← Home

Privacy Policy

Effective as of and last updated on May 7, 2026

Welcome to DockItFlo.com, together with any other websites or applications branded as DockItFlo (the “Website”), our other applications and tools, and the DockItFlo subscription service for automated court docket monitoring (collectively, the “Services”), operated by Creative Logic, LLC, dba DockitFlo (“DockItFlo”, “we”, “our”, “us”). We respect your privacy rights and the confidentiality obligations that attach to the work of legal professionals. This Privacy Policy describes the information we collect, how we use it, how we protect it, and the choices you and your firm have with respect to it.

This Privacy Policy applies, without limitation, to any individual or entity that (i) uses the Services, (ii) creates an account or is added as a user under a firm subscription, or (iii) otherwise provides any personal, firm, financial, or other information to us. It is incorporated into our Terms of Use by reference.

Your continued use of the Services constitutes your continued acceptance of this Privacy Policy, which may change from time to time. By using or accessing the Services, you confirm that you have received this Policy and that you agree to the use of your information as explained in this Policy. If you do not agree, please do not use the Services.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, OR TO ANY CHANGES WE MAY SUBSEQUENTLY MAKE TO THIS PRIVACY POLICY, YOU MUST IMMEDIATELY STOP USING THE SERVICES OR OTHERWISE PROVIDING ANY INFORMATION TO US.

The Services may contain links to other websites and may integrate with third-party services such as PACER, federal and state ECF systems, calendar providers, payment processors, and AI model providers. This Privacy Policy does not apply to information collected on, by, or through any third-party websites or services. We are not responsible for the privacy practices of such third parties. You should review their privacy policies to understand their practices.

Our Role: Controller and Processor

DockItFlo plays two distinct privacy roles depending on the data involved.

Controller.With respect to the personal information of firm administrators, attorneys, and authorized users that we collect to register, operate, secure, and bill for the Services (for example, the name and email of the person who creates the firm's workspace), DockItFlo acts as a data controller and is responsible for that information under this Privacy Policy.

Processor.With respect to the documents, ECF notices, calendar entries, source filings, and related case content that your firm uploads to or generates within the Services (collectively, “Customer Content”), DockItFlo acts as a data processor on behalf of your firm. Your firm is the controller of that Customer Content and is responsible for ensuring it has the legal authority to provide that content to us. Our processing of Customer Content is governed by this Privacy Policy, the Terms of Use, and any applicable Data Processing Addendum or order form between your firm and DockItFlo. In the event of a conflict, the Data Processing Addendum controls with respect to Customer Content.

Information We Collect

Account and firm information

  • Names, professional email addresses, telephone numbers, firm or organization name, role, bar number where provided, username, password, and similar identifiers;
  • Billing contact information, including billing address and tax-related information;
  • Information you provide in any onboarding form, support request, or written communication with us.

Customer Content

  • ECF notices, court filings, scheduling orders, and related PDFs and email content that your firm forwards to or has routed to its DockItFlo intake address;
  • Calendar entries, deadlines, case identifiers, party and judge names, attorney assignments, and review-queue actions generated within the Services, and calendar events that DockItFlo creates, reads, updates, or deletes on third-party calendars (such as Google Calendar and Microsoft Outlook Calendar) on your behalf when you connect those accounts to the Services as described in the Third-Party Calendar Integrations section;
  • Edits, corrections, comments, and other feedback signals provided by users in the course of confirming or modifying extracted dates.

Payment information

  • Credit or debit card and other billing information is necessary to process subscription fees. Payment card details are collected and processed by our third-party payment processor and are not stored on our servers. We also accept ACH and Check payments as well.

Technical and usage information

  • IP address, browser type, internet service provider, referring/exit pages, operating system, device identifiers, date/time stamps, and clickstream data;
  • Information about your interactions with the Services, such as which features are used, how often, and the outcomes of review-queue items;
  • Server log data, error reports, and security-event data automatically collected by our infrastructure.

