Plain English summary: DockSync collects only the data we need to run your dock scheduling account. We do not sell your data to anyone. We do not use it for advertising. All data is stored in UK-based infrastructure. You can request deletion of your data at any time. Questions? Email privacy@docksync.app.
1. Who we are
DockSync ("DockSync", "we", "us", "our") operates the dock scheduling platform available at www.docksync.app and app.docksync.app.
DockSync is the data controller for personal data collected through our marketing website and sign-up process. For data entered into the DockSync application by warehouse operators and their suppliers, DockSync acts as data processor on behalf of the warehouse operator (our customer), who is the data controller for that data.
For any privacy-related questions, contact us at: privacy@docksync.app
2. Data we collect
2.1 Data you provide directly
| Category | Data collected | When collected |
|---|---|---|
| Account registration | Full name, work email address, company name, number of dock bays | When you sign up for a free trial or paid plan |
| Profile information | Job title, phone number (optional), warehouse address | When you complete your account profile |
| Billing information | Payment card details (handled entirely by Stripe — we never see or store raw card data), billing name and address | When you subscribe to a paid plan |
| Supplier data | Supplier company name, contact name, email address, booking history | When you add suppliers to your DockSync account |
| Booking data | Delivery slot details, bay assignments, pallet counts, vehicle information, driver arrival times via QR check-in | Throughout normal use of the platform |
| Support communications | Content of emails, messages, or support requests you send us | When you contact our support team |
2.2 Data collected automatically
- IP address and approximate geographic location (country/region level)
- Browser type, version, and operating system
- Device type (desktop, tablet, mobile)
- Pages visited, features used, and time spent within the application
- Referring URL (where you came from before visiting our site)
- Session duration and click interaction data
2.3 Data we do not collect
We do not collect any special category data as defined under UK GDPR Article 9 (including health data, racial or ethnic origin, political opinions, religious beliefs, biometric data, or sexual orientation). We do not collect data from children under 16.
3. How we use your data
| Purpose | Data used |
|---|---|
| Providing the DockSync service | Account data, booking data, supplier data, usage data |
| Processing payments and managing subscriptions | Billing information (via Stripe), account data |
| Sending service notifications | Email address — booking confirmations, supplier reminders, system alerts |
| Responding to support requests | Account data, support communications |
| Improving the platform | Anonymised usage data and aggregated analytics |
| Sending product updates | Email address — only where you have opted in or are an active customer |
| Fraud prevention and security | IP address, usage patterns, account data |
| Legal and regulatory compliance | Any data required by applicable law |
We do not: sell your data to third parties, use your data for advertising purposes, share your data with competitors, or use your booking or operational data for any purpose other than providing you with the DockSync service.
4. Legal basis for processing (UK GDPR)
- Contract performance (Article 6(1)(b)): Processing necessary to provide the DockSync service you have signed up for, including account management, booking operations, and billing.
- Legitimate interests (Article 6(1)(f)): Processing for fraud prevention, platform security, and improving our service — where these interests are not overridden by your rights.
- Legal obligation (Article 6(1)(c)): Processing required to comply with applicable UK and EU law, including tax and financial record-keeping obligations.
- Consent (Article 6(1)(a)): For optional marketing communications. You can withdraw consent at any time by clicking unsubscribe in any email or contacting us at privacy@docksync.app.
5. Data storage and security
5.1 Infrastructure
The DockSync application is built on Bubble.io, a no-code application development platform. Bubble provides enterprise-grade cloud infrastructure with the following security properties:
- All data is encrypted at rest using AES-256 encryption
- All data in transit is encrypted using TLS 1.2 or higher
- Bubble maintains SOC 2 Type II compliance
- Infrastructure is hosted on AWS (Amazon Web Services) with data stored in EU/UK regions
- Automatic daily backups with point-in-time recovery
- Role-based access controls ensuring your data is isolated from other customers
- Regular third-party penetration testing
5.2 Our security practices
- Access to customer data is restricted to DockSync team members who need it to provide support
- All team members are bound by confidentiality obligations
- We conduct regular reviews of access permissions
- We maintain an incident response plan for data breaches
- We will notify you and the ICO within 72 hours of becoming aware of a personal data breach that poses a risk to your rights and freedoms
5.3 Data location
Your data is stored within the United Kingdom and European Economic Area. We do not transfer personal data outside the UK/EEA unless adequate safeguards are in place as required by UK GDPR.
