DactIQ
← Back to home

Privacy Policy

Last updated: 2 April 2026

This Privacy Policy explains how DactIQ Software Services (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use the DactIQ desktop application (“the Software”), the DactIQ website at dactiq.com (“the Website”), and any related services (collectively, “the Service”).

We are committed to protecting your privacy and handling your data in a transparent, lawful manner. This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

1. Who We Are

For the purposes of data protection law, the data controller is:

DactIQ Software Services
2 West Hill Street, Brighton, UK, BN1 3RR
privacy@dactiq.com

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at the details above.

2. The Principle of Local Processing

Before detailing what data we do collect, it is important to understand what we do not collect.

DactIQ processes your documents entirely on your own device. The content of your documents — including any personal data, sensitive data, or confidential information contained within them — is never uploaded to, transmitted to, or stored on our servers or any third-party servers. This is a fundamental design principle of the Software.

We have no access to, and do not process, the content of any documents you open, scan, review, or redact using DactIQ. Your documents remain under your sole control at all times.

3. What Personal Data We Collect

While document processing is fully local, we do collect a limited amount of personal data to provide and improve the Service. The data we collect falls into the following categories:

3.1 Account Data

When you create a DactIQ account, we collect:

  • your email address;
  • a display name (if you choose to provide one); and
  • an encrypted password (managed by our authentication provider).

3.2 Payment Data

When you purchase credits, our payment processor (Stripe) collects and processes your payment information, which may include your card number, billing address, and transaction details. We do not receive or store your full payment card details. We receive from Stripe only a confirmation of payment, a transaction identifier, and the credit pack purchased.

3.3 Usage Data

To operate the credit system and maintain the Service, we collect:

  • the number of pages you have processed (to deduct credits);
  • your credit balance and purchase history;
  • timestamps of account activity (sign-in, credit purchases, credit usage); and
  • basic technical information when the Software communicates with our servers (such as application version and operating system).

3.4 Website Data

When you visit our Website, we may collect:

  • standard server log data, which may include your IP address, browser type, referring page, and the date and time of your visit.

We do not currently use cookies or similar tracking technologies on our Website. If this changes in the future, we will update this policy and provide you with appropriate notice and, where required, obtain your consent.

3.5 Communications Data

If you contact us (for example, via email for support), we will collect and retain your name, email address, and the content of your communication so that we can respond to and resolve your enquiry.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Creating and managing your account — using account data, on the basis of performance of a contract (Art. 6(1)(b)).
  • Processing payments and managing credits — using payment and usage data, on the basis of performance of a contract (Art. 6(1)(b)).
  • Operating the credit system — tracking balance and consumption using usage data, on the basis of performance of a contract (Art. 6(1)(b)).
  • Providing customer support — using account and communications data, on the basis of performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).
  • Sending essential service communications — such as payment confirmations and important updates, using account data, on the basis of performance of a contract (Art. 6(1)(b)).
  • Monitoring and improving performance, stability, and security — using usage and website data, on the basis of legitimate interests (Art. 6(1)(f)).
  • Detecting, preventing, and addressing fraud or security issues — using account and usage data, on the basis of legitimate interests (Art. 6(1)(f)).
  • Complying with legal obligations — using any relevant data, on the basis of legal obligation (Art. 6(1)(c)).

Where we rely on legitimate interests as our lawful basis, we have assessed that our interests do not override your rights and freedoms, taking into account the limited and non-sensitive nature of the data involved and the measures we take to protect it.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Marketing Communications

We determine the lawful basis for all of our marketing or promotional communications before they are sent. Typically this will either be Active Consent or Legitimate Interest.

You can withdraw your consent and unsubscribe from marketing communications at any time by clicking the unsubscribe link in any marketing email, or by contacting us directly. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Service-related communications (such as payment confirmations, security alerts, or important changes to the Service) are not considered marketing and may be sent without separate consent where necessary for the performance of our contract with you.

6. Who We Share Your Data With

We do not sell, rent, or trade your personal data to third parties.

We share your personal data only with the following categories of third-party service providers, who process data on our behalf and under our instructions:

  • Supabase — account authentication, session management, and database hosting. Data shared: account data (email, encrypted credentials) and usage metadata. Location: EU (Ireland).
  • Stripe — payment processing. Data shared: payment and transaction data. Location: International (Stripe is certified under applicable data protection frameworks).

These providers act as data processors under the UK GDPR and are bound by data processing agreements that require them to protect your data and process it only in accordance with our instructions.

We may also disclose your personal data if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

7. International Transfers

Your document content is never transferred anywhere — it remains on your device.

For account and payment data, some of our service providers (Supabase, Stripe) may process data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as:

  • transfers to countries with an adequate level of data protection as determined by the UK Secretary of State; or
  • transfers subject to appropriate contractual safeguards, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

8. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes set out in this policy:

  • Account data — for the duration of your account, plus 12 months after deletion to allow for reactivation or support queries.
  • Payment and transaction records — 6 years from the date of the transaction, as required for tax and accounting purposes under UK law.
  • Usage data (pages processed, credit history) — for the duration of your account.
  • Website server logs — 90 days.
  • Support correspondence — 2 years from the date of resolution, or longer if required for legal purposes.

When personal data is no longer required, we will securely delete or anonymise it.

9. How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • encryption of data in transit (TLS/HTTPS) and at rest;
  • secure authentication via our authentication provider (Supabase Auth);
  • access controls limiting who within our organisation can access personal data;
  • regular review of our security practices; and
  • use of reputable, security-audited third-party service providers.

No method of transmission or storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct any personal data that is inaccurate or incomplete.
  • Right to erasure — You can ask us to delete your personal data, subject to certain legal exceptions (for example, where we are required to retain it for tax purposes).
  • Right to restrict processing — You can ask us to restrict the processing of your personal data in certain circumstances.
  • Right to data portability — You can request that we provide your personal data in a structured, commonly used, machine-readable format, or that we transmit it to another controller where technically feasible.
  • Right to object — You can object to our processing of your personal data where we rely on legitimate interests as our lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent — Where we process your data on the basis of your consent (for example, marketing communications), you can withdraw your consent at any time.
  • Right not to be subject to automated decision-making — We do not currently carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

To exercise any of these rights, please contact us at privacy@dactiq.com. We will respond to your request within one calendar month. If your request is complex or we receive a large number of requests, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

11. Complaints

We take your privacy concerns seriously. If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can try to resolve the matter:

Email: privacy@dactiq.com

We will acknowledge your complaint within 30 days and endeavour to resolve it without undue delay.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

12. Children's Privacy

The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that data as soon as reasonably possible.

Our Website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to read their privacy policies before providing them with any personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:

  • update the “Last updated” date at the top of this page;
  • notify you by email or through the Software where the changes are significant; and
  • where required by law, seek your consent before applying changes that affect how we process your data.

We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or want to make a complaint, please contact us at:

Email: privacy@dactiq.com
Address: 2 West Hill Street, Brighton, UK, BN1 3RR
Website: dactiq.com