Privacy Policy

DPIIFY is designed for councils, IG teams, and organisations requiring a secure, transparent, and compliant workflow for Data Protection Impact Assessments (DPIAs). This Privacy Policy explains how we handle personal data in line with the UK GDPR and Data Protection Act 2018.

1. Data We Collect

• Name and email address
• Authentication and session data
• Organisation and team membership details
• DPIA content, risk assessments, and workflow activity

2. How We Use Your Data

• User authentication and account management
• Team collaboration and reviewer workflows
• Risk scoring, audit trails, and PDF exports
• Security monitoring and platform reliability

3. Legal Basis

• Contractual necessity - to provide the DPIIFY service
• Legitimate interests - platform security and fraud prevention

4. Data Storage and Security

DPIIFY uses encrypted storage and secure authentication. All data is hosted within Supabase (EU region). Data in transit is protected by TLS.

5. Data Sharing

We do not sell or share your data for marketing or advertising. Data is only shared with essential service providers (Supabase, Stripe, Resend) under strict data processing agreements.

6. Your Rights

• Access, correct, or delete your data
• Export your DPIA records
• Withdraw consent where applicable
• Lodge a complaint with the ICO at ico.org.uk

7. Cookies

We use essential cookies for authentication. See our Cookie Policy for details.

8. Contact

Email: privacy@dpiify.co.uk