Privacy Policy

Last updated: 12 May 2026

This Privacy Notice explains how DAPS ("DAPS", "we", "us", "our") collects, uses, stores, and protects your personal data when you use the DAPS platform, including daps.org.uk, app.daps.org.uk, and any associated mobile applications (collectively, the "Platform").

We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data Controller: DAPS Contact: samuel@daps.org.uk
Website: daps.org.uk

If you have any questions about how we handle your data, you can contact us at the address above. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data in accordance with the law.

2. Data We Collect

We collect personal data in the following ways:

2.1 Data You Provide Directly

  • Account information — your name, email address, and password when you register
  • Profile information — any additional details you choose to add to your profile, such as your school or university
  • Application data — information you enter into the tracker, including job titles, company names, application stages, notes, and deadlines
  • Communications — messages you send to us via email or support channels
  • Payment information — billing details when you subscribe to a paid plan (processed directly by our payment provider; we do not store full card details)

2.2 Data Collected Automatically

When you use the Platform, we automatically collect certain technical data, including:

  • Usage data — pages visited, features used, time spent on the Platform, clicks and interactions
  • Device and browser data — IP address, browser type and version, operating system, and device identifiers
  • Log data — server logs including access times, error reports, and referring URLs
  • Cookies and similar technologies — as described in Section 8 below

2.3 Data from Educators (Educator Connect)

If you are a student whose school or university uses DAPS Educator Connect, your institution may share your name and email address with us to create your account. Your educator will be able to view your application activity and progress within the Platform.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Creating and managing your account — Performance of a contract
  • Providing access to the Platform and its features — Performance of a contract
  • Processing payments and managing subscriptions — Performance of a contract
  • Sending essential service communications (account confirmations, security alerts) — Performance of a contract / Legal obligation
  • Improving and developing the Platform — Legitimate interests
  • Analysing usage patterns and measuring performance — Legitimate interests
  • Sending marketing communications (where you have opted in) — Consent
  • Complying with legal obligations — Legal obligation
  • Protecting the security and integrity of the Platform — Legitimate interests

We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

4. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

4.1 Service Providers

We use trusted third-party providers to help us operate the Platform. These providers process data on our behalf and are contractually bound to handle it in accordance with UK GDPR. They include:

  • Supabase — database hosting and infrastructure (data stored in the EU)
  • Stripe — payment processing
  • Vercel — website and application hosting
  • Google Analytics — usage analytics (anonymised)
  • Resend / email provider — transactional email delivery

4.2 Educators

If you are a student on an Educator Connect plan, your application activity and progress data will be visible to the educators and administrators within your institution's account.

4.3 Legal Requirements

We may disclose your data where required to do so by law, by court order, or by a regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of DAPS, our users, or the public.

4.4 Business Transfers

If DAPS is involved in a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Platform. Specifically:

  • Account data — retained for the duration of your account and deleted within 90 days of account closure
  • Application data — retained as above; you can delete individual entries at any time
  • Payment records — retained for 7 years to comply with financial and tax legislation
  • Log data — retained for up to 12 months
  • Marketing preferences — retained until you withdraw consent

You can request deletion of your account and associated data at any time by contacting us at hello@daps.org.uk.

6. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure — you can ask us to delete your data in certain circumstances
  • Right to restrict processing — you can ask us to limit how we use your data
  • Right to data portability — you can request your data in a structured, machine-readable format
  • Right to object — you can object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@daps.org.uk. We will respond within one calendar month. We may ask you to verify your identity before acting on your request.

If you are unhappy with our response, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.

7. International Data Transfers

Some of our third-party service providers operate outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as UK adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

8. Cookies

We use cookies and similar tracking technologies to operate and improve the Platform. The types of cookies we use include:

  • Strictly necessary — Essential for the Platform to function (e.g. authentication, session management)
  • Analytics — Help us understand how the Platform is used (e.g. Google Analytics)
  • Preferences — Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform. Where required by law, we will ask for your consent before setting non-essential cookies.

9. Security

We take the security of your personal data seriously. Our measures include:

  • Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Encryption at rest — your data is encrypted at rest using AES-256
  • Row-level security — our database enforces row-level security policies so your data is only accessible by your account
  • Access controls — internal access to production data is restricted on a need-to-know basis
  • Regular reviews — we regularly review and update our security practices

No method of transmission or storage is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

10. Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without parental consent. If you believe a child under 13 has provided us with personal data without consent, please contact us and we will take steps to delete that data.

For users aged 13–17, we recommend that parents or guardians review this Privacy Notice. Educational institutions using Educator Connect are responsible for ensuring appropriate consents are obtained for students in their care.

11. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated notice on the Platform and, where appropriate, by email. The "last updated" date at the top of this page will always reflect the most recent version.

Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Notice.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or how we handle your personal data, please contact us:

DAPS
Email: samuel@daps.org.uk
Website: daps.org.uk

We aim to respond to all enquiries within five working days.