Legal · v1 — DRAFT
Privacy Policy
Last updated: TODO — date set when lawyer signs off
[TODO] need filling in before sign-off.
1. About this policy
This policy explains how Doobles Ltd ("Doobles", "we", "us", "our") collects, uses, and protects personal data. It applies to:
- visitors to
doobles.ukand any subdomain; - users of the Doobles customer dashboard at
app.doobles.uk; - people whose contact details a Doobles customer has added to their account (e.g. members of a customer's staff who receive alerts);
- people who contact us by email or other means.
It is written for clarity in plain English. Where we use a technical term, we explain it the first time it appears.
Doobles Ltd is a company registered in England and Wales (company number [TODO]), registered office [TODO]. We are registered with the UK Information Commissioner's Office (ICO) under registration number [TODO].
2. The two roles we play
Under UK GDPR we act in two distinct roles depending on whose data we're handling. This matters because the role determines who's accountable.
As a data controller
For our own account holders, billing contacts, marketing recipients, security logs, and visitors to this website, Doobles is the data controller. We decide what data we collect about you, how we use it, and how long we keep it. The rest of this policy explains that processing.
As a data processor
When a Doobles customer (typically a business — a restaurant, café, pub, farm shop) adds members of their own staff to their account so they can receive alerts and access the dashboard, the customer is the data controller for that staff data. We process it on their behalf as a data processor under a Data Processing Addendum (DPA).
If you are a staff member who's been added to a customer's account and you have questions about that processing, please contact your employer in the first instance. We will assist where appropriate, but the employer is the controller of the data.
3. The personal data we collect
We collect the following categories of personal data:
| Category | Examples | Where it comes from |
|---|---|---|
| Account identifiers | Email address, first and last name, phone number, role on the account (owner / manager / staff) | Provided by the customer or user at sign-up; updated through the dashboard |
| Authentication data | Encrypted ("bcrypt-hashed") password, two-factor authentication secret if enabled, session tokens | Generated when you set or change your password |
| Communication preferences | Which notification channels you've enabled (email, SMS, WhatsApp, push), quiet hours, Pushover user key if you use Pushover | You configure these in your account settings |
| Notification history | Record of alerts sent to you: channel, recipient address, message subject and body, timestamp, delivery status | Generated by the platform when it sends you an alert |
| Acknowledgement notes | Free-text notes you add when acknowledging an alert (e.g. "called the engineer", "checked, all OK") | You type these into the dashboard or the deep-link response page |
| Account activity | Login timestamps; security-relevant events (password resets, account changes); IP address used for authentication (short-lived; not used for marketing) | Recorded automatically by the platform for security purposes |
| Aggregated visit logs | Hashed IP fingerprint (with a daily-rotated salt so the same visitor's hash changes day-to-day and can't be tracked across days), bucketed User-Agent class ("human" / "bot" / "unknown"), bucketed referrer class ("direct" / "search" / "social" / "other"), requested URL path, HTTP status, and optional utm_source from the URL. Raw User-Agent strings and raw referrer URLs are not stored. | Recorded automatically by our web server when you visit doobles.uk; aggregated hourly so we can see how busy the site is without tracking individuals |
| Billing contact | Business name, billing address, billing contact email (if different from account owner), VAT number if applicable | Provided during account setup or via the dashboard |
| Support correspondence | Emails you send us at hello@doobles.uk, support@doobles.uk, or privacy@doobles.uk | You send them to us |
Temperature readings, fridge identifiers, and other sensor data on your account are not personal data — they describe equipment, not people — and aren't covered by this policy.
