Privacy Policy

Your trust matters to us. When you use our services, you share some of your information, and we work hard to keep it safe while giving you control over how it’s used. This Privacy Policy helps you understand what we collect, why we collect it, and how you can manage your information.

This Privacy Policy applies to all services run by Dotzle Ltd, unless a service has its own privacy policy that replaces this one.

It doesn’t apply to:

  • Other companies’ data practices, even if they advertise with us; or
  • Products, websites, or services from other companies that include or link to Dotzle content.

This Policy will help explain:

  • what personal data we collect;
  • why we collect it;
  • how we use and share it;
  • your privacy rights; and
  • how to contact us or complain.

We are the data controller for personal data processed via our website, app, and connected services unless stated otherwise. If you wish to contact us regarding this privacy policy please email privacy@dotzle.com

Dotzle Ltd (“Dotzle”, “we”, “us”, “our”), is a company registered in England & Wales under company number 16592162, trading as Dotzle and Bank of Stuff. 

Data we collect

The type of information we collect depends on how you use Dotzle. We collect it in three main ways — directly from you, automatically through your use of our services, and from trusted third parties. This includes:

Information you provide to us

You provide this information when you create or update an account, contact us, make a payment, or interact with our services. This can include:

  • Name and contact details (e.g., email, phone number)
  • Account login details and preferences
  • Uploaded content such as photos, documents, or messages
  • Payment or billing details (if applicable)
  • Feedback, survey responses, or communication with support

Information we collect automatically

This is automatically collected when you use Dotzle’s website, app, or services. You can control cookies and tracking in your browser or device settings. This can include:

  • Device and browser information
  • IP address and general location data
  • Usage data (e.g., pages visited, features used, session duration)
  • Error logs and performance data
  • Cookies and similar tracking technologies

Information from third parties

This is collected from trusted partners and service providers who help operate or improve Dotzle’s services, always in line with this Privacy Policy. We may also receive limited data from open banking partners (when you link a bank account, with consent) and from analytics providers such as Google Analytics. This can include:

  • Analytics or usage data from service providers
  • Payment and transaction data from payment processors
  • Verification or fraud prevention data
  • Marketing or communication preferences (if you’ve opted in)

How we use your data

We use the information we collect to operate, improve, and protect our services, and to provide a better experience for our users. You can withdraw that permission at any time. The following explains how we use each type of data and the legal basis for doing so.

To provide and maintain our services

This is to enable performance of our contracts to ensure you and we are able to:

  • Creating and managing user accounts
  • Processing transactions and payments
  • Delivering requested features and content

To improve and personalise our services

This can enable us to do things like improve and optimise our service by

  • Understanding how people use Dotzle
  • Customising features, recommendations, and content
  • Developing new tools and improvements

To communicate with you

This would include:

  • Sending updates, service notifications, and support messages
  • Responding to your questions or feedback
  • Providing information about new features (with your consent)

To ensure security and prevent fraud

This is so we can protect our users and our platform by:

  • Protecting accounts and systems from unauthorised access
  • Detecting, investigating, and preventing fraudulent or abusive activity

To meet legal and regulatory obligations

This includes:

  • Complying with tax, accounting, and reporting requirements
  • Responding to lawful requests from regulators or authorities

For marketing and promotional purposes

Through your consent, this includes:

  • Sending newsletters, offers, or updates (where you’ve opted in)
  • Measuring campaign performance and engagement

For analytics and service improvement

  • Analysing usage trends and patterns
  • Testing new features and enhancing performance

How we share your data

We do not sell your personal information. We only share it when necessary to operate our services, comply with legal obligations, or protect Dotzle and our users. We ensure that all third parties who process personal information on our behalf comply with strict data protection and confidentiality standards. The following explains who we share data with and why.

Service providers and partners

This is to help us operate, improve, and deliver our services. These providers act on our behalf and follow our privacy and security requirements.  For example: cloud hosting, analytics, payment processors, customer support tools, and marketing service providers.

Legal and regulatory authorities

To comply with laws, regulations, or valid legal requests.  For example: Government authorities, law enforcement, tax regulators, or data protection agencies when legally required.

Business transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that process, but it will remain protected.  For example: transferring user accounts or service data to a new entity during corporate restructuring.

