Docker is a developer platform and container registry provider, reviewed for account, image, usage, telemetry, sharing, retention, and controls.
65
Mixed
65
Mixed
Docker is mostly operational rather than ad-driven, but public images, org roles, and web tracking still matter.
Docker's stronger area is direct user and organization control over repositories, members, and account-level settings.
The main privacy risk is not model training but what becomes visible through public images, shared organizations, and Docker's web-level tracking stack.
60
Mixed
The reviewed policy does not offer a simple no-AI-training commitment for all service, usage, or account data.
Docker still collects activity, feature usage, and product-version data that can support service improvement.
70
Mixed
45
Weak
65
Mixed
75
Good
Latest Finding
Open: docker.com1. AI Use
The reviewed policy does not offer a simple no-AI-training commitment for all service, usage, or account data.
2. Vendors
Docker still collects activity, feature usage, and product-version data that can support service improvement.
3. AI Use
Docker's reviewed policy focuses on service, activity, feature-usage, and product-version data instead of saying all repository content is default training data.
4. Controls
Organization and repository controls can limit how much sensitive content is exposed before optional services or integrations are enabled.
5. Exceptions
Docker says it does not engage in profiling or automated decisions with legal or similarly significant effects.
Founded
Unknown
Founder
Unknown
Parent Company
Docker
Lifecycle
Active
Category
Developer Platforms & Infra
CEO
Unknown
Security Team
In house
Date Added
05-18-2026
Once you delete a chat, you cannot recover it. Deleting a chat removes it both from your visible chat history and the system after the retention window.
Docker's reviewed policy focuses on service, activity, feature-usage, and product-version data instead of saying all repository content is default training data.
Organization and repository controls can limit how much sensitive content is exposed before optional services or integrations are enabled.
Docker says it does not engage in profiling or automated decisions with legal or similarly significant effects.
70
Mixed
Docker allows disclosure to service providers, subprocessors, affiliates, legal recipients, and customer organizations.
Repository visibility and image content are still customer-managed, so mispublished images or weak org settings can expose more than intended.
Docker publishes privacy, DPA, subprocessor, and privacy-rights materials for customer review.
Organization admins can govern repository visibility, organization membership, and token access.
Private repositories and managed organizations offer stronger sharing boundaries than public registries and unmanaged personal use.
45
Weak
Docker collects IP addresses, device identifiers, browser and device data, and service activity information.
The policy allows analytics, advertising, and similar vendor involvement around Docker's websites and services.
Docker says it does not engage in profiling or automated decisions with legal or similarly significant effects.
Privacy request and preference paths are documented in the policy.
Private organizations and repositories reduce public visibility even when service telemetry still exists.
65
Mixed
Docker says retention depends on service use, account state, legal requirements, and customer-controller context.
Customer organizations can keep copies of repository, membership, or operational data outside a single user's direct control.
Docker documents privacy request and preference paths rather than offering only informal support channels.
Organization governance can narrow long-term exposure by deactivating members, rotating tokens, and managing repository access.
Private registries and managed account contexts give teams more control over data lifecycle than fully public publishing flows.
75
Good
Admins can manage organizations, repositories, access tokens, and visibility settings.
Docker provides privacy request and preference paths for personal data handling.
Private repositories let teams keep images and metadata off the public internet by default.
Organization-level governance gives managed deployments more structure than unmanaged personal use.
Sensitive information baked into images or published in public repositories is still largely the user's responsibility.
Customer-controller and organization contexts can leave end users with less direct self-serve control than admins.
80
Good