Communications

  • The date, time, and content of messages sent between you and us, including support tickets, demo requests, and email correspondence.

How We Collect Information

We collect information in the following ways:

  • When you create an account, request a demo, or are added as a user under a firm subscription;
  • When ECF notices, court filings, and related documents are forwarded to or routed to your firm's DockItFlo intake address by your firm or by court systems on your firm's behalf;
  • When users interact with the Services to review, edit, confirm, or modify extracted deadlines and calendar entries;
  • When you contact us to request service, provide feedback, or submit a support request;
  • Through cookies, server log analysis, and similar technologies described below;
  • Through our third-party service providers, including authentication, payment, analytics, and infrastructure providers.

Cookies and Similar Technologies

A cookie is a small text file that is stored on a user's device for record-keeping purposes. We use both session cookies (which expire when the browser is closed) and persistent cookies (which remain on the device for a longer period) to authenticate users, maintain session state, remember preferences, secure the Services, and analyze how the Services are used. You can control or remove cookies by following the directions provided in your browser's help file. If you reject cookies, you may still use the Services, but some features may not function correctly.

We use server logs and analytics tools to gather anonymous and aggregated information about traffic and feature usage. This information is used to administer the Services, monitor performance, troubleshoot issues, and improve product quality.

We do not use third-party advertising cookies or pixels for cross-site behavioral advertising on the Services.

How We Use Information

We use the information we collect to:

  • Provide, operate, secure, and improve the Services, including extracting deadlines from ECF notices, routing items to the review queue, and synchronizing confirmed events to user calendars;
  • Authenticate users, manage accounts, process subscription payments, and provide customer support;
  • Communicate with you about the Services, including service announcements, security notices, billing communications, and product updates;
  • Diagnose and fix technical issues, monitor performance, and protect against fraud, abuse, and security threats;
  • Comply with legal obligations, respond to lawful requests, and enforce our agreements;
  • Improve the accuracy, reliability, and quality of the Services and their underlying machine learning components, subject to the limits in the AI Training and Model Improvement section below.

We may also use your contact information to send you administrative messages, such as service or reminder notices, billing notifications, and customer surveys. You may not opt out of these transactional communications while you remain a customer of the Services.

Marketing communications. We may send marketing communications to firm administrators and other users about new features, related products, and other DockItFlo offerings. You may opt out of marketing communications at any time using the unsubscribe link in any marketing email or by contacting us at the email address listed below. Opting out of marketing does not opt you out of transactional communications.

AI Training and Model Improvement

DockItFlo uses machine learning components to extract deadlines from ECF notices and related documents. We are committed to using your data responsibly and in a manner consistent with the confidentiality and privilege obligations that govern the practice of law.

WE WILL NOT USE THE SUBSTANTIVE CONTENT OF CUSTOMER CONTENT, INCLUDING THE TEXT OF CLIENT DOCUMENTS, COURT FILINGS, OR PRIVILEGED COMMUNICATIONS, TO TRAIN ANY GENERAL-PURPOSE OR FOUNDATION AI MODEL.

This exclusion applies equally to data we access from third-party services on your behalf, including data accessed through the Google Calendar API and the Microsoft Graph API. The substantive content of calendar events, attendee lists, descriptions, and attached materials accessed through those APIs will not be used to train, fine-tune, or otherwise develop any general-purpose or foundation AI model.

We may use corrections, edits, and feedback signals provided by reviewers (for example, when a reviewer corrects an extracted date or flags a misclassified deadline) in aggregated and de-identified form to improve the accuracy and reliability of the extraction logic and review workflow within the Services. Where we use third-party AI model providers to power any extraction or classification feature, we contractually require those providers to refrain from using your data to train their general-purpose or foundation models, and we configure those services to disable any default training behavior where such a setting is available.

A current list of AI model providers and other material subprocessors is maintained on the website and is described in the Subprocessors section below.

