This page explains how DDive collects, uses, stores, and shares personal data across the website, early-access workflows, and the product itself.
This notice applies to the DDive website, waitlist and demo enquiries, and any pilot, beta, or customer account made available by DDive.
If a separate customer agreement or product-specific notice applies to a particular deployment, that document will supplement or replace this page for the relevant processing.
The categories of personal data we use depend on how you interact with DDive and which services your organisation enables.
We use personal data to onboard organisations, connect authorised data sources, process records, generate outputs, maintain audit trails, and support day-to-day use. Our main lawful basis is performance of a contract, or taking steps at your request before entering into one.
We use business contact details to respond to interest in DDive, arrange demos, and manage early-access communications. Our lawful basis is steps at your request and our legitimate interests in operating and growing the business.
We monitor reliability, investigate misuse, prevent fraud, troubleshoot issues, and improve product performance. Our lawful basis is our legitimate interests in keeping DDive secure and effective, and legal obligations where they apply.
We may process personal data to comply with laws, respond to lawful requests, maintain records, and protect DDive's legal position. Our lawful basis is legal obligation and, where relevant, legitimate interests.
DDive uses automated tools to classify transactions, detect anomalies, and generate accounting outputs. These tools are designed to support an organisation's finance operations and to reduce manual processing.
Where human review is appropriate, DDive can surface exceptions or allow authorised users to review and override outputs. DDive does not intend to rely on solely automated decisions about an individual where UK GDPR gives a right to human review.
Some DDive providers may process personal data outside the UK. Where that happens, DDive will use an approved transfer mechanism such as adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses.
DDive keeps personal data only for as long as needed for the purposes described in this notice and then deletes or anonymises it, unless we must keep it longer for legal, security, or record-keeping reasons.
In practice, waitlist and demo information is usually retained for up to 24 months after the last meaningful interaction. Product, audit, and customer records may be retained for the duration of the relationship and for a limited period afterwards where needed for accounting, tax, audit, security, legal, or dispute-resolution purposes.
Depending on the circumstances, you may have the right to ask DDive for access to your personal data, correction of inaccurate data, deletion, restriction, objection to processing based on legitimate interests, and a portable copy of eligible data.
Where DDive relies on consent, you may withdraw that consent at any time. You also have the right to complain to the Information Commissioner's Office in the UK.
If you want to exercise a privacy right or ask a question about this notice, please contact DDive using the current contact route published on this website or in your DDive service communications.
If you are unhappy with how DDive handles personal data, you can raise a concern with the Information Commissioner's Office at ico.org.uk.