6. Third-party data processors
We use a small number of carefully selected third-party services to operate DockSync. Each is bound by a Data Processing Agreement and processes your data only on our instructions.
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Bubble.io | Application infrastructure and hosting | All application data | AWS EU/UK |
| Stripe Inc. | Payment processing and subscription management | Billing name, email, payment card data | USA (SCCs in place) |
| Email provider (e.g. Postmark/SendGrid) | Transactional email delivery | Email address, name | EU/USA (SCCs in place) |
| Analytics (anonymised only) | Understanding how the platform is used | Anonymised usage data only | EU |
We do not use any third-party advertising networks, remarketing platforms, or data brokers.
7. Payments and Stripe
All payment processing for DockSync subscriptions is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor — the highest level of payment security certification available.
What this means for you:
- DockSync never sees, stores, or has access to your full payment card number, CVV, or sensitive authentication data
- When you enter payment details, they go directly and securely to Stripe via an encrypted connection
- Stripe tokenises your card details and provides DockSync with only a non-sensitive token reference
- Subscription management, upgrades, downgrades, and cancellations are processed entirely through Stripe's secure infrastructure
- Stripe is registered with the Financial Conduct Authority (FCA) in the UK
Stripe's privacy policy is available at stripe.com/gb/privacy. For billing queries, contact us at billing@docksync.app.
8. Data retention
| Data type | Retention period | Reason |
|---|---|---|
| Account and profile data | Duration of account + 90 days after cancellation | To allow account reactivation and resolve any disputes |
| Booking and operational data | 2 years from booking date | Operational reporting, audit trails, and supplier performance history |
| Billing and payment records | 7 years from transaction date | Legal requirement under UK tax law (HMRC) |
| Support communications | 3 years from last interaction | Quality assurance and dispute resolution |
| QR code check-in logs | 2 years from check-in date | Operational reporting and dwell time analysis |
| Marketing opt-in records | Until consent is withdrawn + 1 year | Demonstrating compliance with consent requirements |
| Anonymised usage analytics | Indefinitely (not personal data) | Platform improvement |
When data reaches the end of its retention period, it is securely deleted or anonymised. You may request early deletion of your personal data — see Section 9 for your rights.
9. Your rights under UK GDPR
As a data subject under UK GDPR, you have the following rights. To exercise any of them, email privacy@docksync.app. We will respond within 30 days.
- Right of access: You can request a copy of all personal data we hold about you (Subject Access Request).
- Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure: You can ask us to delete your personal data, subject to our legal obligations.
- Right to restrict processing: You can ask us to pause processing of your data in certain circumstances.
- Right to data portability: You can request your data in a machine-readable format (JSON or CSV) to transfer to another service.
- Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decisions: DockSync does not make any automated decisions that produce legal or similarly significant effects about you.
Account deletion: You can delete your DockSync account at any time from within the application under My Account. Your account data will be fully deleted within 90 days, subject to legally required retention periods.
10. Cookies and tracking
10.1 What we use
DockSync uses a minimal set of cookies necessary for the application to function. We do not use advertising cookies, cross-site tracking cookies, or third-party marketing pixels.
| Cookie type | Purpose | Duration |
|---|---|---|
| Session cookies (essential) | Keeps you logged in to your DockSync account during your session | Session (deleted when browser closes) |
| Authentication cookies (essential) | Remembers your login state so you don't have to log in on every page | 30 days |
| Preference cookies (functional) | Remembers your display preferences (e.g. calendar view setting) | 1 year |
| Analytics cookies (optional) | Anonymised data on how the application is used — no personal identification | 13 months |
10.2 Managing cookies
You can manage or delete cookies through your browser settings. Blocking essential cookies will prevent you from logging in to DockSync. Blocking analytics cookies will not affect your use of the platform in any way.
11. Children's data
DockSync is a business-to-business software platform intended for use by warehouse operations professionals. It is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us at privacy@docksync.app and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to all active account holders
- Display a notice within the DockSync application for 30 days following the change
Your continued use of DockSync after a policy change constitutes your acceptance of the updated policy. If you do not agree to the changes, you may close your account.
13. Contact and complaints
For any privacy questions, Subject Access Requests, or to exercise any of your rights:
Privacy contact
Email: privacy@docksync.app
Response time: We aim to respond to all privacy requests within 30 days. For complex requests, we may extend this by a further 2 months and will notify you.
Right to complain: If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.