Product
Customers
Pricing
Resources
About us
Start free trial
Book a demo

The Dash privacy policy

Version 2 - updated 26th January, 2026

This privacy notice explains how Dash For Brands Limited (“we”, “us”, “our”, “Dash”) collects, uses, shares, and protects your personal data. We are committed to protecting your privacy and processing your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and other applicable UK data protection laws, including amendments introduced by the Data (Use and Access) Act 2025 (DUAA).

This notice applies to personal data we process as a data controller in relation to our website (dash.app), applications, services, marketing, employment enquiries, and related activities.

1. Who we are

Dash For Brands Limited is a company registered in England and Wales (company number 03865036), registered office at 9th Floor, Tower Point, 44 North Road, Brighton, BN1 1YR. 

We are registered with the Information Commission, IC registration number: ZB979372 

You can contact us via email (help@dash.app) or by post to our address above.

2. What personal data we collect and why (purposes and lawful bases)

We collect and process personal data for the following purposes:

Analytics data

When you use our websites, apps, or services: IP address, location, browser/device details, usage patterns (e.g., pages viewed, time spent). 

  • Purpose: To monitor, improve, and secure our services; diagnose issues; analyse usage. 
  • Lawful basis: Legitimate interests (UK GDPR Article 6(1)(f)) — to help us monitor, improve, and secure our services. We've conducted a legitimate interests assessment and concluded that this processing is necessary and proportionate. You can object to this use of your data or manage related cookies through our cookie policies.

Customer relationship data

Names, emails, job titles, company details, phone, business address for customer contacts.

  • Purpose: To provide and manage contracted services, communicate, and administer our business. 
  • Lawful basis: Legitimate interests (maintaining relationships and business administration).

Enquiry/support data

Information you provide via contact forms, help centre, in-app messaging, or third-party sites. 

  • Purpose: To respond to queries, provide support, offer/sell services, seek feedback. May become customer data if you become a customer. 
  • Lawful basis: Legitimate interests (responding to enquiries and delivering services).

Marketing data

Details you provide to subscribe to communications or access content. 

  • Purpose: To send marketing emails and maintain records. 
  • Lawful basis: Consent (you can withdraw anytime via unsubscribe link or by contacting us).

Jobseeker data

Details from job applications or agencies. 

  • Purpose: To assess suitability for roles. 
  • Lawful basis: Legitimate interests (managing recruitment).

Third-party login/cloud integration data

Profile info from Google/Microsoft login; read-only access to selected files from cloud storage (e.g., Google Drive). 

  • Purpose: To enable login or file import. 
  • Lawful basis: Consent or contract performance (as chosen by you).

3. Our customers' service data

When customers use our apps/services, we process activity data (e.g., views, edits, uploads) as a data processor. Customers are the data controllers and are responsible for compliance. This notice does not apply to such data; see your contract with us for details. Temporary support data (e.g., username/email) is held only as long as needed.

4. Who we share your personal information with

We share data only where necessary and with safeguards. Find a full list of our data processors and the reasons we process data here.

We require these parties to your protect data under UK GDPR standards. We will never sell your personal data.

5. Social media, blogs, reviews etc.

Any social media posts/comments or public reviews that you submit for Dash through third-party sites (e.g. via LinkedIn or Capterra) will be shared under the terms of the relevant platform and may be used in our marketing, if the third-party site allows. We do not control these platforms and we are not responsible for this kind of sharing.  You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

6. International transfers of your information

We are UK-based but use global suppliers. Where we transfer data to countries without a UK adequacy decision (e.g., USA) we rely on appropriate safeguards under Chapter V of the UK GDPR (as amended by the Data (Use and Access) Act 2025), specifically the UK International Data Transfer Agreement (IDTA) and, where applicable, the UK Addendum to EU Standard Contractual Clauses, combined with a Transfer Risk Assessment (TRA) to ensure the level of protection for your data is “not materially lower” than under UK law.

