Privacy Policy

DbsDue is a software service operated by DbsDue Ltd, a company registered in England and Wales. We are the data controller for personal data about our account holders and the data processor for personal data about the staff members our customers track in the app.

• Account data: your name, work email, business name, and password hash.
• Staff records you add: full name, role, DBS certificate number, issue date and renewal date.
• Billing data: card details are handled by Stripe — we never see or store them.
• Usage data: pages visited, browser type, and basic analytics so we can fix bugs and improve the product.

We use your data only to provide the renewal tracking service: sending you reminder emails, producing compliance reports, processing payments, and offering customer support. We do not sell data, and we do not use staff records for any purpose other than running the service you asked for.

All data is stored on UK and EU servers. Sub-processors include Supabase (database hosting), Cloudflare (delivery), Stripe (payments) and Resend (email). Each has their own published security and privacy standards.

Staff records are retained for as long as your account is active. If you delete a record it is permanently removed within 30 days. If you close your account, we delete all your data within 90 days, except where we are legally required to keep limited billing records.

You have the right to access, correct, export or delete your personal data, and to lodge a complaint with the Information Commissioner's Office (ICO). Email privacy@dbsdue.co.uk and we'll respond within 30 days.

We use a small number of essential cookies to keep you signed in. We do not use advertising cookies or third-party tracking pixels.