Privacy Policy

Effective 15 Mar 2020

When you use our products, website or subscribe to our communications, you’re trusting us with your personal and professional information. We understand this is an important responsibility and we protect your information, do not share it except for very limited purposes, and give you the right to be forgotten.

This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, and delete your information. If you are a customer of a Dossier Product, visitor to an Dossier Website, or a recipient of Dossier communications, then this Privacy Policy applies to your use of such Website, Product or communications.

As used in this Privacy Policy, “Dossier,” “us” and “we” refers to Onboardify, Inc., also doing business as Dossier. The “Websites” means Dossier’s websites (including without limitation www.dossier.work, www.onboardify.com, app.dossier.work, and any successor URLS, mobile or localized versions and related domains and subdomains), and the “Products” means Dossier’s communications and messaging products, applications and services, in whatever format they may be offered now or in the future. The Products and Websites are collectively referred to herein as the “Services.”

If you are a visitor to or user of a third-party website or service (“Third-Party Property”) that utilizes any Dossier communication or messaging products (such as the Dossier chat widget, or the Dossier Slack widget), then any information you submit to such Third-Party Property (including via the Dossier Product) is collected under the privacy policy of the owner of such Third-Party Property, and you should contact such owner with any related requests or inquiries you may have.

Information We Collect

A. Information Related to Services.

Registration and Contact Information. We collect information about you when you (a) register to use the Products and (b) otherwise provide contact information to us via email, or through our Services. This information you provide may include your username, first and last name, email address, mailing address or phone number.

Payment Information. When you purchase the Products, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information (“ Payment Information”). We describe how Payment Information may be collected and processed in Section "Payment Information".

Technical, Usage and Location Information. We automatically collect information on how you interact with the Services, such as the email address with which you access the Services, date and time, subject lines of messages, email addresses of other people in the emails, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device. We use cookies and similar technologies to collect some of this information.

Partner Service Information. We collect information when you connect any 3rd Party Service, such as Google G Suite, Microsoft Office 365, Slack, Asana, HubSpot, Salesforce, Box, Dropbox, and others through our Services. This information you provide may include your username, email address, first and last name, company name, and any meta data from your 3rd Party Service account that we need to deliver the Products to you. If the 3rd Party Service provides OAuth authentication capabilities, which most of the 3rd Party Services do, then we do not store your password, and instead connect using the secure OAuth protocol.

Google API Services User Data Policy. Google API Services, including Google Sign-In, are part of an authentication and authorization framework that gives you the ability to connect directly with Google users when you would like to request access to Google user data. Google's policy, available at https://developers.google.com/terms/api-services-user-data-policy, govern the use of Google API Services when you request access to Google user data. We comply with all terms contained in this aforementioned Google policy. Our Google App's use of information received, and Google App's transfer of information to any other app, from Google APIs will adhere to Google's Limited Use Requirements.

Other Information. We may collect other information from you that is not specifically listed here. We may use any such information in accordance with this Privacy Policy or as otherwise permitted by you.

Legal Basis. Dossier products work together to help you organize all your business communications. In order to engage visitors and leads we have a legitimate interest to collect relevant data and send messages based on this information. We consider your privacy and data protection rights when we pursue our legitimate interests and ensure that the way our Services work don't impact on those rights. For website visitors Dossier will store this data until the individual opts out or where they have not engaged with Dossier in 60 months.

B. Your Data.

You may submit various types of information and data into the Products for hosting and processing purposes ("Your Data”). Your Data may include, without limitation, (a) personal information such as names, email addresses, phone numbers, location and photos of your end user customers, potential customers and other users of and visitors to your websites, apps and other properties, which information may be input into the Products by you or collected by the Products using Dossier tags, scripts and other code added to such properties, and (b) information contained in communications between you and your end user customers using the messaging features of the Products.

We will only use, disclose and otherwise process Your Data for the purposes set forth in your agreement with us for the provisioning of the Products. The Products do not use any third-party services to retrieve publicly-available information about people, including social media information, profile information, gender, company, job titles, photos, physical addresses, and website URLs based on people’s email addresses input into the Products.

Legal Basis. We process and store Your Data to deliver our Services to you. Without this information, we wouldn't be able to provide our Services to you. We also process Your Data to pursue our legitimate interests by ensuring the smooth running of your Products and to help you communicate with your customers. We consider your privacy and data protection rights when we pursue our legitimate interests and ensure that the way Services work don't impact on those rights.

How We Use the Information We Collect

We use your information in the following ways:

  • To provide, maintain and improve the Services and our other products and services, including to operate certain features and functionality of the Services (for example, by remembering your information so that you will not have to re-enter it during this or subsequent visits);
  • To process your inquiries and otherwise deliver customer service;
  • To process your payments, we share and use Payment Information as described in Section "Payment Information";
  • To control unauthorized use or abuse of the Services and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal;
  • To analyze trends, administer or optimize the Services, monitor usage or traffic patterns (including to track users’ movements around the Services) and gather demographic information about our user base as a whole;
  • To communicate directly with you, including by sending you newsletters or information about new products and services. Your opt-out options for promotional communications are described in Section "Your Rights and Choices";
  • In the manner described to you at the time of collection or as otherwise described in this Privacy Policy.

We do not permit the following uses of your information, either by ourselves, or by third parties:

  • We do not permit using your information for market research.
  • We do not share anonymized versions of your information with third parties.
  • We do share your information with advertising partners.
  • We do not permit using your information for surveillance.

Sharing Your Information with Third Parties

We do not sell, trade, share or transfer your personal information to third parties except in the following limited circumstances. Your personal information is never displayed, sold, or otherwise distributed to a third party conducting surveillance, market research or advertising.

  • You can sign up with or log in to our Product using a Single Sign-on (SSO) service like your Google, Microsoft or Slack account. This service will authenticate your identity with Google, Microsoft or Slack, and share certain personal information with us such as your name, email address, photo and title to pre-populate our sign up form and, with your consent, create your user account in our Product. We do not share this information with any third-party.
  • We use email marketing software from HubSpot, Inc. and SendGrid, