Privacy Policy
Last updated: April 2026
DORAiq is a compliance management platform for EU ICT providers. We take data privacy seriously — it would be ironic if we didn't. This policy explains what data we collect, why, and how we protect it.
1. Who We Are (Data Controller)
The data controller for personal data collected through this website is:
- Company: DORAiq
- General contact: contact@doraiq.com
- Privacy contact: privacy@doraiq.com
2. Data We Collect
When you submit the early access form on our website, we collect the following personal data:
- Email address — your work email as entered in the form
- Company name — the name of your organisation
- Form source — an internal tag identifying which page/campaign the form was submitted from (e.g. "google-ads-dora-microtest"), used for internal analytics only
We do not collect payment information, identity documents, or any sensitive personal data at this stage.
3. Purpose and Legal Basis
We process your data for the following purpose:
- Purpose: To add you to our early access waitlist, notify you when the product launches, and understand the demand profile of potential customers.
- Legal basis: Legitimate interest (Article 6(1)(f) GDPR). We have a legitimate interest in contacting individuals who have voluntarily expressed interest in our product. This interest is not overridden by your interests, rights, or freedoms, given the minimal and expected nature of the communication.
If at any time you wish to be removed from the waitlist, simply email privacy@doraiq.com and we will delete your data within 30 days.
4. Third-Party Processors
We use the following third-party service to process form submissions:
- Tally.so — Form collection platform. When you submit our early access form, your data is transmitted to and stored by Tally.so. Tally processes data on EU-accessible infrastructure and operates under its own privacy policy, available at tally.so/help/privacy-policy. Tally acts as a data processor on our behalf.
We do not sell, rent, or share your personal data with any other third parties for their own marketing purposes.
5. Data Retention
We retain your data for as long as necessary to fulfil the purpose described above:
- Waitlist data is retained until the product launches and you have been notified, or until you request deletion — whichever comes first.
- If the product does not launch, waitlist data will be deleted within 12 months of the last activity on the project.
- You may request deletion at any time (see Section 7).
6. Cookies
This website uses only essential cookies — specifically, a single localStorage entry (doraiq_cookies_accepted) to remember that you have acknowledged our cookie notice. This is not a tracking cookie and does not transmit any data to external parties.
We do not currently use analytics cookies, advertising cookies, or third-party tracking scripts. If this changes, we will update this policy and display a new consent notice.
7. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can request correction of inaccurate data.
- Right to erasure — You can request deletion of your data ("right to be forgotten").
- Right to restriction — You can request that we restrict processing of your data.
- Right to object — You can object to processing based on legitimate interest.
- Right to data portability — You can request your data in a portable, machine-readable format.
- Right to withdraw consent — If any processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email privacy@doraiq.com. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority (for example, the APDCAT in Catalonia/Andorra region, or the supervisory authority in your EU member state).
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, or disclosure. Form data is transmitted over HTTPS. We limit access to personal data to those who need it for operational purposes.
9. International Transfers
We aim to keep your data within the European Economic Area (EEA). Our primary form processor, Tally.so, operates within GDPR-compliant jurisdictions. We do not knowingly transfer personal data to third countries without appropriate safeguards.
10. Children's Data
This website is directed at business professionals and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.
Continued use of our website after a policy update constitutes acceptance of the revised policy, to the extent permitted by applicable law.
12. Contact
For any privacy-related questions, requests, or concerns, please contact us at:
- Email: privacy@doraiq.com
- General enquiries: contact@doraiq.com