Privacy Policy

Doo (“we”, “us”, “our”) is committed to protecting the privacy of individuals who visit our website or use our services. This Privacy Policy describes how we collect, use, share, and protect Personal Information in connection with services accessed via https://doo.software (the “Service”).

This Policy applies to two classes of users:

  • Visitors — people who browse our public site, contact us, or obtain information.
  • Customers / Users — entities and authorized users who register for and use the Service.

For avoidance of doubt: If you are an employee of a company using Doo, your primary data is controlled by your employer (“Client”) — we act as a processor. Your employer’s privacy policy and instructions govern how your data is handled in relation to Doo.

1. Privacy Principles

  • We collect only what is necessary to deliver and improve Doo.
  • We use it only for specified purposes unless you consent otherwise.
  • We do not retain your Personal Information longer than needed.
  • We don’t share your Personal Information with third parties except as noted below or with your consent.

2. Visitors

Doo processes Personal Data under one or more lawful bases depending on context:

Purpose of Processing Data Categories Lawful Basis
Account creation and user authentication Name, email, password hash Contractual necessity
Payroll and HR integrations (SimplePay / PaySpace) Employee identifiers, payroll references Contractual necessity
Product analytics & improvement (GA4, Hotjar) Usage data, anonymised identifiers Legitimate interest (service improvement)
Marketing communications / newsletters Business contact details Consent (opt-in, withdrawable)

Your Rights

Under POPIA and GDPR you have the right to: access, correct, delete, restrict or object to processing, request data portability, and lodge a complaint with a supervisory authority. Doo will respond to verified requests within 30 days (GDPR: 1 month; POPIA: reasonable time).

Requests can be made to support@doogitaltech.com.

Cookies and Analytics

Doo uses cookies and similar technologies to operate the website, remember preferences, and measure performance. Google Analytics 4 and Hotjar collect aggregated usage information. IP anonymization is enabled and no HR-specific data is tracked. You can manage or withdraw cookie consent at any time via the cookie banner.

Children’s Privacy

Doo is not directed at children under 16 years of age and does not knowingly collect Personal Data from minors.

Policy Review

Doo reviews its privacy and security practices annually and updates this policy as necessary. Last updated: October 2025.

4. Data of Client Employees

A large portion of data in Doo is employee or HR data belonging to our Clients ("Data"). We treat that data strictly under Client instructions. We act as a data processor under applicable data protection laws. For access, correction, or removal requests, those must go through your employer (the Client).

5. Security

We maintain technical, administrative, and physical safeguards to protect your data.

We use encryption (TLS/SSL) for data in transit. No method of digital transport or storage is 100% secure — so we can’t guarantee absolute security.

If you notice suspicious activity, notify us immediately.

6. Communication & Updates

We may send you account-related updates, alerts, or marketing content (if opted in). You cannot unsubscribe from mandatory service communications.

We may update this Privacy Policy. Significant changes will be notified. Continued use after changes indicates acceptance.

7. User Rights / Data Subject Rights

Depending on jurisdiction, you may have rights like:

  • Right to access your personal data
  • Right to correct or update it
  • Right to delete your data (subject to retention & legal obligations)
  • Right to limit or object to certain processing
  • Right to portability

8. Retention

We retain data as long as your account is active, or to fulfill service, legal, or business purposes. When no longer needed, we delete or anonymize (after 120 days).

9. Third-Party Integration & Transfers

We may use third-party services (hosting, analytics, payments). They get limited access under contract.

If data is transferred across borders (e.g. South Africa ↔ EU ↔ USA), we ensure appropriate safeguards (e.g. standard contractual clauses, compliance with GDPR, POPIA, etc.).

10. Governing Law & Disputes

This Privacy Policy is governed by the laws of the Republic of South Africa. Any dispute resolution falls in the courts of Gauteng, Johannesburg. Where applicable, local data protection law also applies.

11. Contact

If you have privacy-related questions or requests, email us at support@doogitaltech.com.

Doogital Tech (PTY) LTD, REG 2014/274203/07
Doo Software / Doo
Gauteng, South Africa