Policies, Statements and Terms

This document forms part of the agreement between Dovetailed Technology Ltd ("Dovetech") and the applicable customer, merchant, or authorised user. It should be read together with any applicable order form, service schedule, app listing, plan page, and other incorporated legal documents.

Privacy Policy

v2.0
Effective as of: 07/03/2026

This Privacy Policy explains how Dovetailed Technology Ltd ("Dovetech", "we", "us", or "our") collects, uses, shares, and otherwise processes personal data in connection with:

  • our websites, including dovetech.com and any related subdomains or pages;
  • our products and services, including direct-billed services and platform-billed app services;
  • our communications with customers, merchants, prospects, suppliers, and other business contacts; and
  • our support, sales, onboarding, operational, and compliance activities.

This Privacy Policy also explains your rights in relation to your personal data.

1. Who We Are

Dovetailed Technology Ltd
71-75 Shelton Street
London, Greater London
United Kingdom
WC2H 9JQ

If you have questions about this Privacy Policy or wish to exercise your rights, you can contact us at:

compliance@dovetech.com

2. Scope of this Privacy Policy

2.1 This Privacy Policy applies where Dovetech acts as a controller of personal data, including when we process personal data relating to:

a. website visitors;
b. marketing contacts and prospective customers;
c. customer and merchant account holders, users, and business contacts;
d. support contacts and operational contacts;
e. supplier and partner contacts; and
f. individuals who communicate with us directly.

2.2 In some cases, Dovetech may process personal data on behalf of a customer or merchant in connection with a service we provide. In those cases, Dovetech may act as a processor or service provider, and the relevant customer or merchant is responsible for that processing and for providing any required privacy information to the relevant individuals.

2.3 If you are an end customer of one of our customers or merchants, and your personal data is processed by Dovetech solely on that customer's or merchant's behalf, you should refer to that customer's or merchant's privacy notice first.

3. The Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

3.1 Information you provide directly

This may include:

  • name;
  • work email address;
  • company name;
  • job title;
  • billing and contact details;
  • account registration details;
  • support requests and correspondence;
  • onboarding information;
  • commercial and contractual information; and
  • any other information you choose to provide to us.

3.2 Information we collect automatically

When you use our websites, apps, or services, we may collect technical and usage information such as:

  • IP address;
  • browser type and version;
  • device type and operating system;
  • approximate location derived from IP address;
  • pages viewed and interactions;
  • referring and exit pages;
  • date and time of access;
  • log data;
  • diagnostic data;
  • cookie or similar technology identifiers; and
  • service usage, operational, and performance data.

3.3 Information from third parties

We may receive personal data from:

  • payment service providers;
  • analytics providers;
  • customer relationship management tools;
  • advertising and marketing platforms;
  • identity or authentication providers;
  • ecommerce or app platforms;
  • public sources such as company websites or professional networks; and
  • customers or merchants who authorise us to access information in connection with a service.

3.4 Shopify and app-related information

Where we provide a Shopify-distributed app or related integration, we may receive personal data and related information from Shopify, connected systems, and merchant configurations, including:

  • merchant account and store details;
  • app installation and subscription details;
  • support and billing contacts;
  • operational logs;
  • app configuration data; and
  • data made available through approved platform permissions, scopes, APIs, or webhooks.

Where such data relates to a merchant's customers, Dovetech may act either as controller or processor depending on the relevant processing activity and the applicable service setup.

4. How We Use Personal Data

We may use personal data for the following purposes:

  • providing, operating, maintaining, securing, and improving our websites, apps, products, and services;
  • creating and managing accounts;
  • processing subscriptions, orders, billing, renewals, and related commercial administration;
  • onboarding customers and merchants;
  • responding to enquiries, support requests, and other communications;
  • sending service-related messages such as technical notices, administrative messages, security updates, product changes, and support communications;
  • managing our business relationships with customers, merchants, prospects, suppliers, and partners;
  • monitoring usage, performance, security, and operational health;
  • investigating fraud, misuse, unlawful activity, or security incidents;
  • carrying out analytics, reporting, service planning, and product improvement;
  • sending marketing communications where permitted by law;
  • complying with legal, regulatory, contractual, and platform-related obligations; and
  • establishing, exercising, or defending legal claims.

5. Lawful Bases for Processing

Where UK data protection law applies and Dovetech acts as a controller, we rely on one or more of the following lawful bases, depending on the purpose of the processing:

5.1 Contract

We process personal data where necessary to enter into or perform a contract with you or your organisation, or to take steps at your request before entering into such a contract.

5.2 Legitimate interests

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. This may include:

  • operating and improving our websites, products, and services;
  • securing our systems and services;
  • managing customer, merchant, and business relationships;
  • administering our business;
  • preventing fraud and misuse;
  • responding to enquiries; and
  • carrying out internal analytics and service planning.

5.3 Legal obligation

We process personal data where necessary to comply with legal or regulatory obligations, including accounting, tax, compliance, and lawful disclosure obligations.

5.4 Consent

We process personal data on the basis of consent where consent is required by law or where we choose to rely on consent, such as for certain cookies or certain marketing communications. Where we rely on consent, you may withdraw it at any time, but this will not affect the lawfulness of processing carried out before withdrawal.

6. Marketing Communications

6.1 We may send you marketing communications about our services, updates, events, and related business information where permitted by law.

6.2 You can opt out of marketing communications at any time by using the unsubscribe link in the relevant message or by contacting us at compliance@dovetech.com.

6.3 Even if you opt out of marketing communications, we may still send you service-related or administrative communications where necessary.

7. Cookies and Similar Technologies

7.1 We may use cookies, pixels, local storage, SDKs, and similar technologies on our websites and services for purposes such as:

  • essential website and service functionality;
  • authentication and security;
  • remembering preferences;
  • analytics and performance measurement; and
  • marketing or advertising, where permitted.

7.2 Where required by law, we will request your consent before placing non-essential cookies or similar technologies on your device.

7.3 You can also control cookies through your browser or device settings, although doing so may affect functionality.

8. Analytics, Advertising, and Payment Providers

We may use third-party providers to support our websites and services, including providers in the following categories:

  • website analytics providers;
  • payment processors;
  • cloud hosting and infrastructure providers;
  • customer support tools;
  • CRM and sales tools;
  • email and communications providers; and
  • marketing and advertising tools.

For example, depending on the services we use from time to time, these providers may include analytics providers such as Google Analytics, payment processors such as Stripe, cloud and hosting providers, email delivery providers, and platform providers such as Shopify.

These providers may process personal data on our behalf or, in some cases, as independent controllers for their own purposes, depending on the service involved.

9. How We Share Personal Data

We may share personal data:

  • within our corporate and operational support structure where necessary;
  • with service providers and processors who help us operate our business and services;
  • with platform providers, hosting providers, payment providers, and technical suppliers where necessary to provide the relevant service;
  • with professional advisers such as lawyers, auditors, accountants, and insurers;
  • with competent authorities, regulators, courts, law enforcement bodies, or other third parties where required by law or where necessary to protect rights, safety, or legal claims;
  • in connection with a business transaction such as a merger, acquisition, investment, financing, or sale of assets; and
  • with others where you have given consent or instructed us to do so.

We do not sell personal data in the ordinary sense of selling customer lists to third parties for their independent marketing use.

10. Shopify and Compliance Requests

10.1 Where Dovetech provides a Shopify App Store app or related Shopify service, we may receive and process privacy-related or compliance-related requests through Shopify or through direct contact with merchants or individuals.

10.2 Where required, Dovetech may process and respond to data subject requests, deletion requests, or similar platform-mandated privacy requests in accordance with applicable law, our contractual obligations, and platform requirements.

10.3 Where Dovetech acts as a processor on behalf of a customer or merchant, we will generally assist the relevant customer or merchant with such requests in accordance with our contractual arrangements.

11. International Transfers

11.1 We may store or process personal data in the United Kingdom, the European Economic Area, or other countries where we or our service providers operate.

11.2 Where personal data is transferred outside the United Kingdom, we will take steps to ensure that appropriate safeguards are in place where required by law, such as the use of adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

12. Data Retention

12.1 We retain personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying legal, accounting, tax, security, dispute-resolution, and reporting obligations.

12.2 Retention periods may vary depending on the type of data, the purpose of processing, the service involved, legal obligations, and operational needs.

12.3 When personal data is no longer required, we will delete it, anonymise it, or securely store it in a form that no longer permits identification, unless continued retention is required or permitted by law.

13. Security

13.1 We implement and maintain appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

13.2 However, no method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

14. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

  • the right to request access to your personal data;
  • the right to request correction of inaccurate or incomplete personal data;
  • the right to request deletion of your personal data in certain circumstances;
  • the right to request restriction of processing in certain circumstances;
  • the right to object to certain processing, including processing based on legitimate interests and direct marketing;
  • the right to data portability in certain circumstances; and
  • where we rely on consent, the right to withdraw consent at any time.

To exercise any of these rights, please contact us at compliance@dovetech.com.

We may need to verify your identity before responding to your request.

15. Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first at compliance@dovetech.com.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

16. Children's Data

Our websites, products, and services are intended for business use and are not directed to children. We do not knowingly market to children or knowingly collect personal data from children in circumstances where consent from a parent or guardian would be required.

17. Third-Party Websites and Services

Our websites or services may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices of those third parties, and you should review their privacy notices separately.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, legal obligations, or data processing practices.

The latest version will be made available on our website or otherwise communicated where appropriate.

19. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

Dovetailed Technology Ltd
71-75 Shelton Street
London, Greater London
United Kingdom
WC2H 9JQ

Email: compliance@dovetech.com