This site was deployed on 29 March 2026 at 20:18

This document was last updated on 09 November 2025

Version 1.0

Privacy Policy

This Privacy Policy explains how Dossia Limited (“Dossia”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information about individuals who use our website, services, and platform (collectively, the “Services”). This Privacy Policy applies to information collected through our website at https://dossia.uk, our design editor, and related services.

Dossia Limited is a company registered in England and Wales at Suite 5, 5th Floor Greenwich View Place, London, England, E14 9NN.

By using our Services, you agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email, through a notice on our website, or when you next log into your account. We encourage you to review this Privacy Policy regularly to stay informed about our data practices.

1. Information We Collect

We collect information about you in various ways when you use our Services. The information we collect falls into the following categories:

1.1 Information You Provide to Us

Account Information When you create an account, we collect:

Name (first and last name)
Email address
Password (encrypted and securely stored)
Profile information (if you choose to provide it)

Design Content When you use our Editor to create Books, we collect and store:

Your designs, layouts, and page configurations
Text, images, and other content you upload or create
Book specifications (size, page count, binding type, etc.)
Templates you create or save
Project names and metadata

Order and Shipping Information When you place an order for a physical Book, we collect:

Shipping address (name, street address, city, postal code, country)
Billing address (if different from shipping address)
Phone number (for delivery purposes)
Order history and preferences

Payment Information We do not directly collect or store your full payment card details. All payment processing is handled by our third-party payment processor, Stripe. Stripe collects payment card information, billing address, and other payment details necessary to process your transaction. We receive only limited payment information from Stripe, such as the last four digits of your card and transaction confirmation details. Please refer to Stripe’s Privacy Policy at https://stripe.com/privacy for information about how Stripe handles your payment data.

Communications When you contact us for customer support, provide feedback, or otherwise communicate with us, we collect:

Your name and email address
The content of your messages
Any additional information you choose to provide
Support ticket history and correspondence

Waitlist Information If you join our waitlist, we collect:

First and last name
Email address

Marketing Preferences If you subscribe to our newsletter or marketing communications, we collect:

Email address
Communication preferences
Information about how you interact with our emails (open rates, click-through rates)

1.2 Information We Collect Automatically

Device and Usage Information When you access our Services, we automatically collect:

IP address
Browser type and version
Device type, operating system, and version
Pages you visit and features you use
Time and date of your visits
Time spent on pages
Referring website or source
Links you click
Actions you take in the Editor

Cookies and Similar Technologies We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about the cookies we use, please see Section 8 (Cookies and Tracking Technologies).

Log Data Our servers automatically record information when you use our Services, including:

Access times and dates
Features accessed
Error logs and debugging information
Performance data
System activity

1.3 Information from Third Parties

Authentication Services If you choose to sign up or log in using a third-party authentication service (such as Google or other OAuth providers), we may receive information from that service, such as your name, email address, and profile picture, in accordance with their authorization procedures.

Social Media If you interact with us on social media or mention us in posts, we may collect publicly available information from your social media profiles.

Publicly Available Information We may collect information about you from publicly available sources for business purposes, such as understanding our market or improving our Services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Our Services

Create and manage your account
Provide access to the Editor and design tools
Save and sync your designs across devices
Process and fulfill your orders
Generate previews and PDFs of your designs
Manufacture physical Books based on your specifications
Arrange shipping and delivery
Provide customer support
Respond to your inquiries and requests
Send transactional emails (order confirmations, shipping updates, etc.)

2.2 To Maintain and Improve Our Services

Monitor and analyze usage patterns and trends
Understand how users interact with our Services
Identify and fix technical issues and bugs
Develop new features and functionality
Improve user experience and interface design
Conduct research and testing
Optimize performance and reliability

2.3 To Communicate with You

Send administrative messages and service updates
Notify you of changes to our Services or policies
Respond to your comments, questions, and requests
Provide customer support
Send you newsletters and marketing communications (only if you’ve opted in)
Request feedback or reviews

2.4 To Ensure Security and Prevent Fraud

Detect, prevent, and investigate fraud, abuse, or illegal activity
Protect the security and integrity of our Services
Enforce our Terms of Service
Verify your identity
Protect our rights, property, and users
Comply with legal obligations

2.5 For Marketing and Promotional Purposes

Send promotional emails about new features, products, or offers (only with your consent)
Personalize your experience
Show relevant content and recommendations
Conduct market research
Analyze the effectiveness of our marketing campaigns

You can opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at hello@dossia.uk.

