Privacy Policy

Last updated: March 22, 2026

What Dock Is

Dock is an AI assistant that lives in Telegram and helps you manage email, calendar, GitHub, Notion, crypto wallets, and health data. It also provides a companion web app (“The Harbor”) for account management, integrations, and recipe automation.

Information We Collect

Account information: When you connect via Telegram, we store your Telegram user ID, first name, and username. No phone number or password is collected.

Integration tokens: When you connect services (Google, GitHub, Notion, Oura, WHOOP, MoonPay), we store encrypted OAuth access tokens and refresh tokens. These are used solely to make API calls on your behalf. All tokens are encrypted at rest using AES-256-GCM.

Messages: Your conversation history with the Dock bot is stored to maintain context across sessions. Messages are associated with your user ID and are not shared with other users.

Health data: If you connect Oura Ring or WHOOP, we access sleep, readiness/recovery, activity, and heart rate data through their APIs. This data is fetched on demand and not stored persistently — it is retrieved each time the agent needs it.

Recipes and automation: Recipes you create (including instructions, trigger configurations, and run history) are stored in our database.

Wallet information: If you connect a MoonPay wallet, your wallet address and chain preference are stored. Private keys are never stored by Dock — signing happens through the OpenWallet Standard (OWS) client you control.

How We Use Your Information

We use your information to:

  • Execute the actions you request (send emails, create events, check balances, etc.)
  • Run automated recipes on the schedules and triggers you configure
  • Maintain conversation context so the assistant remembers previous interactions
  • Learn your communication preferences to personalize responses
  • Process payments for paid recipes via the x402 protocol

Third-Party Services

Dock integrates with the following third-party services. Each has its own privacy policy:

  • Google (Gmail, Calendar) — for email and calendar management
  • GitHub — for repository, issue, and PR management
  • Notion — for page and database management
  • Oura — for sleep, readiness, and activity data
  • WHOOP — for recovery, strain, and heart rate data
  • MoonPay / OpenWallet — for crypto wallet operations
  • OpenAI — for AI language model processing
  • Telegram — for bot messaging
  • Supabase — for data storage
  • Vercel — for hosting

Your messages are sent to OpenAI for processing. We do not use your data to train AI models.

Data Security

All OAuth tokens are encrypted using AES-256-GCM before storage. Sessions use httpOnly cookies with 7-day expiration. Magic sign-in links use HMAC-SHA256 signatures with 15-minute TTL. We do not store passwords — authentication is handled through Telegram.

Data Retention

Your data is retained for as long as your account is active. Conversation history is automatically summarized after 50 messages to manage storage. You can delete your entire account and all associated data at any time from Settings > Danger Zone.

Your Rights

You can:

  • Disconnect any integration at any time (removes stored tokens)
  • Delete your entire account and all data from Settings
  • Request a copy of your data by contacting us

x402 Payments

When using paid recipes or x402 services, payments are processed on-chain (USDC on Base, Ethereum, or Solana). Transaction hashes are stored for record-keeping. Dock does not hold or custody any funds — all transactions are initiated through your connected wallet.

Children

Dock is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children.

Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

Questions about this policy? Reach out via Telegram at @heydeckhandbot.