Dobeu wordmark

Privacy Policy

Last updated: June 20, 2026.

Dobeu Tech Solutions LLC (“Dobeu”, “we”, “us”, or “our”) operates dobeu.net, the Dobeu client portal, and related services. This Privacy Policy describes what personal data we collect, why we collect it, how we use and share it, and the rights you have over it.

This policy applies to all users of dobeu.net, prospective clients, and current or former clients who have access to the client portal.

1. Data we collect

Information you provide directly

Contact information — name, email address, company name, phone number, and message content submitted via contact or lead-capture forms.

Account credentials — email and hashed password or OAuth token used to authenticate with the client portal.

Project information — briefs, requirements, files, and communications shared in the context of an engagement.

Billing information — invoice acknowledgement and payment intent status. Full card data is collected and processed by Stripe and never transmitted to or stored on Dobeu servers.

Information we collect automatically

Usage data — pages visited, buttons clicked, scroll depth, session duration, and referrer URL. Collected via PostHog, Mixpanel, and Google Analytics 4 only after you accept the cookie banner.

Device and browser data — browser type, operating system, device type, screen resolution, and IP address (anonymised where technically possible).

Log data — server request logs retained by Vercel for up to 30 days for security and debugging.

Authentication session — Supabase session tokens stored in httpOnly cookies for the duration of your logged-in session.

2. Legal basis for processing (GDPR)

If you are in the European Economic Area, UK, or Switzerland, we process your data under the following legal bases:

  • Contract — processing necessary to deliver our services to you (Art. 6(1)(b) GDPR).

  • Consent — analytics, support chat, and marketing communications, which you opt into via the cookie banner or form checkboxes (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

  • Legitimate interests — security monitoring, fraud prevention, and improving our services, where these interests are not overridden by your rights (Art. 6(1)(f) GDPR).

  • Legal obligation — compliance with applicable tax, accounting, and regulatory requirements (Art. 6(1)(c) GDPR).

3. How we use your data

  • Respond to your inquiry and deliver agreed work.

  • Create and manage your client portal account.

  • Issue invoices and process payments via Stripe.

  • Send transactional emails (booking confirmations, invoice receipts, project status updates) via Resend.

  • Send marketing emails and follow-up sequences via Customer.io, only if you have opted in.

  • Send SMS messages for project updates or appointment reminders, only if you have opted in per our SMS Opt-In Policy.

  • Analyse site usage to improve performance and user experience, only with analytics consent.

  • Detect, prevent, and respond to fraud, abuse, or security incidents.

We do not sell personal data. We do not run third-party advertising tags or retargeting pixels.

4. Data sharing and processors

We share personal data only with the third-party processors listed below, each bound by a Data Processing Agreement or equivalent contractual protections. We do not share data with any other third parties without your explicit consent.

Processors: Vercel — hosting, edge network, and log storage; Supabase — database and authentication; Stripe — payment processing; Resend — transactional email; Customer.io — marketing email sequences (opt-in only); PostHog, Mixpanel, and Google Analytics 4 — analytics (opt-in only); Apollo.io — CRM and lead management; Intercom — customer support chat (opt-in only); Calendly — booking and scheduling; Typeform — lead capture forms; Datadog — observability and error monitoring (opt-in only). Data locations include the US, EU, and global CDNs depending on processor.

5. International data transfers

We are based in the United States. If you are located in the EEA, UK, or Switzerland, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner’s Office (ICO) for such transfers, as implemented in the data processing agreements with each of our processors above.

6. Data retention

  • Client project data — retained for 3 years after project completion for warranty and dispute-resolution purposes, then deleted or anonymised.

  • Billing records — retained for 7 years to comply with US tax and accounting obligations.

  • Analytics data — retained for 12 months, then automatically purged by the respective platform.

  • Lead / contact form submissions — retained for 2 years or until you request deletion.

  • Authentication session cookies — expire after 7 days of inactivity.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.

  • Correction — request correction of inaccurate or incomplete data.

  • Deletion — request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.

  • Portability — receive your data in a machine-readable format.

  • Objection / restriction — object to or restrict certain processing activities.

  • Withdraw consent — withdraw any consent you have given at any time without affecting the lawfulness of prior processing.

  • Opt out of marketing — see our Marketing opt-out page or click “unsubscribe” in any email we send.

  • Opt out of SMS — reply STOP to any text message or see our SMS Opt-In Policy.

  • Manage cookies — see our Cookie Policy or click “Cookie preferences” in the footer.

To exercise any of these rights, email jeremyw@dobeu.net with the subject “Data Request — [your right]”. We will respond within 30 days. California residents may also submit requests under the CCPA/CPRA using the same email address.

8. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

  • Right to know — categories and specific pieces of personal information we have collected about you in the past 12 months.

  • Right to delete — deletion of personal information we collected from you, subject to certain exceptions.

  • Right to correct — correction of inaccurate personal information.

  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising.

  • Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA beyond what is necessary for the services.

  • Non-discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA request, email jeremyw@dobeu.net with “CCPA Request” in the subject line.

9. Security

We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, httpOnly session cookies, Vercel Skew Protection, Content Security Policy headers, and access controls. However, no system is completely secure. We will notify affected users in accordance with applicable law in the event of a data breach.

10. Children’s privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately at jeremyw@dobeu.net.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users and via a notice on this page at least 14 days before taking effect.

12. Contact and supervisory authority

Dobeu Tech Solutions LLC · New York, NY · jeremyw@dobeu.net

If you are in the EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

Privacy Policy

Last updated: June 20, 2026.

