Privacy and GDPR

Privacy PolicyOur GDPR commitmentData Processing AgreementData Subject Access RequestData subprocessorsNew SCCs & the GDPRCalifornia Consumer Privacy ActAustralian Privacy Act
More articles
Help homeLegal and privacyPrivacy and GDPR

Privacy Policy

Your privacy is important to us. This Privacy Policy applies to services provided by Dovetail Research Pty. Ltd. (“we”, “us”, or “Company”) and our website, product pages, mobile or web applications, or other digital products that link to or reference this Policy (collectively, the “Services”) and explains what information we collect from users of our Services (a “user”, “you”, or “your”), including information that may be used to personally identify you (“Personal Information”) and how we use it. We encourage you to read the details below. This Policy applies to any visitor to or user of our Services. Any capitalized terms not herein defined shall have the meaning set forth in our Master Subscription Agreement.

We reserve the right to change this Privacy Policy at any time. We will notify you of any changes to this Privacy Policy by posting a new Privacy Policy to this page, and/or by sending notice to the primary email address specified in your account. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of your Personal Information is subject to the updated Privacy Policy.

Please read this Privacy Policy carefully. By providing Personal Information to us, you consent to our collection, holding, use and disclosure of your Personal Information in accordance with this Privacy Policy. Please contact us if you have questions, our contact details are at the end of this Privacy Policy. If you do not wish to provide Personal Information to us, then you do not have to do so, however this may limit your ability to use or access the Services.

1. How this Privacy Policy works

The Privacy Policy applies to your information when you visit our website or otherwise use the Services. As an Australian business, this Privacy Policy takes into account the requirements of the Australian Privacy Act and the Australian Privacy Principles, as well as other applicable privacy laws.

This Privacy Policy does not apply to websites, apps, products, or services that we do not own or control, including the websites, apps, products, and/or services of our Customers. This means that this Policy does not explain what our Customers do with your information that we provide to them (or any information they collect directly from you, their Authorized User. Information provided by or to third parties, such as our Customers, are controlled by their respective privacy policies, which we encourage you to review for more information about their practices.

2. What information we collect

As a user of the Services, you may provide information to us. This includes:

  • profile information like your name, email address, and profile photo (“Account Information”);

  • content you provide through the Services, for instance projects, notes, tags, files;

  • content, files, or other media that you import to the Services, through our integrations such as Google Drive, Zoom, or Zapier;

  • when you subscribe to our paid services, your billing details including your address;

  • details of services we have provided to you or that you have enquired about;

  • your responses to questionnaires, surveys, or requests for feedback; and

  • additional Personal Information that you provide to us directly or indirectly through your use of our Services, associated social media platforms or accounts from which you permit us to collect information.

We log certain information (“Technical Information”) about your access and use of our Services. This includes:

  • Device data: including, but not limited to, the type of device you use, data on device advertising ID’s and similar hardware qualifiers, the browser you use, your operating system, and approximate geographic location data.

  • Usage data: including, but not limited to, search terms entered, pages viewed, and other usage behavior identified by analytics events.

  • Network and internet information: including, but not limited to, URLs, and Internet Protocol addresses.

  • Information we collect on the use of the Services via cookies and other tracking technologies: please see the “How Do We Use Tracking Technologies” section below for more information.

If you are using our services as a Customer, we may process Customer Data in the course of our business relationship with you, which may include Account Information of you or your representatives, as well as any Personal Information provided to us by you or your Authorized Users in connection with the Services. Any Customer Data is controlled by the respective privacy policy of the Customer. For Authorized Users, we encourage you to review the privacy policies and/or notices of the Customer for more information about their privacy practices.

3. How we use information we collect

We collect and use your information:

  • to enable you to access and use our Services;

  • to enable you to add Customer Data via the Services;

  • to improve our Services through research and development;

  • to otherwise deliver and improve the Service and your overall user experience;

  • to process your payments where you have signed up to a paid service;

  • to contact and communicate with you;

  • to prevent and address technical problems;

  • to analyze how you use the Services with tools such as Google Analytics and other tools;

  • to help us understand traffic patterns and know if there are problems with the Services;

  • to provide you with support services if requested;

  • for internal record keeping;

  • for advertising and marketing, including to send you information about our products and services;

  • in connection with a merger, acquisition, reorganization or similar transaction

  • when required by law or to respond to legal process;

  • to protect our users, other individual lives, and/or the rights or property of Company;

  • to maintain the security of the Services; and

  • for any other purpose with your consent.

4. How we share information we collect

Dovetail is collaborative cloud product built for teams. This means sharing information with others through the Services, and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties. Where we disclose your Personal Information to third parties for the purposes listed below, we will confirm that the third party’s privacy policies and procedures are in accordance with the Australian Privacy Act.