2.6 For Legal and Compliance Purposes

Comply with applicable laws, regulations, and legal processes
Respond to lawful requests from public authorities
Enforce our agreements and policies
Resolve disputes
Protect against legal liability

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal information based on the following legal grounds:

Contract Performance: Processing is necessary to perform our contract with you (e.g., providing the Services, processing orders)
Legitimate Interests: Processing is in our legitimate business interests (e.g., improving Services, security, marketing to existing customers)
Consent: You have given us clear consent to process your information for specific purposes (e.g., marketing communications, analytics cookies)
Legal Obligation: Processing is necessary to comply with legal obligations (e.g., tax, accounting, legal requirements)

We do not sell your personal information to third parties. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

Infrastructure and Hosting

Cloudflare: Provides hosting, content delivery, and security services
Supabase: Provides database, authentication, and storage services

Payment Processing

Stripe: Processes all payments and handles payment card information. Stripe is the merchant of record for all transactions.

Email Communications

Mailerlite: Sends marketing emails and manages our email lists (only for users who opt in)

Shipping and Fulfillment

Shipping carriers and logistics providers to deliver physical Books
Manufacturing partners to produce Books based on your designs

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If Dossia is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

Comply with legal obligations, court orders, or legal processes
Respond to lawful requests from public authorities (e.g., law enforcement)
Enforce our Terms of Service or other agreements
Protect our rights, property, safety, or that of our users or the public
Detect, prevent, or address fraud, security, or technical issues

We may share your information with third parties when you give us explicit consent to do so.

3.5 Aggregated or Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you. This may include statistics about our users, usage patterns, or industry trends.

4. Data Storage and Security

4.1 Data Storage

Your information is stored on secure servers provided by our infrastructure partners, primarily located in:

European Union
United Kingdom
United States

We use industry-standard cloud infrastructure providers that maintain high security standards and certifications.

4.2 Security Measures

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

Technical Safeguards

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Secure password storage using industry-standard hashing algorithms
Regular security assessments and audits
Intrusion detection and prevention systems
Firewalls and network security controls

Organizational Safeguards

Access controls limiting who can access personal information
Employee training on data protection and privacy
Confidentiality agreements with employees and contractors
Regular review and updates of security practices
Incident response procedures

Physical Safeguards

Secure data centers with controlled access
Environmental controls and monitoring
Redundant systems and backups

4.3 Your Responsibility

While we implement robust security measures, no system is completely secure. You are responsible for:

Maintaining the confidentiality of your password
Logging out of your account when not in use
Notifying us immediately of any unauthorized access
Using a secure internet connection when accessing the Services

4.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours (where required by law)
Notify affected users without undue delay
Provide information about the nature of the breach and steps taken to address it
Post updates on our security page or website

5. Data Retention

5.1 General Retention

We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Information: Retained for the duration of your account, plus a reasonable period after account closure for legal and business purposes.

Design Content: Retained for as long as you maintain your account. You can delete your designs at any time through the Editor.

Order History: Retained for at least 7 years for tax, accounting, and legal compliance purposes.

Communication Records: Retained for up to 3 years for customer service and legal purposes.

Analytics Data: Retained for up to 26 months.

Marketing Data: Retained until you unsubscribe or request deletion.

5.2 Deletion Requests

Upon your request, we will delete your personal information, subject to the following:

We may retain information necessary to comply with legal obligations
We may retain information to resolve disputes or enforce agreements
We may retain anonymized or aggregated data
Deletion may take up to 30 days to complete fully

5.3 Inactive Accounts

If your account has been inactive for an extended period (typically 3 years), we may delete or anonymize your information after providing you with reasonable notice.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These rights may include:

6.1 Access and Portability

Right to Access: You have the right to request a copy of the personal information we hold about you.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

To request access to your data, contact us at hello@dossia.uk.

6.2 Correction and Updates

Right to Rectification: You have the right to request that we correct inaccurate or incomplete personal information.

You can update most of your account information directly through your account settings. For other corrections, contact us at hello@dossia.uk.

6.3 Deletion

Right to Erasure (“Right to be Forgotten”): You have the right to request deletion of your personal information in certain circumstances, such as:

The information is no longer necessary for the purposes for which it was collected
You withdraw your consent (where processing was based on consent)
You object to processing and there are no overriding legitimate grounds
The information was unlawfully processed
Deletion is required to comply with legal obligations

To request deletion, you can:

Delete your account through account settings
Contact us at hello@dossia.uk

We will process deletion requests within 30 days. Note that we may retain certain information as required by law or for legitimate business purposes.

6.4 Restriction and Objection

Right to Restrict Processing: You have the right to request that we restrict processing of your personal information in certain circumstances.

Right to Object: You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes.

To exercise these rights, contact us at hello@dossia.uk.

Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

You can:

Unsubscribe from marketing emails using the link in any email
Adjust cookie settings through your browser
Contact us at hello@dossia.uk

6.6 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

6.7 Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, if you believe we have violated your data protection rights.

UK Supervisory Authority: Information Commissioner’s Office (ICO) Website: https://ico.org.uk

EU Supervisory Authorities: Find your local data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en

6.8 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of third parties with whom we share information.

Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell personal information as traditionally understood. However, if you believe any of our data sharing practices constitute a “sale” under the CCPA’s broad definition, you have the right to opt out by contacting us.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your California privacy rights, contact us at hello@dossia.uk or by mail at our address listed in Section 13.

We will respond to verified requests within 45 days. We may request additional information to verify your identity.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and provide information to website owners.

7.2 Types of Cookies We Use

Essential Cookies These cookies are necessary for the Services to function properly and cannot be disabled. They include:

Authentication cookies to keep you logged in
Security cookies to protect against fraud and abuse
Session cookies to remember your actions within a session

Performance and Analytics Cookies These cookies help us understand how visitors interact with our Services by collecting and reporting information anonymously. We use:

First-party analytics for understanding usage patterns

Functionality Cookies These cookies allow the Services to remember choices you make (such as language preferences, theme settings) and provide enhanced features.

Marketing Cookies (with your consent) These cookies may be used to deliver relevant advertisements and track campaign effectiveness. We may use:

Cookies to track referrals from advertising
Cookies to measure marketing campaign performance

7.3 Third-Party Cookies

Third-party services we use may set their own cookies, including:

Advertising platforms (if you consent to marketing cookies)

These third parties have their own privacy policies governing their use of cookies.

7.4 Managing Cookies

Browser Settings: You can control and manage cookies through your browser settings. Most browsers allow you to:

View and delete cookies
Block all cookies
Block third-party cookies
Clear cookies when you close your browser

Note that disabling essential cookies may prevent you from using certain features of the Services.

Cookie Preferences: We provide cookie preference controls when you first visit our website. You can change your preferences at any time.

7.5 Do Not Track

Some browsers support a “Do Not Track” feature that signals websites not to track your browsing activity. Our Services do not currently respond to Do Not Track signals, but we provide cookie controls as described above.

8. Third-Party Services and Links

8.1 Third-Party Services We Use

Our Services integrate with and rely on various third-party services:

Supabase: Database, authentication, and storage (https://supabase.com/privacy)

Stripe: Payment processing (https://stripe.com/privacy)

Mailerlite: Email marketing (https://www.mailerlite.com/legal/privacy-policy)

Cloudflare: Hosting and content delivery (https://www.cloudflare.com/privacypolicy/)

Each of these services has its own privacy policy governing how they collect, use, and protect your information.

8.2 Third-Party Links

Our Services may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any personal information.

Our Services may include social media features (such as sharing buttons). These features may collect information about your IP address, the page you’re visiting, and may set cookies. Your interactions with these features are governed by the privacy policies of the companies providing them.

9. Children’s Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use our Services or provide any personal information to us.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at hello@dossia.uk, and we will delete such information promptly.

For users in the EEA, if you are under 16, you should obtain parental or guardian consent before using our Services or providing personal information.

10. International Data Transfers

Dossia is based in the United Kingdom, and we may process and store information in the UK, the European Union, the United States, and other countries where our service providers operate.

10.1 Transfers from the EEA and UK

If you are located in the European Economic Area (EEA) or United Kingdom and your information is transferred outside these regions, we will ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses for transfers to countries without an adequacy decision.
Adequacy Decisions: We may transfer data to countries deemed to provide adequate protection by the European Commission or UK authorities.
Service Provider Commitments: We require all service providers to implement appropriate safeguards and commit to data protection standards equivalent to GDPR requirements.

10.2 Data Protection

Regardless of where your information is processed, we apply the same high standards of data protection and security described in this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

11.1 Notice of Changes

When we make material changes, we will notify you by:

Updating the “Last Updated” date at the top of this Privacy Policy
Sending you an email notification (if you have an account)
Displaying a prominent notice on our website
Showing a notification when you log into your account

11.2 Effective Date

Changes become effective 30 days after we provide notice, unless otherwise stated. For material changes that require consent under applicable law, we will obtain your consent before the changes take effect.

11.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

12. Data Controller and Contact Information

Dossia Limited is the data controller responsible for your personal information collected through the Services.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Dossia Limited Suite 5, 5th Floor Greenwich View Place London, England, E14 9NN United Kingdom

Email: hello@dossia.uk Website: https://dossia.uk

For data protection inquiries: hello@dossia.uk

12.1 Response Time

We will respond to your inquiries and requests within:

30 days for general inquiries
30 days (may be extended to 60 days for complex requests) for GDPR requests
45 days for CCPA requests