4. Why we collect it (lawful bases)
Under UK GDPR we must have a "lawful basis" for every kind of processing. The bases we rely on are:
| Purpose | Lawful basis |
|---|---|
| Operating your account and providing the service (sending alerts, generating reports, displaying readings on the dashboard, supporting you) | Contract performance — we cannot deliver the service you've signed up for without this processing |
| Authenticating you when you log in, and recording security-relevant activity to detect and respond to unauthorised access | Legitimate interest — protecting your account and ours from compromise. We've assessed that this processing is necessary, proportionate, and doesn't override your rights |
| Sending you transactional emails about your account (e.g. password resets, security alerts, weekly compliance reports if enabled) | Contract performance |
| Sending you operational notifications when your fridges or freezers have a problem | Contract performance |
| Billing you for the service | Contract performance + legal obligation (we are required to keep accounting records under UK tax law) |
| Responding to support enquiries | Legitimate interest — helping you use the service we've sold you |
| Marketing communications (currently none — but if we ever send marketing emails, see Section 14) | Consent — we will only send you marketing if you've explicitly opted in |
| Improving the service (aggregated analysis of usage, never tied to identifiable individuals in any output) | Legitimate interest |
| Defending or pursuing legal claims, and complying with legal obligations to disclose data (e.g. a court order) | Legitimate interest + legal obligation |
We do not carry out automated decision-making or profiling that has legal or similarly significant effects on you.
5. Who we share it with
We never sell personal data. We share it with the following categories of recipient, only where necessary:
Sub-processors
Sub-processors are third parties we use to deliver parts of the service. Each is bound by an appropriate Data Processing Agreement with us, processes only what it needs to do its job, and is listed publicly so you can see exactly who handles your data and what for.
The current list is at doobles.uk/legal/sub-processors. We'll notify customers at least 30 days in advance of adding or replacing any sub-processor.
Other recipients
- Your colleagues on the same Doobles account — other users on your customer account can see acknowledgement notes you've added to alerts (this is the audit trail customers use for food-safety inspections).
- Professional advisers (accountants, lawyers) where strictly necessary and under appropriate confidentiality obligations.
- Authorities where we are legally required to disclose data (e.g. a valid court order, a regulatory request from the ICO, or HMRC).
- Successors in the event of a sale, merger, or business reorganisation. Any successor will be bound by privacy obligations no less strict than these.
6. International transfers
Doobles is based in the UK and our application servers are hosted in [TODO — confirm EU location]. Some of our sub-processors are based outside the UK and EEA — specifically in the United States and Australia. When personal data is transferred to those countries, we rely on the following safeguards:
- Australia (Fastmail) — the UK government has determined that Australia provides an adequate level of data protection for the purposes for which Fastmail processes data on our behalf. No additional safeguard is required.
- United States (Twilio, Pushover, rsync.net, GitHub) — we rely on the UK International Data Transfer Agreement (IDTA) and/or the EU Standard Contractual Clauses (SCCs) with the UK Addendum, both of which are recognised mechanisms for transferring personal data outside the UK.
You can request a copy of the safeguards in place for any specific transfer by emailing privacy@doobles.uk.
7. How long we keep it
We don't keep personal data longer than we need. The retention periods we apply are:
| What | How long |
|---|---|
| Account identifiers, communication preferences | For as long as your account is active, plus a reasonable closure period (typically 30 days) after termination |
| Authentication data (password hash, 2FA secret) | For as long as your account is active; deleted on account closure |
| Notification history, acknowledgement notes, alert records | Your customer's configured retention period (default 90 days); longer is available on request for compliance reasons |
| Account activity / security logs | Up to 12 months from the event, for security and audit purposes |
| Billing records, invoices | Seven years after the end of the financial year, as required by UK accounting and tax law |
| Support correspondence | Three years from the date of the last related interaction |
| Backups | Rolling daily backups retained for 30 days; monthly snapshots retained for 12 months. Deletion requests are honoured in the live system immediately and propagate to backups as they roll off |
8. Your rights
Under UK GDPR you have a number of rights in respect of your personal data. They apply to all of the personal data we hold about you as a controller.
- Right of access (Article 15) — ask for a copy of the personal data we hold about you.
- Right to rectification (Article 16) — ask us to correct inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Article 17) — ask us to delete your personal data, subject to limited exceptions (e.g. data we're legally required to retain).
- Right to restrict processing (Article 18) — ask us to pause processing while a question about it is being resolved.