Sharing with other users

Certain information will be shared with other members of your workspace or the Customer administering your workspace. These people are usually colleagues you work with day-to-day, or clients you have added to your workspace.

The information shared with the administering Customer or other users in your workspace may include:

  • profile information like your name, email address, and profile photo; and

  • content you add to the Services, for example files, notes, projects, and tags.

Sharing with third parties

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may share Personal Information in the following circumstances:

  • With our corporate affiliates and subsidiaries;

  • With third parties that perform services to support our core business functions and internal operations. This includes third parties that store data outside of Australia. For information on our use of third parties, including the geographic location of each subprocessor, see our list of Data subprocessors;

  • With third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia;

  • To support our audit, compliance, and corporate governance functions;

  • In connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);

  • With credit reporting agencies and courts, tribunals and regulatory authorities where you fail to pay for goods or services provided to you;

  • If we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect or protect against fraud or security issues;

  • If otherwise required or permitted by applicable law or regulation, including laws and regulations of the Australia and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever we may do business; (b) protect and defend our rights or property; (c) act in urgent circumstances to protect the personal safety of our users, customers, and contractors/employees; or (d) enforce our legal terms or otherwise protect against any legal liability; and

  • With your consent or at your direction.

5. How we use tracking technologies

Some of the features on the Services may require the use of “cookies” – small text files that are stored on your device. You may delete and block all cookies from our Services, but parts of the Services may not work. We want to be open about our cookie use. The following sets out how we may use different categories of cookies and your options for managing cookie settings:

Required cookies

Required cookies enable you to navigate the Services and use their features, such as accessing secure areas of the Services. If you have chosen to identify yourself to us, we use cookies containing encrypted information to allow us to uniquely identify you. These cookies allow us to uniquely identify you when you are logged into the Services and to process your online transactions and requests.

Managing settings: Because required cookies are essential to operate the Services, there is no option to opt out of these cookies.

Performance cookies

These cookies collect information about how you use our Services, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identify you. Information is only used to improve how the Services functions and performs. From time-to-time, we may engage third parties to track and analyze usage and volume statistical information relating to individuals who visit the Services.

Managing settings: To learn how to opt out of performance cookies using your browser settings visit

Functionality cookies

Functionality cookies allow our Services to remember information you have entered or choices you make and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects to store your preferences or display content based upon what you view on the Services to personalize your visit.

Managing settings: To learn how to opt out of performance cookies using your browser settings visit

Analytics cookies

When you visit our website, our third party analytics services providers may use cookies and other tracking technologies to collect and store data Technical Information to be used for the purposes outlined in this Privacy Policy.

Targeting or advertising cookies

From time-to-time, we may engage third parties to track and analyze usage and volume statistical information from individuals who visit the Services. We sometimes use cookies delivered by third parties to track the performance of our advertisements. By way of example, as you browse the Services, advertising cookies may be placed on your computer so that we can understand what you are interested in. Our advertising partners then enable us to present you with retargeted advertising on other Services based on your previous interaction with the Services.

To learn more about these and other advertising networks and their opt out instructions, visit

  • Facebook Pixel and Remarketing Service: We use Facebook and their partner networks, such as Instagram, to market ourselves using the Facebook pixel that collects data about behavior and purchases on our website and to measure the effect of our advertising. This tracking is used to evaluate and measure how different campaigns and marketing strategies perform on Facebook & Instagram. By sharing this data with Facebook, we can, for example, offer personalized advertising content and adjust the frequency of advertising you see from us. Facebook’s use of information collected is set forth in its Privacy Policy

    If you are a Facebook user, you can control whether ads based on your behavior should appear on Facebook and other websites that use Facebook's advertising services in Facebook's advertising settings.

  • LinkedIn Insight Tag: The LinkedIn Insight Tag is a piece of lightweight JavaScript code that we have added to our websites to enable in-depth campaign reporting and to help us unlock valuable insights about our website visitors. We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn adverts. We may use LinkedIn to measure, optimize and build audiences for advertising campaigns served on LinkedIn. Here you will find LinkedIn’s privacy policy. If you are a LinkedIn user, you may opt-out of cookie tracking through your user controls.

6. Managing your information

All users may review, update, correct or delete the Personal Information furnished by a user in their user account by contacting us at or by accessing your user account. For your protection, we may only share and update the Personal Information associated with the specific email address that you use to send us your request, and we may need to verify your identity before doing so. We will try to comply with such requests in a reasonably timely manner. If you wish to remove your user account, you may do so through your account page, and any personally identifiable information associated with your account will be deleted as soon as is reasonably practical or as required by applicable law. Please note that we may retain information that is otherwise deleted in anonymized and aggregated form, in archived or backup copies as required pursuant to records retention obligations, or otherwise as required by law. We may retain an archived copy of your records as required by law or for legitimate business purposes.

