Privacy Policy | Dodman Group

1. Introduction

Dodman Group ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our websites, applications, and services (collectively, the "Services").

This policy applies to Dodman Group and all subsidiary and affiliated websites and platforms operated under the Dodman Group umbrella, including Dodman AI and Dodman Digital. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Dodman Group is a technology and SaaS company providing software and digital services to businesses and individuals worldwide. Our subsidiaries include Dodman AI and Dodman Digital. For purposes of applicable data protection law, Dodman Group is the data controller of your personal information.

Registered address [TO BE CONFIRMED — Estonia e-residency registration in progress]

Contact email privacy@dodman.group

Data Protection Officer [TO BE APPOINTED — Contact privacy@dodman.group in the interim]

3. Scope of This Policy

This Privacy Policy applies to all individuals who interact with Dodman Group and its subsidiary websites, including:

›Visitors to our websites and web applications
›Registered users and subscribers of our SaaS platforms
›Business customers and their end users
›Prospective customers and partners

Our subsidiary websites and platforms may display their own privacy notices that supplement this policy with service-specific details. Where a conflict exists, the more specific subsidiary notice shall take precedence for that platform.

4. Information We Collect

4.1 Information You Provide Directly

›Identity data: Full name, username, or similar identifiers
›Contact data: Email address, telephone number, postal address
›Account credentials: Password (stored in hashed/encrypted form)
›Payment and billing information: Credit/debit card details, billing address (processed via third-party payment processors; we do not store full card numbers)
›User-generated content: Any content, files, comments, or data you upload or create within our Services
›Communications: Messages, support requests, survey responses, and feedback you send to us

4.2 Information Collected Automatically

›Usage data: Pages visited, features used, time spent, clicks, and navigation paths
›Device and technical data: IP address, browser type and version, operating system, device identifiers
›Cookie and tracking data: Cookies, web beacons, pixels, and similar tracking technologies (see Section 9)
›Log data: Server logs, error reports, and performance data

4.3 Information From Third Parties

›Authentication providers: If you sign in via Google, Microsoft, or other OAuth providers
›Payment processors: Transaction confirmation data from payment gateways
›Analytics partners: Aggregated or pseudonymised user behaviour data
›Publicly available sources: Information lawfully available in the public domain

5. How We Use Your Information

We use your personal data for the following purposes and on the legal bases stated below:

›

Provide and maintain our Services — necessary for the performance of a contract

›

Process payments and manage billing — necessary for the performance of a contract

›

Manage your account and authenticate your identity — necessary for the performance of a contract

›

Provide customer support and respond to enquiries — legitimate interests and/or contractual necessity

›

Send transactional communications — contractual necessity

›

Send marketing communications (where opted in) — consent (you may withdraw at any time)

›

Improve, personalise, and develop our Services — legitimate interests

›

Detect, prevent, and address fraud and security incidents — legitimate interests and legal obligation

›

Comply with legal obligations and enforce our Terms — legal obligation

6. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under one or more of the following legal bases under the General Data Protection Regulation (GDPR) and UK GDPR:

›Contract performance: Processing necessary to deliver the Services you have requested
›Legitimate interests: Processing necessary for our legitimate business interests, provided these are not overridden by your rights
›Legal obligation: Processing required to comply with applicable laws and regulations
›Consent: Where we have obtained your explicit consent — you may withdraw consent at any time without affecting prior processing

7. Data Sharing and Disclosure

We do not sell your personal data.

7.1 Service Providers

Third-party companies that assist us in operating our Services, including cloud hosting providers, payment processors, analytics platforms, email delivery services, and customer support tools. These providers are contractually bound to process data only on our instructions and to maintain appropriate security measures.

7.2 Subsidiary and Affiliated Entities

Dodman Group subsidiaries and affiliated entities, for the purpose of providing integrated services and internal administration, subject to this Privacy Policy.

7.3 Legal and Regulatory Disclosures

Competent regulatory authorities, law enforcement agencies, or courts where we are required by law, court order, or legal process to disclose your data, or where disclosure is necessary to protect our legal rights or the safety of any person.

7.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change as required by applicable law.

8. International Data Transfers

Dodman Group operates globally. Your personal data may be transferred to, and processed in, countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

Where we transfer personal data from the EEA, UK, or other regulated jurisdictions, we implement appropriate safeguards, which may include:

›Standard Contractual Clauses approved by the European Commission or UK ICO
›Adequacy decisions by relevant data protection authorities
›Binding Corporate Rules where applicable

For users in Kenya, data processing is conducted in accordance with the Kenya Data Protection Act, 2019. You may contact us at privacy@dodman.group to obtain information about the safeguards we have put in place for international transfers.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience and understand how our Services are used. The types of cookies we use include:

›Strictly necessary cookies: Required for the core functionality of the Services; cannot be disabled
›Performance and analytics cookies: Help us understand how users interact with our Services (e.g. Google Analytics)
›Functional cookies: Remember your preferences and settings
›Marketing and targeting cookies: Used to deliver relevant advertising and track campaign effectiveness (only where consent has been obtained)

You can manage cookie preferences through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our Services.

Full Cookie List

The cookie policy below is automatically maintained and updated by our cookie management platform (CookieYes) and reflects all cookies currently in use across our Services.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The criteria we use to determine retention periods include:

›The nature and sensitivity of the personal data
›The potential risk of harm from unauthorised use or disclosure
›The purposes for which we process the data and whether those purposes can be achieved by other means
›Applicable legal, regulatory, tax, or accounting requirements

Account data is generally retained for the duration of your account and for a period of up to five (5) years following termination or closure, unless a longer period is required by law. Payment records may be retained for up to seven (7) years for tax and audit purposes.

11. Your Rights

Depending on your location, you may have the following rights in respect of your personal data:

Right of accessRequest a copy of the personal data we hold about you

Right to rectificationRequest correction of inaccurate or incomplete data

Right to erasureRequest deletion of your personal data in certain circumstances

Right to restrictionRequest that we limit the processing of your data

Right to data portabilityReceive your data in a structured, machine-readable format

Right to objectObject to processing based on legitimate interests or for direct marketing

Right to withdraw consentWithdraw consent at any time without affecting prior lawful processing

Right to complainLodge a complaint with your local data protection authority

For users in Kenya, rights are established under the Kenya Data Protection Act, 2019 and are exercisable through the Office of the Data Protection Commissioner.

To exercise any of these rights, please contact us at privacy@dodman.group. We will respond within thirty (30) days, or such shorter period as may be required by applicable law.

12. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

›Encryption of data in transit using Transport Layer Security (TLS)
›Encryption of sensitive data at rest
›Access controls and authentication requirements for staff
›Regular security assessments and penetration testing
›Incident response and breach notification procedures

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

13. Children's Privacy

Our Services are not directed to children under the age of sixteen (16). We do not knowingly collect personal data from children under this age. If you become aware that a child has provided us with personal data without parental consent, please contact us at privacy@dodman.group and we will take steps to delete such data promptly.

14. Third-Party Links

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

›Posting the updated policy on our websites with a new effective date
›Sending you an email notification (where required or appropriate)
›Displaying a prominent notice within the Service

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Dodman Group — Privacy Team

Privacy enquiries privacy@dodman.group

Address [TO BE CONFIRMED — Estonia e-residency registration in progress]

For GDPR-related enquiries, you may also contact our EU/UK representative (if appointed):

[TO BE APPOINTED — EU/UK representative appointment pending company registration. Contact legal@dodman.group in the interim.]

For Kenya Data Protection Act enquiries, you may contact the Office of the Data Protection Commissioner:

www.odpc.go.ke