- Right to data portability (Article 20) — ask for a copy of your data in a structured, commonly-used, machine-readable format (we provide JSON).
- Right to object (Article 21) — object to processing we carry out under "legitimate interest", and to direct marketing at any time.
- Right not to be subject to automated decision-making (Article 22) — Doobles does not carry out automated decision-making with legal or similarly significant effects on you, so this right is mostly informational.
- Right to withdraw consent — where we rely on consent (e.g. marketing emails), you can withdraw it at any time.
- Right to complain to the supervisory authority — see Section 16.
9. How to exercise your rights
For data we hold as a controller, email privacy@doobles.uk. Please include:
- your name and the email address registered on your account;
- which right you'd like to exercise;
- any specifics that'll help us find the relevant data.
We will respond within one month of receiving your request. If your request is particularly complex (or you've made several requests) we may extend the deadline by up to two further months and will tell you within the first month if so. There is no fee for a routine request; we reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests.
For data we process on a customer's behalf (as a processor), please contact your employer in the first instance. We will assist them in responding to your request.
10. What we store on your device
The customer dashboard at app.doobles.uk uses your browser's local storage (specifically localStorage) to hold a session token after you log in. This token keeps you signed in across page loads and tabs.
It is not a tracking cookie. We do not use third-party analytics cookies, advertising cookies, or any other cookie that tracks you across sites. The marketing website at doobles.uk sets no cookies.
You can clear the session token at any time by signing out of the dashboard or by clearing your browser's site data for app.doobles.uk.
11. How we keep it safe
We use the following technical and organisational measures:
- Encryption in transit — all traffic between you and Doobles is encrypted using HTTPS / TLS.
- Encryption at rest for backups — backups stored off-site are encrypted before leaving our servers.
- Strong password storage — passwords are hashed with bcrypt; we never store passwords in plain text and could not recover yours even if we wanted to.
- Per-customer isolation — the platform enforces strict separation of customer data at the database query layer, not just in the user interface.
- Access controls — only authorised Doobles staff can access production systems, and access is logged.
- Audit logging — sensitive operations (admin access to customer data, password resets, account changes) are logged with a timestamp and the actor.
- Patching — operating system and software dependencies are kept up to date with security patches.
- Periodic security review — we conduct an internal security review at least annually and engage an external audit periodically.
No system is perfectly secure. If something goes wrong, see Section 13.
12. Children's data
Doobles is a service for businesses and is not directed at children. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently done so, we will delete it.
13. Data breaches
If a personal data breach occurs that poses a risk to your rights and freedoms, we will:
- notify the ICO within 72 hours of becoming aware of it, as required by UK GDPR;
- notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms;
- document the breach, the assessment of its impact, and the steps taken to address it.
14. Marketing communications
We do not currently send marketing communications. If we ever do, it will be opt-in only (we will not assume consent), and you'll be able to unsubscribe with one click. We will not sell or share your contact details with third parties for their marketing purposes.
15. Changes to this policy
We may update this policy from time to time. Each version is preserved at a permanent URL (e.g. doobles.uk/legal/privacy-v1) so you can refer back to the version that was current when you signed up.
If we make a material change — for example, adding a new sub-processor, introducing a new processing purpose, or changing the legal basis for an existing one — we will notify you in advance (by email or in the dashboard) and, where required, ask you to re-accept the updated policy on next login.
16. Complaints
If you have a concern about how we handle your personal data, please contact us first at privacy@doobles.uk — most issues can be resolved quickly that way.
You also have the right to complain to the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
If you are based outside the UK, you can also complain to your local supervisory authority.
17. Contact
For any privacy-related question, email privacy@doobles.uk. We don't have a formal Data Protection Officer (we're too small to require one under UK GDPR), but privacy@doobles.uk reaches the person inside Doobles who's accountable for data protection.
For general questions about the service, hello@doobles.uk. For support, support@doobles.uk.
This policy was last updated on [TODO] and represents version v1.
For previous versions, contact privacy@doobles.uk.