Privacy Policy

1. Introduction

DispatchKit.app ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our event routing platform and related services ("Service").

This policy applies to all users of DispatchKit.app worldwide and complies with the UK General Data Protection Regulation (UK GDPR), EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws.

2. Data Controller Information

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Name and email address
• Organization details (if applicable)
• Account preferences and settings
• Authentication credentials (securely hashed)

3.2 Event Data

Through your use of our API and webhook services, we process:

• Event payloads sent via HTTP requests
• Webhook URLs and routing configurations
• Integration settings and channel configurations
• Event metadata (timestamps, delivery status, retry attempts)

3.3 Technical Information

We automatically collect:

• IP addresses and device information
• Browser type and version
• Operating system information
• Usage patterns and analytics data
• Log files and error reports
• Performance metrics

3.4 Third-Party Integration Data

When you connect third-party services:

• OAuth tokens and authorization credentials (encrypted)
• Channel identifiers (Slack workspace IDs, Discord server IDs, etc.)
• Integration configuration data
• Delivery confirmation data from external services

3.5 Communication Data

• Support ticket communications
• Email correspondence
• Feedback and survey responses

4. Legal Basis for Processing

We process your personal data under the following legal bases:

4.1 Contractual Necessity

• Providing our event routing services
• Managing your account and subscriptions
• Processing payments and billing

4.2 Legitimate Interests

• Improving our services and user experience
• Security monitoring and fraud prevention
• Analytics and performance optimization
• Customer support and communication

4.3 Consent

• Marketing communications (where required)
• Optional analytics and tracking
• Third-party integrations requiring explicit consent

4.4 Legal Obligation

• Compliance with applicable laws
• Responding to legal requests
• Tax and accounting requirements

5. How We Use Your Information

5.1 Service Provision

• Route events to your configured notification channels
• Manage webhook endpoints and API access
• Provide real-time event delivery and status updates
• Maintain integration connections with third-party services

5.2 Account Management

• Create and maintain user accounts
• Process subscription payments and billing
• Provide customer support and technical assistance
• Send service-related notifications and updates

5.3 Service Improvement

• Analyze usage patterns to improve functionality
• Monitor system performance and reliability
• Develop new features and integrations
• Conduct security assessments and improvements

5.4 Communication

• Send important service announcements
• Provide technical support and assistance
• Marketing communications (with consent)
• Legal and compliance notifications

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share data with:

• Cloud hosting providers (for infrastructure)
• Payment processors (for billing)
• Analytics services (aggregated data only)
• Email service providers (for communications)

6.2 Integration Partners

When you configure integrations:

• Slack: Event data routed to your configured channels
• Discord: Event data sent to your Discord servers
• Other platforms: As configured in your integration settings

6.3 Legal Requirements

We may disclose data when required by:

• Court orders or legal processes
• Law enforcement requests
• Regulatory compliance obligations
• Protection of our rights and safety

6.4 Business Transfers

In case of merger, acquisition, or asset sale, your data may be transferred to the acquiring entity with appropriate protections.

7. International Data Transfers

7.1 Transfer Mechanisms

We may transfer data outside the UK/EEA using:

• Adequacy decisions by relevant authorities
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Your explicit consent for specific transfers

7.2 Safeguards

All international transfers include appropriate safeguards to protect your data and ensure equivalent protection standards.

8. Data Retention

8.1 Account Data

• Retained while your account remains active
• Deleted within 30 days of account closure (unless legal requirements apply)

8.2 Event Data

• Retained according to your subscription plan (typically 30-365 days)
• Automatically deleted after retention period expires
• May be retained longer for legal or security purposes

8.3 Log and Technical Data

• Retained for up to 12 months for security and performance monitoring
• Aggregated analytics data may be retained indefinitely (anonymized)

8.4 Legal Requirements

• Some data may be retained longer to comply with legal obligations
• Tax and accounting records retained as required by law

9. Your Rights (GDPR)

9.7 Withdrawal of Consent

• Withdraw consent for processing at any time
• Does not affect previous processing based on consent

10. Exercising Your Rights

11. Data Security

11.1 Technical Measures

• Encryption in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Secure backup and recovery procedures

11.2 Organizational Measures

• Staff training on data protection
• Privacy by design principles
• Regular policy reviews and updates
• Incident response procedures

11.3 Third-Party Security

• Due diligence on service providers
• Contractual security requirements
• Regular security reviews and audits

12. Data Breach Notification

12.1 Our Obligations

• Report breaches to supervisory authorities within 72 hours
• Notify affected individuals when required
• Document all breaches and response measures

12.2 Your Notification

We will inform you of breaches that may result in high risk to your rights and freedoms, including:

• Nature of the breach
• Likely consequences
• Measures taken to address the breach
• Steps you can take to protect yourself

13. Cookies and Tracking

13.1 Essential Cookies

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance

13.2 Analytics Cookies

• Usage statistics and performance monitoring
• Feature usage analysis
• Error tracking and debugging

13.3 Preference Cookies

• Remember your settings and preferences
• Personalization features
• Language and regional settings

13.4 Cookie Management

• Configure cookie preferences in your browser
• Opt-out of non-essential cookies
• Clear cookies at any time

14. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately and may terminate the associated account.

15. Regional Compliance

15.1 EU/EEA Users

• Full GDPR compliance and rights
• Supervisory authority: relevant national authority
• Legal basis clearly defined for all processing

15.2 UK Users

• UK GDPR compliance
• Supervisory authority: Information Commissioner's Office (ICO)
• Additional UK-specific rights where applicable

15.3 Other Jurisdictions

• Compliance with applicable local privacy laws
• Additional rights where granted by local legislation

16. Automated Decision Making

16.1 Current Use

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects.

16.2 Future Use

Any implementation of automated decision-making will:

• Provide clear notification to affected users
• Offer human intervention options
• Allow users to challenge decisions
• Comply with applicable regulations

17. Privacy by Design

We implement privacy by design principles:

• Data protection from the outset
• Privacy as the default setting
• Privacy embedded into design
• Full functionality with privacy protection
• End-to-end security
• Visibility and transparency
• Respect for user privacy

18. Updates to This Policy

18.1 Notification of Changes

• Significant changes will be notified via email
• Minor updates posted on our website
• Continued use constitutes acceptance of changes

18.2 Review Schedule

• Regular reviews to ensure continued compliance
• Updates following regulatory changes
• User feedback incorporation

19. Complaints and Enforcement

19.1 Internal Complaints

Contact us first to resolve privacy concerns:

• Email: [email protected]
• Data Protection Officer: [email protected]

19.2 Supervisory Authorities

You have the right to lodge complaints with:

• UK Users: Information Commissioner's Office (ICO)
• EU Users: Your national data protection authority
• Other Jurisdictions: Relevant privacy regulatory body

20. Contact Information