Dobeu Tech Solutions LLC (“Dobeu”, “we”, “us”, or “our”) operates dobeu.net, the Dobeu client portal, and related services. This Privacy Policy describes what personal data we collect, why we collect it, how we use and share it, and the rights you have over it.

This policy applies to all users of dobeu.net, prospective clients, and current or former clients who have access to the client portal.

1. Data we collect

Information you provide directly

Contact information — name, email address, company name, phone number, and message content submitted via contact or lead-capture forms.

Account credentials — email and hashed password or OAuth token used to authenticate with the client portal.

Project information — briefs, requirements, files, and communications shared in the context of an engagement.

Billing information — invoice acknowledgement and payment intent status. Full card data is collected and processed by Stripe and never transmitted to or stored on Dobeu servers.

Information we collect automatically

Usage data — pages visited, buttons clicked, scroll depth, session duration, and referrer URL. Collected via PostHog, Mixpanel, and Google Analytics 4 only after you accept the cookie banner.

Device and browser data — browser type, operating system, device type, screen resolution, and IP address (anonymised where technically possible).

Log data — server request logs retained by Vercel for up to 30 days for security and debugging.

Authentication session — Supabase session tokens stored in httpOnly cookies for the duration of your logged-in session.

2. Legal basis for processing (GDPR)

If you are in the European Economic Area, UK, or Switzerland, we process your data under the following legal bases:

  • Contract — processing necessary to deliver our services to you (Art. 6(1)(b) GDPR).

  • Consent — analytics, support chat, and marketing communications, which you opt into via the cookie banner or form checkboxes (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

  • Legitimate interests — security monitoring, fraud prevention, and improving our services, where these interests are not overridden by your rights (Art. 6(1)(f) GDPR).

  • Legal obligation — compliance with applicable tax, accounting, and regulatory requirements (Art. 6(1)(c) GDPR).

3. How we use your data

  • Respond to your inquiry and deliver agreed work.

  • Create and manage your client portal account.

  • Issue invoices and process payments via Stripe.

  • Send transactional emails (booking confirmations, invoice receipts, project status updates) via Resend.

  • Send marketing emails and follow-up sequences via Customer.io, only if you have opted in.

  • Send SMS messages for project updates or appointment reminders, only if you have opted in per our SMS Opt-In Policy.

  • Analyse site usage to improve performance and user experience, only with analytics consent.

  • Detect, prevent, and respond to fraud, abuse, or security incidents.

We do not sell personal data. We do not run third-party advertising tags or retargeting pixels.

4. Data sharing and processors

We share personal data only with the third-party processors listed below, each bound by a Data Processing Agreement or equivalent contractual protections. We do not share data with any other third parties without your explicit consent.

Processors: Vercel — hosting, edge network, and log storage; Supabase — database and authentication; Stripe — payment processing; Resend — transactional email; Customer.io — marketing email sequences (opt-in only); PostHog, Mixpanel, and Google Analytics 4 — analytics (opt-in only); Apollo.io — CRM and lead management; Intercom — customer support chat (opt-in only); Calendly — booking and scheduling; Typeform — lead capture forms; Datadog — observability and error monitoring (opt-in only). Data locations include the US, EU, and global CDNs depending on processor.

5. International data transfers

We are based in the United States. If you are located in the EEA, UK, or Switzerland, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner’s Office (ICO) for such transfers, as implemented in the data processing agreements with each of our processors above.

6. Data retention

  • Client project data — retained for 3 years after project completion for warranty and dispute-resolution purposes, then deleted or anonymised.

  • Billing records — retained for 7 years to comply with US tax and accounting obligations.

  • Analytics data — retained for 12 months, then automatically purged by the respective platform.

  • Lead / contact form submissions — retained for 2 years or until you request deletion.

  • Authentication session cookies — expire after 7 days of inactivity.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.

  • Correction — request correction of inaccurate or incomplete data.

  • Deletion — request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.

  • Portability — receive your data in a machine-readable format.

  • Objection / restriction — object to or restrict certain processing activities.

  • Withdraw consent — withdraw any consent you have given at any time without affecting the lawfulness of prior processing.

  • Opt out of marketing — see our Marketing opt-out page or click “unsubscribe” in any email we send.

  • Opt out of SMS — reply STOP to any text message or see our SMS Opt-In Policy.

  • Manage cookies — see our Cookie Policy or click “Cookie preferences” in the footer.

To exercise any of these rights, email jeremyw@dobeu.net with the subject “Data Request — [your right]”. We will respond within 30 days. California residents may also submit requests under the CCPA/CPRA using the same email address.

8. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

  • Right to know — categories and specific pieces of personal information we have collected about you in the past 12 months.

  • Right to delete — deletion of personal information we collected from you, subject to certain exceptions.

  • Right to correct — correction of inaccurate personal information.

  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising.

  • Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA beyond what is necessary for the services.

  • Non-discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA request, email jeremyw@dobeu.net with “CCPA Request” in the subject line.

9. Security

We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, httpOnly session cookies, Vercel Skew Protection, Content Security Policy headers, and access controls. However, no system is completely secure. We will notify affected users in accordance with applicable law in the event of a data breach.

10. Children’s privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately at jeremyw@dobeu.net.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users and via a notice on this page at least 14 days before taking effect.

12. Contact and supervisory authority

Dobeu Tech Solutions LLC · New York, NY · jeremyw@dobeu.net

If you are in the EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.