How Dozz collects, uses, stores, and protects information when you or your organisation uses our platform.
Dozz ("Dozz", "we", "us", or "our") provides a software platform that helps organisations track, assign, and manage their physical assets. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices available to you when you or your organisation uses our website at dozz.ai or any subdomain of dozz.ai (collectively, the "Service").
This policy is written to be read by an actual human being, not just a lawyer. If anything here is unclear, contact us at the email address listed at the end of this document and we will explain it properly.
Dozz operates a multi-tenant software-as-a-service platform. Each organisation that signs up for Dozz (a "Customer" or "Organisation") receives its own private workspace, accessible through a unique subdomain of dozz.ai. Individual people who use the Service on behalf of an Organisation are referred to in this policy as "Users".
This policy applies to:
| Category | Examples |
|---|---|
| Account and contact details | Name, work email address, phone number, job title, organisation name |
| Organisation details | Company name, industry, country, estimated staff and asset counts, billing address |
| Form submissions | Information submitted through our contact, get-started, or careers application forms, including résumés and cover letters where applicable |
| Payment information | Billing details processed through our third-party payment processor; Dozz does not directly store full card numbers |
| Support communications | Content of emails, support tickets, or messages you send us |
When you use the Service, we automatically collect certain technical information, including IP address, browser type, device information, pages visited, and timestamps of activity. This is used for security, troubleshooting, and improving the Service, as described in Section 4.
Once an Organisation begins using Dozz, the Service generates and stores operational data created by that Organisation's own Users, including but not limited to:
This category of data belongs to the Organisation. Dozz processes it solely to provide the Service and does not use it for any other purpose, including marketing or analytics unrelated to the Service itself.
We use the information described above for the following purposes:
We do not sell personal information to third parties, and we do not use Organisation operational data (asset records, checkout history, etc.) to train any general-purpose model or to serve advertising of any kind, to you or to anyone else.
Where data protection law requires a legal basis for processing personal information (such as under the EU or UK GDPR), we rely on one or more of the following:
Dozz does not use traditional passwords for Organisation Users. Instead, Users sign in using their existing Google Workspace or Microsoft 365 work account, through the standard OAuth authentication protocol provided by Google and Microsoft respectively.
When a User signs in through this method, we receive only the limited profile information authorised by the OAuth scope requested — typically name, work email address, and profile photograph where available. We do not receive or store the User's Google or Microsoft account password at any point; authentication is handled entirely by Google or Microsoft's own systems.
Access to each Organisation's workspace is restricted to email addresses matching that Organisation's verified company domain. This is a deliberate security control that prevents unauthorised account creation and ensures only legitimate members of an Organisation can gain access.
Dozz is built on a multi-tenant architecture in which each Organisation's operational data is stored in a separate, isolated database environment. One Organisation's Users, asset records, and history are never combined, shared, or made visible to any other Organisation using the Service. There is no shared data pool between customers beyond the underlying software infrastructure itself.
Dozz personnel do not access an Organisation's private workspace data except where strictly necessary to provide support requested by that Organisation, to investigate a security incident, or where required by law.
We do not sell personal information. We share information only in the following limited circumstances:
Dozz serves customers globally, and information may be processed and stored in countries other than the one in which you or your Organisation are located. Where we transfer personal information across borders, we take appropriate steps to ensure it remains protected in accordance with applicable data protection law, including the use of standard contractual clauses or equivalent safeguards where required.
We retain personal information and Organisation operational data for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:
Organisations may request export of their full operational data at any time during an active subscription. This is a core design principle of the Service, not an exception requiring special approval.
We implement technical and organisational measures designed to protect personal information and Organisation data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS/TLS) for all data in transit, access controls restricting internal access to customer data on a need-to-know basis, isolated database environments per Organisation, and regular review of our security practices.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you in accordance with applicable law.
Depending on your location and applicable law, you may have the right to:
If you are a User within an Organisation, many of these requests should first be directed to your Organisation's administrator, since they control the underlying account. Where Dozz is the appropriate party to contact directly, reach us using the details in Section 16.
The Dozz website and application use cookies and similar technologies necessary for core functionality, including maintaining your authenticated session, remembering your preferences, and protecting against cross-site request forgery. We do not use cookies for third-party advertising or cross-site behavioural tracking.
The Service is intended for use by organisations and their adult staff members in a professional context. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will update the "Last updated" date at the top of this page when we do. Material changes will be communicated to active Organisations through the Service or by email where appropriate.
If you have questions, concerns, or requests relating to this Privacy Policy or how your information is handled, contact us at:
privacy@dozz.ai
We aim to respond to all privacy-related enquiries within one business day.