Privacy Policy
Last updated: 1 July 2026 · Tiny Tugboat (dockli.io)
Dockli (“we”, “us”, the “App”), operated by Tiny Tugboat, brings your Microsoft 365 files into Windows File Explorer. This policy explains what data the App and this website process, and why. We designed Dockli to keep your data inside your own Microsoft 365 tenant.
1. Our privacy-first architecture
Dockli acts on your behalf against Microsoft Graph, scoped strictly to the permissions your organization has granted and to files you can already access. Key points:
- Authentication uses Microsoft’s native Windows broker (MSAL / WAM). Your credentials never pass through Dockli.
- Access tokens are stored locally, encrypted at rest using the Windows Data Protection API (DPAPI).
- The local host binds to loopback (localhost) only and is not exposed to your network.
- Your file contents remain in Microsoft 365. Dockli does not copy your files to our servers.
2. Data we process
On this website
We collect standard server logs and privacy-friendly, aggregated analytics (page views, referrers). If you submit the “Book a demo” or contact form, we process the details you provide (name, work email, company, message) to respond to you.
In the Dockli app
- Account identifiers — your signed-in email and tenant id, to authenticate and license your seat.
- Diagnostic events — limited, non-content telemetry (e.g. feature usage, error reports) to keep the App reliable.
- AI features (Spark) — when you use Ask Dockli, the content you reference is processed to generate a response and is scoped to your permissions. It is not used to train foundation models.
3. Legal bases
We process data to perform our contract with you (providing the App), for our legitimate interests (securing and improving the service), and with your consent where required (e.g. optional analytics).
4. Sharing & sub-processors
We use Microsoft Azure for hosting and Microsoft Graph as the data source you connect to. Payment and provisioning through Azure Marketplace / AppSource are handled by Microsoft under their terms. We do not sell your personal data.
5. Retention
Diagnostic data is retained only as long as needed to operate and secure the service. Locally stored tokens are removed on sign-out or uninstall.
6. Your rights
Depending on your location (including GDPR and South Africa’s POPIA), you may have rights to access, correct, delete, or port your data, and to object to processing. Contact us to exercise these rights.
7. Contact
Questions or requests: support@dockli.io. See also our Terms of Use and EULA.