Help docs
Get in touch

Go to app
Log inTry for free


InsightsAnalysisAutomationIntegrationsEnterprisePricingLog in


About us

© Dovetail Research Pty. Ltd.

TermsPrivacy Policy
Help centerLegal and privacyArticle

Our GDPR commitment

Last updated25 July 2023
Read time4 min

Table of contents

This article is designed to help Dovetail customers and users understand, and where applicable, comply, with the General Data Protection Regulation (“GDPR”). The GDPR is the most significant change to European data privacy legislation in the last 20 years and went into effect on May 15, 2018.

GDPR is designed to give European Union (“EU”) citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

Dovetail has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.

GDPR compliance

We appreciate that our customers have requirements under the GDPR that are directly impacted by their use of our Services. Below are several GDPR initiatives that have been implemented across our Services:

  • Investment in security – We’ve increased our investment in security. This includes implementing dependency vulnerability detection, improved auditing and logging across all services, new internal security policies, staff security training, improved password and secret management, 2FA enforcement, stronger password policies, and more.

  • Employee training – We ensure our team are trained in handling customer data and personal information, and that they maintain the confidentiality and security of that data.

  • Updated terms – We have updated the structure and language used in all of our terms and policies to more clearly communicate what information we collect, what we use it for, who we share it with, what your rights are, and more.

  • Data Processing Agreement – We support the EU’s Standard Contractual Clauses through a Data Processing Agreement that you can sign and return to us.

  • Data Sub-Processors – We list all of our third party data sub-processors and share information on what we use them for and where they are located.

  • Data Subject Access Request procedure – We’ve streamlined our Data Subject Access Request procedure and documented the procedure on our website.

  • Data portability – We’ve improved our data export features so customers may export customer data and personal information in a machine-readable format at any time.

  • EU data storage – You can choose to host certain data you upload to your Dovetail workspace in our data center located in Ireland.

Our security

We appreciate that we are entrusted with valuable and sometimes sensitive user research data, which is why we have built security into every layer of our architecture, pursuing a ‘privacy by design’ approach to the design and development of our Services.

Our application is built on world-class, modern cloud infrastructure designed to ensure the safety of your data. We have carefully chosen proven third party cloud providers that have a great security track record, and we employ best practices including regular backups, data encryption, sanitized logging, and common attack prevention.

Read more about our security practices.

International data transfers

We offer customers a robust international data transfer framework as a part our Data Processing Agreement (“DPA”). This addendum ensures that our customers can lawfully transfer personal data to our Services outside of the European Economic Area by relying on the Standard Contractual Clauses. Our DPA also contains specific provisions to assist customers in their compliance with the GDPR.

Data portability and right to be forgotten

We help you honor your customers’ requests to export their data. Dovetail provides data portability and data management tools for exporting product and user data.

We also help customers meet obligations under the GDPR ‘right to be forgotten’ (or ‘right to erasure’) clause by making it easy to request the deletion of personal data from Dovetail. For more information on this procedure, see Data Subject Access Request.

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. In our Privacy Policy, we share what information we collect, how we use and store that data, and how you can access and control your information.

The Australian Privacy Act and the GDPR

As an Australian-based business, our information security and data privacy practices and policies are already guided by Australian law, namely the Australian Privacy Act.

The GDPR and the Privacy Act include some similar requirements. Both laws foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected. Both laws require businesses to implement measures that ensure compliance with a set of privacy principles, and both take a ‘privacy by design’ approach to compliance.

Additional resources

The following resources might prove useful:

Contact us

If you have any questions, please email us at

Give us feedback

Was this article useful?

Your customer insights hub

Turn data into actionable insights. Bring your customer into every decision.

Try for free


InsightsAnalysisAutomationIntegrationsEnterprisePricingLog in


About us

© Dovetail Research Pty. Ltd.
TermsPrivacy Policy