Protection of rights and safety

To protect Dotzle, our users, and the public from harm, fraud or illegal activity. For example: sharing information to detect and prevent security incidents or misuse of our services

With your consent

This includes when you give us permission to share your data for a specific purpose. For example: sharing data with third-party integrations, connected apps, or partners you have chosen to use

Your privacy rights

You have certain rights over your personal information, depending on where you live. These rights help you stay informed and in control of how your data is used. These include:

  • Access: You can request a copy of the personal information we hold about you.
  • Correction: You can ask us to correct or update any inaccurate or incomplete information.
  • Deletion: You can request that we delete your personal data, where applicable.
  • Restriction: You can ask us to limit how we use your information in certain situations.
  • Objection: You can object to the processing of your data when we rely on legitimate interests or direct marketing.
  • Data portability: You can ask to receive your personal data in a structured, commonly used format and transfer it to another service.
  • Withdraw consent: When processing is based on your consent, you can withdraw it at any time without affecting prior lawful processing.

If you make a request, we’ll respond within the time limits required by law.

To exercise your rights or ask any questions about how we handle your data, please contact us at privacy@dotzle.com.

If you’re in the EU or UK and believe we haven’t handled your request properly, you also have the right to lodge a complaint with your local data protection authority such as the Information Commissioners Office (ICO) in the UK.

Children’s privacy

Dotzle’s services are not designed for or directed at children under the age of 13 (or the relevant age of digital consent in your country). We do not knowingly collect personal information from children.

If we learn that we’ve collected personal data from a child without the proper consent from a parent or guardian, we’ll take steps to delete that information as soon as possible.

If you believe that a child has provided us with personal information, please contact us at privacy@dotzle.com so we can take the appropriate action.

Parents and guardians who use Dotzle with or on behalf of a child are encouraged to review this Privacy Policy and help children understand how their information is handled online.

International transfers

Dotzle may store, process, or access your information in countries other than where you live. This can happen, for example, when we use cloud hosting or service providers that operate internationally.

Some of these countries may have different data protection laws from your own. When we transfer your personal data to another country, we take steps to make sure it remains protected. This includes using approved legal safeguards such as Standard Contractual Clauses (SCCs) or relying on countries that the European Commission or UK authorities have recognised as providing adequate data protection.

We always handle your information in line with this Privacy Policy, no matter where it’s processed. If you’d like more information about the safeguards we use, you can contact us at privacy@dotzle.com.

Retention

We store data for different periods based on what it is, how it’s used, and your personal settings. When you delete something, we take steps to make sure it’s safely removed from our systems or kept only in anonymised form. To protect your information from being lost or deleted by mistake, we’ve built in safeguards — which means there might be a short delay before deleted data disappears from all backups. Just so that you know:

  • You can delete certain data whenever you want — like your personal info, uploaded content (photos), or activity stored in your account.
  • Some data, like your service usage history, stays in our system until you delete your Dotzle Account.
  • In some cases, we keep data longer when it’s needed for valid business or legal reasons — for example, to protect security, prevent fraud or misuse, or meet financial record-keeping requirements.

Security

At Dotzle, we take the security of your personal information seriously. We implement technical and organizational measures designed to protect your data from unauthorized access, disclosure, alteration, or destruction.

Our security practices include:

  • Encryption: We use encryption in transit and at rest to help keep your data secure.
  • Access controls: Only authorized employees and contractors who need access to your data for legitimate business purposes can do so, under strict confidentiality obligations.
  • Network and system protection: We maintain firewalls, intrusion detection systems, and regular vulnerability testing to prevent unauthorized access.
  • Data minimisation: We collect and store only the data necessary to provide our services and delete it when it is no longer required.
  • Employee training: Our team receives ongoing training on data protection and information security best practices.
  • Incident response: We maintain procedures to detect, respond to, and mitigate any data breaches promptly, in compliance with applicable laws.

While we take all reasonable measures to protect your information, no system or method of data transmission over the internet is completely secure. Therefore, we cannot guarantee absolute security, but we are committed to continuously improving our safeguards to protect your information.

If we ever experience a security breach that affects your personal information, we will notify you and relevant authorities as required by law.

Changes

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy practices. We won’t limit your rights without your consent.

Whenever we make changes, we’ll post the updated version on this page and update the “Last Updated” date at the top of the Policy.

If we make significant updates, we’ll provide a clear notice — for example, by email or through our app or website — so you can review the changes before they take effect.

We encourage you to check this page occasionally to stay informed about how we protect your information.