Third-Party Calendar Integrations

DockItFlo integrates with third-party calendar providers so that deadlines and events extracted from ECF notices can be synchronized to the calendars your firm and its attorneys already use. This section describes, in detail, the data we access through those integrations, how we use it, and the limits we place on ourselves.

Google Calendar (Google User Data)

When you connect your Google account to DockItFlo, we use Google APIs to access and manage events on the calendar(s) you authorize. We request the following Google API scope:

  • https://www.googleapis.com/auth/calendar.events — to create and update events that DockItFlo writes to the calendar(s) you authorize. We do not request the broader calendar scope, and we do not read events that DockItFlo did not create.

We use Google user data solely to:

  1. Create calendar events corresponding to deadlines, hearings, conferences, and other dates extracted from ECF notices that your firm has authorized us to process;
  2. Update or remove those events when subsequent ECF notices indicate continuances, resets, cancellations, or other changes;
  3. Display the connection status, connected account, and event-creation history of your calendar integration within the Services so you can manage and audit it.

DockItFlo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • Limited use. We use Google user data only to provide and improve the user-facing features described above. We do not use Google user data for any other purpose.
  • No transfer. We do not transfer Google user data to third parties except (i) as necessary to provide or improve the user-facing features described above (for example, to our cloud infrastructure providers acting as our subprocessors under written agreements), (ii) to comply with applicable law or valid legal process, or (iii) as part of a merger, acquisition, or sale of assets, with notice to affected users where required.
  • No advertising. We do not use Google user data for serving advertisements, including but not limited to retargeting, personalized, or interest-based advertising.
  • No human access. We do not allow humans to read Google user data unless (i) we have your affirmative consent for specific cases, (ii) it is necessary for security purposes (such as investigating abuse or a security incident), (iii) it is necessary to comply with applicable law, or (iv) the data has been aggregated and anonymized and is used for internal operations.
  • No model training. We do not use the substantive content of Google user data, including the content of calendar events accessed through Google APIs, to train, fine-tune, or otherwise develop any general-purpose or foundation AI model. The exclusions described in the AI Training and Model Improvement section above apply equally to Google user data.

You can revoke DockItFlo's access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing DockItFlo. Revocation will stop future synchronization. Calendar events that DockItFlo previously created on your calendar will remain on your calendar after revocation; you may delete them manually if desired. You may also disconnect your Google account from within the Services, which has the same effect.

Microsoft Outlook Calendar (Microsoft Graph data)

When you connect your Microsoft work, school, or personal account to DockItFlo, we use Microsoft Graph APIs to access and manage events on the calendar(s) you authorize. We request the following Microsoft Graph permissions:

  • Calendars.ReadWrite (delegated) — to create and update events that DockItFlo writes to the calendar(s) you authorize. Microsoft Graph does not offer a narrower events-only scope equivalent to Google's calendar.events.
  • offline_access (delegated) — to maintain access to your calendar between sessions so background synchronization can continue when you are not actively using the Services.

We use Microsoft Graph data solely to:

  1. Create calendar events corresponding to deadlines, hearings, conferences, and other dates extracted from ECF notices that your firm has authorized us to process;
  2. Update or remove those events when subsequent ECF notices indicate continuances, resets, cancellations, or other changes;
  3. Display the connection status, connected account, and event-creation history of your calendar integration within the Services so you can manage and audit it.

We apply to Microsoft Graph data the same limits we apply to Google user data:

  • We use Microsoft Graph data only to provide and improve the user-facing features described above.
  • We do not transfer Microsoft Graph data to third parties except as necessary to provide those features, to comply with law, or in connection with a business transfer.
  • We do not use Microsoft Graph data for advertising of any kind.
  • We do not allow humans to read Microsoft Graph data except with your consent, for security purposes, to comply with law, or in aggregated and anonymized form for internal operations.
  • We do not use the substantive content of Microsoft Graph data to train, fine-tune, or otherwise develop any general-purpose or foundation AI model.

