Privacy Policy

This Privacy Policy applies to information collected by DoSurely through our website, hosted applications, mobile apps, and related support interactions. It does not apply to third-party services that we do not own or control, even if they are linked from our services.

In many cases, DoSurely processes information on behalf of customer organizations that use the service. Those organizations may also have their own privacy obligations and policies.

Depending on how you use the service, we may collect:

• Account information such as name, email, organization, role, and authentication identifiers.
• Operational data submitted through checklists, schedules, notes, approvals, and related workflows.
• Attachments and proof records, such as uploaded images or files, where enabled by your organization.
• Device, log, and usage data (for example, browser type, app version, timestamps, and activity events).
• Support communications and contact form submissions.
• Billing-related metadata processed through payment providers (we do not store full payment card details).

We use information to:

• Provide, operate, and maintain the service.
• Authenticate users and manage access controls.
• Process subscriptions, invoices, and billing events.
• Deliver notifications, reminders, and service communications.
• Provide customer support and troubleshoot issues.
• Improve product reliability, usability, and security.
• Comply with legal obligations and enforce our terms and policies.

Where applicable, DoSurely processes personal information based on legitimate business interests, contractual necessity, consent (where required), and legal obligations.

For customer-submitted operational data, DoSurely generally acts as a service provider/processor on behalf of the customer organization and processes such data according to customer instructions and applicable law.

We share information only as necessary to operate and support the service, including with hosting, infrastructure, messaging, authentication, storage, analytics, and payment providers acting on our behalf.

See our Subprocessors page for a current list of major service providers used to support the platform.

DoSurely and our service providers may process information in countries other than the country where the data was collected. Where required, we use contractual and organizational safeguards intended to support lawful cross-border processing.

We retain personal information for as long as needed to provide services, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type and customer configuration.

We apply administrative, technical, and organizational controls designed to protect information from unauthorized access, disclosure, alteration, and destruction. No system can be guaranteed to be completely secure.

For a high-level overview of our security practices and DPA request process, see our Security & DPA page.

Depending on your jurisdiction and relationship to the service, you may have rights to request access, correction, deletion, portability, restriction, or objection to processing of personal information.

If your information is processed through an organization account, we may direct your request to that organization first. We may need to verify your identity before acting on requests.

DoSurely is intended for business and workforce operations and is not directed to children. We do not knowingly collect personal information from children in violation of applicable law.

We may update this Privacy Policy from time to time. When we do, we will post the revised version on this page and update the effective or last updated date as appropriate.

For privacy requests or questions, contact us at contact@dosurely.com.

You may also review our related policies: Cookie Policy, Terms of Service, and Acceptable Use Policy.