7. Your rights under UK GDPR

You have the following rights over your personal data:

Your right to be informed: You have the right to be informed about what personal data we collect and how we use it.

Your right of access: You have the right to ask us for copies of your personal information. 

Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Your right to object to automated decision-making and profiling: You can object to decisions made solely by automated means (e.g., AI) that adversely affects your legal rights, including profiling. You have the right to human review, to express your view, and to contest the decision. (We do not use automated decision making.)

The right to withdraw consent – Where you have provided consent to our use of your data, you have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

To exercise your rights, contact us at: help@dash.app, or by post: Attn: Privacy Officer, Dash For Brands Limited, 9th Floor, Tower Point, 44 North Road, Brighton, BN1 1YR 

We will respond within 1 month (or up to 3 months for complex requests, as allowed under the UK GDPR). We will conduct reasonable and proportionate searches to fulfil your request. 

You are not required to pay any charge for exercising your rights.

8. Your right to complain

You have the right to make a complaint at any time, if you wish to do so, please contact our Privacy
Officer via email at: privacy@builtbybright.com.

We will acknowledge your complaint within 30 days and respond without undue delay.
You may escalate unresolved complaints to the Information Commission (IC - the UK supervisory
authority for data protection issues) here: IC: Make a complaint

Post: Information Commission, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Web: https://ic.org.uk/concerns

Phone: +44 0303 123 1113

9. The security of your information

We take the security of your information very seriously. We use appropriate procedures and
technical security measures (including encryption, anonymisation and archiving techniques) to
safeguard your information.

We use secure means to communicate with you where appropriate, such as https and other security
and encryption protocols. For further information, see our Security Policy.

Our customer data is stored and managed by Amazon Web Services (AWS) who provide details of
their security policies and procedures here.

10. Minors

We do not knowingly collect data from under-16s. If we discover any such data, we will delete it. 

11. How long do we keep your information for?

We only keep your personal data for as long as necessary for the purposes for which we collected it.

Our standard retention periods are as follows:

  • Analytics: Up to 36 months
  • Customer and enquiry data: A minimum of 6 years following the end of the relevant customer relationship (for legal/tax reasons), then reviewed and deleted if no longer required.
  • Marketing: 18-24 months after last communication (opt-out records indefinite).
  • Jobseeker: 6 months post-process (or longer with consent). Criteria include legal obligations, dispute resolution, and business needs. If you consent to us retaining your information as part of our Total Talent programme, we will retain the jobseeker data for so long as that consent is valid; and if you become an employee, the jobseeker data will be retained in accordance with our Employee Privacy Policies.

We determine these periods based on factors such as legal requirements, contractual obligations, and our legitimate business needs. Once the data is no longer required, we securely delete or anonymise it.

We will never sell your personal data.

12. Opting out

We provide ways for you to stop all marketing email communications you receive from us, by including the ‘unsubscribe’ link  in each email we send to you. We need to send certain communications to our users and customers which are deemed necessary and cannot be opted out of, such as service and administrative emails. For further information, please contact us at help@dash.app.

13. CCTV information

CCTV is in operation at Dash’s offices. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our signage, or contact us using the contact details provided above.

14. Cookies

We use cookies and other tracking tools to improve your experience of our websites, applications and services, and to improve the quality of our service delivery. Details of how we use cookies can be found in our Cookie Policy.

15. EU representative

We process the personal data of individuals in the European Union (EU) and European Economic Area (EEA) in our capacity as either a ‘data controller’ or ‘data processor’. To comply with Article 27 of the EU GDPR, we have appointed Data Rep as our Data Protection Representative in the EU.

If you are based in the EU or EEA and wish to exercise your rights under the EU GDPR, or have a complaint regarding our processing of your data, you may contact us via our Data Rep at any of their 29 locations across the EU/EEA. You can find full contact details and instructions on how to reach them here: EU Representative contact summary.

16. Changes to this policy

We may update this policy at any time to reflect changes in our practices, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

Our customer data is stored and managed by Amazon Web Services (AWS) who provide details of their security policies and procedures here.