Privacy Policy

Overview

Dispatch ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, and share data when you use our Service, and how you can exercise your rights.

This Policy applies to all users of the Dispatch web application and any associated services. By using the Service, you acknowledge that you have read and understood this Policy.

Data We Collect

We collect information in three ways: data you provide directly, data from your use of the Service, and data from third parties.

Information You Provide

• Account data: Name, email address, and password when you register.
• Profile data: Optional profile picture or additional information you choose to add.
• Conversation data: Messages and queries you submit to the assistant.
• Communications: Messages you send to our support team.

Information Generated Automatically

• Usage data: Pages visited, features used, and interaction patterns.
• Log data: IP address, browser type, OS, referring URL, and timestamps.
• Device data: Device identifiers, screen resolution, and language settings.
• Session data: Cookie identifiers and session tokens.

Information from Third Parties

• OAuth providers: If you sign in via Google or GitHub, we receive your name, email, and profile picture from that provider.
• Payment processors: If applicable, payment status only — we do not store card details directly.

How We Use Your Data

We use the information we collect for the following purposes:

1. Providing the Service — processing your queries, returning responses, and maintaining your account.
2. Authentication and security — verifying your identity and protecting against unauthorised access.
3. Service improvement — analysing aggregated usage patterns to improve features and performance.
4. Communications — sending transactional emails and, with your consent, product updates.
5. Legal compliance — fulfilling obligations under applicable laws and responding to lawful requests.
6. Fraud prevention — detecting and preventing abuse, spam, and violations of our Terms.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share it only in these limited circumstances:

• Service providers: Trusted vendors who help us operate the Service, bound by data processing agreements.
• AI model providers: Your queries are processed by an upstream AI provider to generate responses. Their privacy policy also applies.
• Legal requirements: Where required by law, court order, or to protect the rights and safety of our users.
• Business transfers: In a merger or acquisition, with advance notice to you.
• With your consent: For any other purpose, only with your explicit prior consent.

Data Retention

We retain your personal data for as long as your account is active or as long as necessary to provide the Service and comply with legal obligations.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for fraud prevention. Aggregated, anonymised analytics data may be retained indefinitely.

Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service.

Types of Cookies We Use

• Essential cookies: Required for authentication, session management, and security. The Service cannot function without these.
• Preference cookies: Remember your settings across sessions.
• Analytics cookies: Help us understand aggregate Service usage. No personally identifiable data is shared with analytics providers.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

Security

We implement technical and organisational measures to protect your data, including:

• TLS encryption for all data in transit.
• Encrypted storage of passwords using industry-standard hashing algorithms.
• Access controls ensuring only authorised personnel can access personal data.
• Regular security reviews and dependency updates.
• CSRF protection on all state-changing requests.

No system is completely secure. We encourage you to use a strong, unique password and contact us immediately if you notice suspicious account activity.

Your Rights

Depending on your location, you may have rights including:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate or incomplete data.
• Erasure: Request deletion of your personal data.
• Restriction: Ask us to limit how we process your data.
• Portability: Receive your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent at any time without affecting prior processing.

We will respond to rights requests within 30 days. We may need to verify your identity first.

Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided data without parental consent, please contact us and we will promptly delete that information.

International Data Transfers

Dispatch operates globally. Your data may be transferred to and processed in countries outside your country of residence. We take steps to ensure adequate protections are in place, including Standard Contractual Clauses where applicable.

Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the effective date and provide notice for material changes. Continued use of the Service after any changes constitutes acceptance of the updated Policy.

Contact and Data Controller

For questions, concerns, or data requests, please contact our privacy team: