D
Docky

Privacy Policy

Last updated: 3 March 2025

This Privacy Policy explains how Doodang Labs Limited (“we”, “us” or “our”) collects, uses, shares and protects personal data when you use the Docky services, including the website at dockyapp.com, our applications, integrations and related offerings (collectively, the “Service”). We act as a controller of personal data when we determine the purposes and means of processing, and as a processor when we process data on behalf of our business customers. We are registered in England and Wales under company number 16754326.

1. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account and contact data: name, email address, organisation name, role, authentication details, billing contacts and communication preferences.
  • Workspace data: information you or your organisation provides while using the Service (for example, team member directories or meeting metadata). The content of calls is not recorded by default unless expressly enabled by you.
  • Usage data: device identifiers, IP address, browser type, operating system, access times, pages viewed, the features you use, crash reports and diagnostic logs.
  • Marketing data: preferences you share with us, feedback, survey responses and event participation details.
  • Payment data: limited billing details administered via our payment processors (we do not store full card information on our systems).

2. How We Use Personal Data

We use personal data for the following purposes and legal bases:

  • To provide and maintain the Service (performance of a contract) including account creation, workspace administration, authentication, and responding to user requests.
  • To improve and secure the Service (legitimate interests) by analysing usage, troubleshooting issues, developing new features and preventing abuse.
  • To communicate with you (performance of a contract and legitimate interests) about product updates, security alerts, support requests and administrative messages. Marketing emails are sent on the basis of consent or soft opt-in rules, and you can opt out at any time.
  • To comply with legal obligations such as tax, accounting, anti-fraud and regulatory requirements.
  • To protect our rights (legitimate interests) in relation to legal claims, compliance, or investigations.

3. Sharing Personal Data

We share personal data only with:

  • authorised employees, contractors and group companies who need the information to operate the Service and who are bound by confidentiality obligations;
  • service providers that support our operations (for example, hosting providers, analytics, customer support, communications, and payment processors) under written contracts that require appropriate safeguards;
  • integration partners you choose to connect with (for example, Slack) in accordance with your instructions;
  • professional advisers (such as lawyers, auditors and insurers) when necessary for the establishment, exercise or defence of legal claims; and
  • regulators, law enforcement or other third parties when we are legally obliged to do so or it is necessary to protect vital interests.

We do not sell personal data.

4. International Transfers

Our primary infrastructure is located in the United Kingdom and European Union. Where we transfer personal data outside the UK or European Economic Area, we ensure an adequate level of protection through one of the following: (i) an adequacy regulation issued by the UK Government or European Commission; (ii) UK or EU standard contractual clauses; or (iii) any other safeguards permitted by applicable law. You may request a copy of the relevant transfer mechanism by contacting us.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, comply with legal obligations, resolve disputes and enforce our agreements. Workspace content is retained in accordance with the settings chosen by your organisation administrator. After your subscription ends we will delete or anonymise personal data within 90 days unless we are required to keep it for longer.

6. Your Rights

Under UK data protection law you have the right to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data where it is no longer necessary;
  • object to or request restriction of processing in certain circumstances;
  • withdraw consent at any time where processing is based on consent; and
  • data portability, by receiving a copy of your data in a structured, machine-readable format.

To exercise your rights, email us at privacy@dockyapp.com. We will respond within one month. If you are dissatisfied with our response you may lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).

7. Security

We implement administrative, technical and organisational measures designed to protect personal data against unauthorised access, accidental loss, destruction or damage. These include encryption in transit, role-based access controls, logging, and regular security testing. No system is completely secure, and if we believe your data has been affected by a breach we will notify you in accordance with applicable law.

8. Children

The Service is not directed at individuals under 18 years of age and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@dockyapp.com and we will delete the information.

9. Cookies and Similar Technologies

We use cookies, pixels and similar technologies to provide core functionality (such as keeping you signed in and remembering your preferences), to understand how people use the Service, and to tailor communications. Essential cookies are always active. Analytics and marketing cookies will only run with your consent, which we request via the cookie banner on your first visit. You can change or withdraw your consent at any time through the cookie preferences link in the banner or by adjusting your browser settings. You can also block or delete cookies using your browser controls, but this may affect how the Service functions.

10. Data Processor Activities

When we act as a processor handling personal data on behalf of a customer, we process that data only in accordance with the customer’s instructions and our Data Processing Addendum. Customers remain responsible for ensuring they have the necessary lawful basis to share personal data with us and for providing notice to their users.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and, where appropriate, notify you by email or in-app message. Please review this Policy periodically. Your continued use of the Service after the effective date of any changes indicates your acceptance of the revised Policy.

12. Contacting Us

If you have questions about this Privacy Policy or how we process personal data, please contact our Data Protection Officer at privacy@dockyapp.com or write to Doodang Labs Limited, registered office as listed on Companies House. If you need to reach customer support, email support@dockyapp.com.