Privacy Policy
Last updated: 2026-05-04 — draft, not legal advice.
1. Data We Collect
We collect the following information when you use Dilappa:
- Account information: name, email address, and password (stored hashed).
- Organisation data: organisation name, workspace slug, and role assignments.
- Usage data: pages visited, actions taken, and timestamps of activity within the Service.
- Case data: dilapidations case records, schedules, evidence files, and notes you upload.
2. How We Use Your Data
We use collected data to:
- Provide, operate, and improve the Service.
- Authenticate users and enforce access controls.
- Send transactional communications (e.g. email confirmation, password reset).
- Diagnose technical issues and ensure service reliability.
3. Third-Party Services
We use the following third-party services to operate Dilappa:
- Supabase: authentication, database, and file storage. Data is stored in Supabase-managed infrastructure.
- Hosting provider: [hosting provider — placeholder]. Application code and assets are served from their infrastructure.
These providers are bound by their own privacy policies and data processing agreements.
4. Cookies
Dilappa uses session cookies to maintain your authenticated state. No third-party tracking or advertising cookies are used. You can disable cookies in your browser, but this will prevent you from signing in.
5. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Object to or restrict certain processing activities.
To exercise these rights, contact us at the email below.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, personal data is removed within 30 days except where retention is required by law.
7. Contact
For privacy enquiries or to exercise your rights, contact us at: [privacy@dilappa.com — placeholder].