Privacy Policy

Dispatch Layer (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who we are

Dispatch Layer is an AI-powered helpdesk triage and dispatch platform. For questions about this policy, contact us at info@dispatchlayer.co.uk.

2. Data we collect

We collect personal data in two contexts:

a) Marketing enquiries (this website)

• Name, work email address, company name, and team size — when you submit the contact / demo request form
• IP address and browser metadata — collected automatically by our hosting provider (Netlify) for security and analytics purposes

b) Dispatch Layer platform (customer instances)

• Email content — inbound emails from your shared mailbox are read and processed by our AI triage pipeline
• User account data — name, email address, and role for staff members who log in to the platform
• Ticket and audit data — all actions taken within the platform are recorded in an append-only audit log

3. How we use your data

• To respond to demo requests and sales enquiries
• To provision and operate your Dispatch Layer instance
• To send transactional emails (account setup, billing confirmations)
• To process payments securely via Stripe (we never store card details)
• To improve the platform and diagnose issues

We do not sell your data to third parties. We do not use your data for advertising.

4. Legal basis for processing

• Legitimate interests — responding to enquiries and operating the platform
• Contract performance — providing the service you have subscribed to
• Legal obligation — maintaining records required by law

5. Third-party processors

We use the following sub-processors to deliver our service. Each is bound by a Data Processing Agreement and complies with UK GDPR:

• Netlify — hosting and serverless functions (USA, SCCs in place)
• Neon — serverless PostgreSQL database (EU region)
• OpenAI — AI triage (GPT-4o) (USA, SCCs in place)
• Microsoft Azure — Graph API for mailbox access
• Stripe — payment processing (EU data residency)
• Resend — transactional email delivery

6. Data retention

• Marketing enquiry data is retained for 12 months or until you ask us to delete it
• Platform data is retained for the duration of your subscription plus 90 days, after which it is permanently deleted
• Audit log entries are retained for 7 years for compliance purposes

7. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion (“right to be forgotten”)
• Object to or restrict processing
• Data portability
• Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, email info@dispatchlayer.co.uk. We will respond within 30 days.

8. Cookies

This website uses only essential cookies required for authentication (session management). We do not use advertising or tracking cookies. No cookie consent banner is required under UK PECR for strictly necessary cookies.

9. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Mailbox credentials are stored encrypted using AES-256-GCM. Access to production systems is restricted to authorised personnel only.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active customers by email. The “last updated” date at the top of this page reflects the most recent revision.