Privacy Policy

Your privacy is important to us. It is DocJacket's policy to respect your privacy regarding any information we may collect from you across our website, https://www.docjacket.com, and other sites we own and operate.

At DocJacket, accessible from www.docjacket.com, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by DocJacket and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us at privacy@docjacket.com.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in DocJacket. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.

How we use your information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud

Data Protection and Security

We protect your data using industry-standard security measures:

Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption.

Access Controls: Access to your data is restricted to authorized personnel only, using role-based access controls and multi-factor authentication.

Cloud Infrastructure: When you connect external accounts, we access only the specific data you authorize. This data is:

  • Stored securely in enterprise-grade cloud data centers with geographic redundancy
  • Never shared with third parties without your consent
  • Deleted upon account termination or upon request

Data Retention: We retain your data only as long as necessary to provide our services. You can request deletion at any time.

Regular Audits: We conduct regular security audits and vulnerability assessments to maintain data protection standards.

Gramm-Leach-Bliley Act (GLBA) Disclosure

DocJacket may store and process nonpublic personal information (NPI) contained in real estate transaction documents on behalf of our customers, including transaction coordinators, brokers, title companies, and lenders. Because some of these customers are considered financial institutions under the Gramm-Leach-Bliley Act (GLBA), DocJacket maintains privacy and security practices consistent with the GLBA and its implementing regulations (16 C.F.R. Part 314).

Scope of Information

NPI may include names, addresses, contact information, property details, purchase and loan amounts, escrow or title information, and signatures contained in residential real estate contracts and closing documents.

Use and Disclosure

  • DocJacket uses NPI solely to provide our transaction management and automation services.
  • We do not sell, rent, or share NPI for marketing or unrelated purposes.
  • Access to NPI is restricted to authorized personnel and trusted service providers who require it to perform their job duties and are bound by confidentiality and security agreements.

Safeguards Program

To comply with the GLBA Safeguards Rule, DocJacket maintains a written Information Security Program (WISP) designed to:

  • Protect the security, confidentiality, and integrity of NPI
  • Identify and assess risks to customer data
  • Encrypt data in transit (TLS 1.3) and at rest (AES-256)
  • Restrict access using authentication, authorization, and logging controls
  • Regularly test and monitor our security measures
  • Require equivalent safeguards from our vendors and cloud providers

Our program includes:

  • Multi-factor authentication and role-based access controls
  • Continuous vulnerability scanning and annual penetration testing
  • Vendor oversight to ensure equivalent data protection standards
  • Incident response procedures and 24-hour breach notification to affected users

Customer Responsibility

DocJacket acts as a service provider under GLBA. Customers that qualify as financial institutions remain responsible for providing consumer privacy notices and ensuring their own GLBA compliance when using DocJacket.

Contact

If you have questions about our GLBA compliance or information security practices, contact us at: privacy@docjacket.com

Third-Party Services

DocJacket uses carefully vetted third-party service providers to help operate our platform, deliver features, and maintain enterprise-grade security. These providers may process limited personal information on our behalf, subject to strict contractual confidentiality and data-protection obligations.

We engage service providers for functions such as:

  • Payment processing for subscriptions and one-time purchases
  • Cloud hosting and storage for application data and document management
  • Email and SMS delivery for notifications and real-estate transaction updates
  • Analytics and performance monitoring to improve system reliability and user experience
  • Identity and access management to enable secure account authentication and sign-in options

All service providers are required to:

  • Maintain security and privacy standards consistent with applicable laws and industry frameworks, including the Gramm-Leach-Bliley Act (GLBA) and FTC Safeguards Rule (16 C.F.R. Part 314)
  • Process data only for the purpose of providing their contracted services to DocJacket
  • Implement encryption, access controls, and audit logging consistent with our security policies

DocJacket retains responsibility for ensuring that third-party providers handling customer data meet these obligations. We regularly review their security and compliance practices as part of our ongoing risk-management program.

Log Files

DocJacket follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, monitoring users movement on the website, and gathering demographic information.

Advertising Partners Privacy Policies

You may consult this list to find the Privacy Policy for each of the advertising partners of DocJacket.

Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on DocJacket, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that DocJacket has no access to or control over these cookies that are used by third-party advertisers.

Third Party Privacy Policies

DocJacket's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

  • Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
  • Request that a business delete any personal data about the consumer that a business has collected.
  • Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at privacy@docjacket.com.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access: You have the right to request copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at privacy@docjacket.com.

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

DocJacket does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately at privacy@docjacket.com and we will do our best efforts to promptly remove such information from our records.

External Account Integrations

DocJacket offers optional integrations with external accounts to enhance your workflow (such as email, calendar, and cloud storage providers). When you authorize these integrations:

  • We access only the specific data and permissions you explicitly authorize during the connection process
  • Data accessed through these integrations is used solely to provide our transaction coordination services
  • We implement industry-standard OAuth 2.0 authentication to securely connect to external services
  • You may revoke access to external accounts at any time through your account settings or the third-party provider's security controls
  • We do not share data from external integrations with other third parties except as required to provide our services

All data accessed through external integrations is subject to the same encryption, access control, and retention policies described in this Privacy Policy. You remain responsible for understanding and complying with the terms of service and privacy policies of any external accounts you connect to DocJacket.

Security Measures

Encryption:

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive documents

Access Controls:

  • Multi-factor authentication required
  • Role-based access control (RBAC)
  • Audit logs for all data access
  • Automatic session timeout after 30 minutes of inactivity

Security Audits:

  • Regular third-party security assessments
  • Annual penetration testing
  • Continuous vulnerability scanning
  • Security incident response plan tested quarterly

Incident Response:

  • 24-hour breach notification to affected users
  • Dedicated security response team
  • Data breach insurance coverage
  • Immediate revocation of compromised access

Data Retention:

  • Active transaction data: Retained during transaction (30-120 days)
  • Closed transaction data: Retained for 7 years per real estate regulations
  • Users can request deletion at any time
  • Automatic deletion after retention period expires

Data Sharing Practices

We do NOT:

  • Sell your data to third parties
  • Use your data for advertising purposes
  • Train AI/ML models on your data without explicit consent
  • Share data except as required for transaction processing or as permitted by law

We MAY share data with:

  • Transaction participants (real estate brokers, escrow/title companies) with your explicit permission or as required for transaction completion
  • Service providers who process data on our behalf under strict confidentiality obligations (see Third-Party Services section above)
  • Legal authorities when required by law, court order, or valid subpoena

All data sharing is logged and auditable to maintain transparency and accountability.

Data Subject Rights

You have the right to:

  • Access all data we have collected about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Export your data in machine-readable format (CSV, JSON)
  • Opt-out of marketing communications
  • Revoke Google API access at any time through your Google Account settings

To exercise these rights, contact us at privacy@docjacket.com. We will respond within 30 days.

Data Portability

Users can export their data at any time through:

  • Account Settings > Export Data
  • Requesting a full data export via email to privacy@docjacket.com
  • Using our API for programmatic data access

Exported data includes:

  • All transaction documents
  • Email communications
  • Calendar events
  • Contact information
  • Task lists and completion history

Data is provided in standard formats (PDF, CSV, JSON) for easy import into other systems.

Contact Information for Privacy Concerns

For privacy-related questions or concerns:

  • Email: privacy@docjacket.com
  • Phone: (407) 201-9147
  • Mail: DocJacket LLC, 8331 Choctaw Trail, Kissimmee, FL 34747

For Google API data access concerns specifically, email privacy@docjacket.com with subject line "Google API Data Request".

We will respond to all privacy inquiries within 5 business days.

Last updated: October 25, 2025