We may use some of the information we collect for marketing purposes, including to send you promotional communications about new Company features, products, events, or other opportunities. If you wish to stop receiving these communications or to opt out of use of your information for these purposes, please follow the opt-out instructions, such as clicking "Unsubscribe" (or similar opt-out language) in those communications. You can also contact us at to opt out. Despite your indicated email preferences, we may send you service related communications, including notices of any updates to our terms of service or privacy policy.

7. Data storage, transfer, and security

Dovetail hosts data with hosting service providers in numerous countries including the United States and Australia. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

We shall endeavor to ensure that the information you provide is secure. We have in place physical, electronic and managerial procedures to safeguard and secure the information and protect it from misuse, interference, loss and unauthorized access, modification and disclosure. These measures are described in detail at

However, no information transmitted over the Internet can be guaranteed to be secure. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorized disclosures of information, we cannot assure you that Personal Information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

8. How we respond to do-not-track signals

Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. We do not alter our practices when we receive a Do Not Track signal from a visitor’s browser because we do not track our visitors to provide targeted advertising. To find out more about Do Not Track, please visit

9. Children under 16

The Services are not directed to individuals who are under the age of sixteen (16) and we do not solicit nor knowingly collect Personal Information from children under the age of sixteen (16). If you believe that we have unknowingly collected any Personal Information from someone under the age of sixteen (16), please contact us immediately at and the information will be deleted.

Our Services may contain links to other websites of interest. We do not have any control over those websites. We are not responsible for or liable for the protection and privacy of any information which you provide whilst visiting such websites, and such websites are not governed by this Privacy Policy.

11. Contact us

If you have any questions about this Policy, your Personal Information, or the Services, you can contact

If you wish to complain about how we’ve handled your Personal Information, you can contact If you’re not satisfied, you can contact the Office of the Australian Information Commissioner and lodge a complaint. The contact details of the OAIC are made available on their website.

Appendix 1

12. Additional rights for European residents

The laws of certain jurisdictions may provide data subjects with various rights in connection with the processing of Personal Information, including:

  1. The right to withdraw any previously provided consent;

  2. The right to access certain information about you that we process;

  3. The right to have us correct or update any personal information;

  4. The right to have certain personal information erased;

  5. The right to have us temporarily block our processing of certain personal information;

  6. The right to have personal information exported into common machine-readable format;

  7. The right to object to our processing of personal information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and

  8. The right to lodge a complaint with the appropriate data protection authority.

Where we are deemed a data controller under the laws of certain jurisdictions, we will take steps to help ensure that you are able to exercise your rights regarding Personal Information about you in accordance with applicable law. To do so, you may contact us at Please note these rights may be limited in certain circumstances as provided by applicable law. We will promptly review all such requests in accordance with applicable laws. Depending on where you live, you may also have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at, so we have an opportunity to address your concerns directly before you do so.

Under the laws of certain jurisdictions, when processing personal data of Authorized Users in connection with the provision of Services to our Customers, we may be deemed a ‘data processor’ while our Customers are deemed ‘data controllers’. Where we are deemed a data processor, Authorized Users should contact our Customer, the data controller, to pursue any such legal data subject rights. We will reasonably cooperate with our Customers to support and comply with any such data subject rights requests

Where we are deemed a data controller under applicable privacy laws of the European Economic Area (EEA) and if you are an individual in EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases may depend on the Services you use and how you use them, such as the following:

  • we need your information to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;

  • our collection and use of your information satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;

  • you give us consent to collect and/or use your information for a specific purpose; or

  • we need to process your information to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

Under the laws of certain jurisdictions, when processing personal data of Authorized Users in connection with the provision of Services to our Customers, we may be deemed a ‘data processor’ while our Customers are deemed ‘data controllers’. Where we are deemed a data processor, we rely on our Customer, the data controller, to ascertain they have legitimate bases to authorize our processing of Customer Data. Authorized Users should contact our Customer, the data controller, to withdraw consent, object to processing, or pursue any legal data subject rights.

Where we are using your information because we or a Customer (e.g. your employer) have a legitimate interest to do so, and you object to such use, then, in some cases, this may mean no longer being able to access or use the Services.

14. Data retention

We will retain your Personal Data for as long as your account is in existence or otherwise as necessary to provide you the Services. You can review more information in our Data retention documentation.

Was this article useful?


Kai Forsyth

Revenue Operations Lead

Article info

Last updated 28 October 2021
19 min read

Get help

Can’t find what you’re looking for? Search through our articles or contact our support team and get a response within 24 hours.

Get help
Get started, free forever

Start free
A few of our customers

See more customers →