You can revoke DockItFlo's access to your Microsoft account at any time by visiting https://myaccount.microsoft.com/ (for personal accounts) or by contacting your Microsoft 365 administrator (for work or school accounts), or by disconnecting the integration from within the Services. Revocation will stop future synchronization. Calendar events that DockItFlo previously created on your calendar will remain on your calendar after revocation; you may delete them manually if desired.

Tokens and credentials

To maintain a connection between DockItFlo and your Google or Microsoft calendar, we store the OAuth access tokens and refresh tokens that the calendar provider issues to us on your behalf. These tokens grant DockItFlo the ability to call the Calendar API on your behalf within the scopes you authorized, and only those scopes. Tokens are encrypted at rest and are accessible only to the DockItFlo systems that perform calendar synchronization. We do not store your Google or Microsoft account password.

Admin consent for organizations

If you are connecting a Microsoft work or school account or a Google Workspace account, your organization's IT administrator may need to grant tenant-wide consent to DockItFlo before individual users can connect. In that case, the administrator's consent applies to all users in the organization who subsequently connect their accounts, subject to the limits described above. Administrators can revoke that consent at any time through the Microsoft Entra admin center, the Google Workspace admin console, or by contacting DockItFlo.

How We Share Information

We share information only as described in this Privacy Policy. The categories of recipients are:

  • Your firm. Customer Content, calendar events, review-queue items, and account activity may be visible to other authorized users and administrators of your firm's workspace, in accordance with the access controls configured by your firm.
  • Service providers and subprocessors. We share information with vendors who help us operate the Services, including cloud hosting, authentication, payment processing, email delivery, analytics, customer support, and AI model providers. These providers are bound by contractual obligations of confidentiality and may only use the information to provide services to us. Note that Google LLC and Microsoft Corporation are not subprocessors of DockItFlo when you connect your Google or Microsoft account; in those cases, you are using their services directly under your own agreement with them, and DockItFlo is acting as a client of their APIs on your behalf within the scopes you authorize.
  • Legal and safety. We may share information when we believe in good faith that disclosure is necessary to comply with a law, regulation, court order, subpoena, or other valid legal process, or to protect the rights, property, or safety of DockItFlo, our customers, or others. Where legally permissible, we will provide notice to the affected firm before disclosing Customer Content in response to legal process.
  • Business transfers. If all or part of our business is merged, sold, reorganized, or otherwise transferred, information about you may be shared with the successor entity. We will use reasonable measures to ensure that any successor treats your information in accordance with this Privacy Policy or provides equivalent protections.

We do not sell personal information for monetary consideration, and we do not share personal information with third parties for cross-context behavioral advertising purposes, as those terms are defined under applicable U.S. state privacy laws.

Subprocessors

DockItFlo engages a limited set of subprocessors to operate the Services, including providers of cloud hosting and storage, database services, authentication, email delivery, payment processing, analytics, customer support, and AI model inference. We require subprocessors to provide a level of security and confidentiality consistent with this Privacy Policy and any applicable Data Processing Addendum, and we limit their access to the information they need to perform their services.

A current list of material subprocessors is available on request and, where required, is published on the Website. We will provide reasonable advance notice of changes to material subprocessors to firms with an executed Data Processing Addendum, in the manner specified by that addendum.

Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect the information we hold against unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption of data in transit and at rest, access controls, audit logging, and environmental controls at our infrastructure providers.

No method of transmission over the Internet or method of electronic storage is fully secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials, configuring access controls within your firm's workspace, and notifying us promptly of any suspected unauthorized access.

Security Incident Notification

If we determine that a security incident has resulted in the unauthorized access, acquisition, disclosure, or loss of personal information that we hold, we will notify affected firms without undue delay, in accordance with applicable law and any executed Data Processing Addendum. Notice will include, where known, a description of the incident, the categories of information involved, and the measures we are taking in response.

Data Retention

We retain account information for as long as your firm maintains an active subscription with us, and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, enforce our agreements, and maintain backups and audit logs.

