Privacy Policy
Last updated: May 2026
1. Introduction
Dobble ("we", "our", or "us") operates the Dobble AI sales stack, a CRM, outreach sequences, a shared inbox, and an AI agent, available as a hosted cloud service and as a self-hostable codebase. This Privacy Policy explains how we collect, use, and protect information when you use our website and cloud Service. If you self-host Dobble, you run your own instance and act as the controller of the data in it; this policy then applies primarily to your use of our website, purchases, and support.
2. Information we collect
- Account data: name, email address, organization, and profile details you set when you create or update your account.
- Billing data: purchase and subscription information processed through our payment provider (we do not store full card details).
- Customer Data: the contacts, companies, prospect records, deals, notes, signals, and message content you create or import into the CRM and inbox.
- Integration data: access tokens and content from services you connect (e.g. email, LinkedIn, calendar) so we can send, receive, and sync on your behalf.
- Usage and device: product usage, app version, and basic technical data used to operate, secure, and improve the Service.
- Support: information you send when you contact us.
3. How we use your information
- Provide, maintain, and improve the Service.
- Process your content through AI models and integrations to generate drafts, summaries, signals, and other features.
- Send outreach, sync replies, and connect bookings to deals using the integrations you authorize.
- Manage your account, purchases, and usage limits.
- Respond to support requests.
- Detect, prevent, and address abuse, fraud, or security issues.
- Comply with applicable laws and enforce our terms.
4. Customer Data and your contacts (controller / processor)
For Customer Data in the cloud Service, including the personal data of your prospects and contacts, you are the data controller and we act as a processor on your behalf, processing that data only to provide the Service and on your instructions. You are responsible for having a lawful basis (such as legitimate interest or consent) to process your contacts' data and for honoring their rights and opt-outs. We make a data processing agreement available on request.
5. Sub-processors and data sharing
We do not sell your personal information. To run the cloud Service, your data may be processed by trusted sub-processors, including:
- AI providers (via OpenRouter, e.g. OpenAI, Anthropic, Google) to generate responses, drafts, and signals from the content you submit.
- Infrastructure and database hosting and storage providers (e.g. Supabase) that run the cloud Service.
- Email and LinkedIn integrations used to send, receive, and sync messages you authorize.
- Payments (e.g. Polar) to process purchases and subscriptions.
- Analytics on our marketing site (privacy-friendly, aggregated).
We may also disclose information if required by law, to protect our rights or safety, or in connection with a merger or sale of assets, in line with applicable law.
6. Data retention
We retain account and Customer Data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where retention is required for legal, security, or operational purposes. Some data may persist briefly in backups.
7. Your rights and choices
Depending on where you live (e.g. under the GDPR or CCPA), you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain processing. You can manage much of your data directly in the app. For other requests, contact us using the details below; we will respond in accordance with applicable law.
8. Security
We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure; we encourage you to use a strong password and protect your integration credentials.
9. International transfers
Your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for those transfers.
10. Self-hosting
If you deploy the Dobble codebase on your own infrastructure, your Customer Data stays in your environment and is governed by your own policies and the agreements you hold with your chosen AI and integration providers. We do not have access to a self-hosted instance unless you explicitly share data with us (for example, for support).
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and, where appropriate, notify you. Your continued use of Dobble after changes constitutes acceptance of the updated policy.
12. Contact us
For privacy questions, requests, or a data processing agreement, contact us at lazare@iterationx.io.