliver the Service. Each operates under its own privacy policy; for the six subprocessors below, written agreements restrict their use of your data to providing services to us.

Provider	Purpose	Privacy Policy
Amazon Web Services	Cloud hosting; encrypted document and data storage	aws.amazon.com/privacy
Stripe, Inc.	Payment processing	stripe.com/privacy
Cloudflare, Inc.	CDN, DNS, Turnstile bot protection	cloudflare.com/privacypolicy
Google (Analytics 4)	Website and product analytics	policies.google.com/privacy
Functional Software, Inc. (Sentry)	Error and crash monitoring	sentry.io/privacy
ActiveCampaign (Postmark)	Transactional email delivery	activecampaign.com/legal/privacy-policy

Connected at your direction (not subprocessors):

Provider	Purpose	Privacy Policy
Samsara / Motive / Geotab	Telematics data you connect (vehicle location, mileage)	Per provider
Government agencies & IRS-authorized e-file providers	Filing submission you authorize	Per agency/provider

The DOCKEX website may also contain links to third-party websites. This Privacy Policy does not apply to those external sites, and we encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

DOCKEX is a business-to-business SaaS platform intended solely for use by commercial fleet operators, businesses, and their authorized employees or agents. The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors.

If you believe that a minor has provided us with personal information, please contact us immediately at contact@dockex.io and we will take prompt steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes, we will:

Update the "Effective Date" at the top of this page
Send an email notification to the address associated with your account, if the changes materially affect your rights or how we use your data
Display a prominent notice within the DOCKEX platform for a reasonable period following the update

Material changes to the subprocessor list in Section 9 count as changes we will notify account holders about by email.

Your continued use of the Service after the effective date of any updated policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically to stay informed of how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

DOCKEX LLC

12220 N MacArthur Blvd Ste F #50

Oklahoma City, OK 73162

Email: contact@dockex.io

We acknowledge privacy inquiries within 48 hours and respond substantively within the timelines described in Section 7.

This Privacy Policy is governed by and construed in accordance with the laws of the State of Oklahoma, without regard to its conflict of law provisions. Any dispute arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in Oklahoma County, Oklahoma.