Customer Content is retained for the duration of the firm's subscription. Following termination or expiration of a subscription, Customer Content is retained for a limited grace period during which the firm may export its data, after which Customer Content is deleted from production systems in accordance with the Data Processing Addendum or, in the absence of one, our standard data deletion practices. Backups are retained on a rolling basis and are subject to overwrite in the ordinary course.

Specific retention periods for individual data categories are available on request.

Your Privacy Rights

Depending on where you reside, you may have the following rights with respect to your personal information:

  • Access. You may request confirmation of whether we process your personal information, and a copy of that information.
  • Correction. You may request that we correct inaccurate or incomplete personal information.
  • Deletion. You may request that we delete your personal information, subject to legal exceptions.
  • Portability. You may request a portable copy of certain personal information you have provided to us.
  • Objection or restriction. You may object to or request restriction of certain processing.
  • Opt out of marketing. You may opt out of marketing communications at any time.
  • Non-discrimination. We will not discriminate against you for exercising your rights.
  • Customer Content rights. Where the relevant personal information is contained in Customer Content for which your firm is the controller, please direct your request to your firm. We will assist your firm in responding to such requests as required by the Data Processing Addendum or applicable law.

California, Colorado, Connecticut, Virginia, and similar U.S. state privacy laws. If you are a resident of a U.S. state with a comprehensive privacy law, you may have additional rights under that law, including the rights described above and the right to appeal a denial of a privacy request. To exercise any of these rights, contact us using the information below.

GDPR and UK GDPR. If you are located in the European Economic Area, the United Kingdom, or Switzerland and we act as the controller of your personal information, you may have additional rights under applicable data protection law, including the right to lodge a complaint with your local supervisory authority.

No Information Collected from Children

The Services are intended for use by adult legal professionals and are not directed to children. We do not knowingly collect personal information from children under the age of 13, and no part of the Services is designed to attract anyone under the age of 13. If we learn that we have collected personal information from a child under 13, we will take reasonable steps to delete it.

International Users

Our business, servers, and offices are headquartered in the United States. Information you provide to us, or that we obtain as a result of your use of the Services, may be processed and transferred to, and be subject to the laws of, the United States. The privacy and data protection laws in the United States may not be equivalent to those in your country of residence. By using the Services or providing us with your information, you consent to the collection, transfer, storage, and processing of information in and to the United States. Where required by applicable law, we will implement appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

Account Deactivation and Data Export

If you wish to deactivate your individual user account or have your firm's subscription terminated, please contact your firm administrator or contact us at support@dockitflo.com. Before termination takes effect, your firm should export any data it wishes to retain using the export functionality provided in the Services. After the applicable retention or grace period, Customer Content will be deleted from production systems as described in the Data Retention section.

Business Transfers

In the event that all or part of our business is merged, sold, reorganized, or otherwise transferred, personal information about you and your firm may be shared with the successor entity. We will use reasonable measures to ensure that any successor treats your information in accordance with this Privacy Policy or provides equivalent protections, and we will provide notice to affected firms where required by law or contract.

Contact Us

If you have questions about this Privacy Policy, or if you wish to exercise any of the rights described above, you can contact us by email at support@dockitflo.com.

You may also contact us at our mailing address, which is listed on the contact page of the Website.

Updates to this Privacy Policy

Any changes made to this Privacy Policy will be shown at the top of this page as the Effective Date. For material changes that affect how we use or disclose personal information, we will provide additional notice as required by applicable law, which may include email notice to firm administrators.

REMINDER: YOUR CONTINUED USE OF THE SERVICES CONSTITUTES YOUR CONTINUED ACCEPTANCE OF THIS POLICY. BY USING OR ACCESSING THE SERVICES, YOU CONFIRM THAT YOU HAVE RECEIVED THIS PRIVACY POLICY AND THAT YOU AGREE TO THE USE OF YOUR INFORMATION AS EXPLAINED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE SERVICES.