Dunn. ← Back to Dunn
Legal

Privacy policy

Last updated 9 July 2026

Dunn ("we", "us") is an invoicing and payment-chasing tool for UK freelancers and small businesses, available at getdunn.co.uk and app.getdunn.co.uk. This policy explains what personal data we collect, why, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

Data controller: Dunn Technologies Ltd, trading as Dunn. For anything relating to your data, contact us at support@getdunn.co.uk — we read every message.

1. What we collect

Information you give us

Information collected automatically

Payment information

If you upgrade to a paid plan, payment is handled entirely by Stripe. We never see or store your card number. We receive confirmation of your subscription status so we can activate your plan.

2. Why we process it (lawful bases)

PurposeLawful basis
Providing the service — your account, invoices, clients, and sending payment reminders you configure or triggerPerformance of a contract (our terms)
Processing subscription payments and maintaining billing recordsContract, and legal obligation (tax and accounting law)
Product analytics to improve DunnConsent (withdrawable at any time)
Service emails about your account (e.g. password resets)Contract / legitimate interests
Securing the service and preventing abuseLegitimate interests

3. Your clients' data — an important note

When you add clients and send them invoices or payment reminders through Dunn, you are the controller of your clients' personal data, and Dunn acts as your processor: we store their details and send emails to them only on your instruction (including the automated reminder schedule you switch on). You are responsible for ensuring you have a lawful basis to contact your clients — in the ordinary course of invoicing people who owe you money, you will.

Reminder emails are sent from our domain on your behalf, with your email address as the reply-to, and only ever concern invoices you created.

4. Who we share data with

We share personal data only with the service providers needed to run Dunn, each under contract:

ProviderRole
SupabaseDatabase, authentication and backend hosting
NetlifyWebsite hosting
StripeSubscription payments
ResendDelivery of invoice and reminder emails
PostHog (EU)Product analytics — only with your consent
GoogleOnly if you choose "Sign in with Google"

We do not sell personal data, and we do not share it with advertisers. We may disclose data if required by law.

Some providers process data outside the UK (for example in the EU or US). Where that happens, transfers are protected by appropriate safeguards such as the UK International Data Transfer Addendum, UK adequacy regulations, or the UK–US Data Bridge.

5. How long we keep it

Your data is kept while your account is active. If you delete your account (Settings → Delete account), your profile, clients, invoices and reminder history are permanently deleted immediately. Billing records held by Stripe are retained as required by tax law. Backups age out on a rolling basis within a short period.

6. Your rights

Under UK GDPR you have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent (for analytics) at any time. Most of these you can do directly in the app — your details are editable in Settings, and account deletion is self-service. For anything else, email support@getdunn.co.uk and we'll respond within one month.

If you're unhappy with how we've handled your data, you can complain to the Information Commissioner's Office at ico.org.uk.

7. Security

All traffic is encrypted in transit (HTTPS). Data is stored with row-level security so each account can only ever access its own records. Passwords are hashed and never stored in plain text. Payment card details never touch our systems.

8. Changes to this policy

If we make material changes, we'll update this page and notify you by email or in the app. The date at the top shows when it was last revised.