Security overview

Last updated: June 30, 2026

MarkDocket is operated by MarkDocket, Inc., a subsidiary of Q6 Technology Holdings, Inc.. Security is a core part of how we design and run the Service. This page summarizes the administrative, technical, and physical safeguards we use to protect your information, and how to reach us if you believe you have found a security issue. This overview is informational and complements, but does not replace, our Privacy Policy and Terms of Service.

1. Infrastructure and hosting

The Service is hosted on cloud infrastructure providers that maintain recognized security and compliance certifications. Production environments are isolated from development and testing, and access to production systems is restricted and logged. We rely on our providers’ physical and environmental controls for the data centers that host the Service.

2. Encryption

Data in transit between your device and the Service is encrypted using TLS. Credentials and other sensitive secrets are encrypted at rest using industry-standard algorithms and never stored in plaintext. Backups, where used, are also encrypted.

3. Access controls

Access to systems and customer data is granted on a least-privilege, need-to-know basis and is reviewed regularly. Internal access requires unique accounts with multi-factor authentication. Administrative actions are logged and monitored. We do not grant standing access to customer User Content except where strictly necessary to operate, support, or secure the Service.

4. Authentication and account security

User authentication is handled through a dedicated authentication provider that supports secure session management. We encourage users to enable multi-factor authentication where available, to use strong, unique passwords, and to protect their account credentials. You are responsible for keeping your credentials confidential; see our Terms of Service for more on account responsibility.

5. Sub-processors and vendors

We engage a limited set of sub-processors to help run the Service — for hosting, authentication, payment processing, email delivery, analytics, and AI capabilities. Vendors are evaluated for security before engagement and placed under appropriate contractual obligations to protect data. We configure and contract with our AI providers to limit training on your data where the provider offers that control.

6. Payment security

Payment processing is handled by our payment processor. We do not store full card numbers on our servers. Card data is handled by the processor in accordance with the PCI DSS standard.

7. Monitoring and incident response

We monitor the Service for anomalies, abuse, and potential security events, and we maintain an incident response process. If a security incident affects you, we will notify you as required by applicable law. We continuously work to improve our controls as the threat landscape evolves.

8. Data retention and deletion

We retain personal information only as long as needed to provide the Service and to meet legal, billing, security, and audit obligations. You can request deletion of your account and personal information as described in our Privacy Policy, subject to legal retention requirements.

9. Responsible disclosure

If you believe you have discovered a security vulnerability in MarkDocket, please report it responsibly to security@markdocket.com. We ask that you avoid accessing, modifying, or deleting data that does not belong to you, and that you give us a reasonable opportunity to investigate and remediate before any public disclosure. We appreciate responsible reports and will acknowledge them as promptly as we can.

10. Contact

For security questions or concerns, contact us at security@markdocket.com. For all other questions, contact hello@markdocket.com.

This security overview is provided for informational purposes and does not create any separate contractual commitment beyond our Terms of Service. No system is completely secure, and we cannot guarantee absolute security.