Legal

Privacy Policy

Last updated: March 26, 2026

Overview

Doki Code (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Doki Code desktop application and related services.

Local-First Architecture

Doki Code is designed as a local-first application. Your workspaces, code, terminal history, and browsing sessions are stored entirely on your machine. We do not have access to the contents of your workspaces or local files. All workspace data is persisted locally and never transmitted to our servers.

Information We Collect

We collect the following categories of information:

  • Account information — When you sign in via Google or GitHub, we receive and store your display name, email address, and profile image URL from your OAuth provider.
  • Session data — We record your IP address, user agent, and session tokens to authenticate requests and protect your account. Sessions expire after 30 days of inactivity.
  • Device information — When you connect the desktop application to your account, we store a machine identifier, device name, operating system, CPU architecture, and application version. You may register up to 10 devices per account.
  • OAuth tokens — We securely store access tokens and refresh tokens issued by your OAuth provider to maintain your sign-in session. These tokens are stored server-side and are never exposed to the client.
  • Crash reports — Diagnostic information when the application encounters errors, including stack traces and system information. You can opt out of crash reporting in settings.
  • Update checks — The application periodically contacts our servers to check for updates, transmitting your current version and platform.

How We Use Your Information

  • To authenticate you and manage your account across devices
  • To provide, maintain, and improve the application
  • To deliver software updates and security patches
  • To detect and prevent unauthorized access or abuse
  • To respond to support requests

Third-Party Services

Doki Code integrates with third-party services in two ways:

  • Authentication providers — We use Google and GitHub OAuth to sign you in. During authentication, these providers share your name, email, and profile image with us.
  • AI providers — When you use AI features, your prompts and relevant workspace context are transmitted directly from your machine to providers such as Anthropic and OpenAI. We do not relay or store this data on our servers.

Each third-party service processes your data according to their own privacy policies. We encourage you to review those policies.

Browser Session Isolation

Each workspace runs its own isolated browser session with a separate Chromium partition. Cookies, localStorage, and login sessions are sandboxed per workspace and never shared between them. This data is stored locally on your machine.

Data Security

We implement industry-standard security measures to protect any information we collect. All local data remains on your device and is never transmitted to our servers unless explicitly described above. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Rights

You have the right to:

  • Request deletion of your account and all associated server-side data
  • Remove registered devices from your account at any time
  • Opt out of crash reporting in application settings
  • Revoke OAuth access via your Google or GitHub account settings
  • Delete all local data at any time — it lives on your machine and is fully under your control

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date.

Contact

If you have questions about this Privacy Policy, please reach out at privacy@doki.code.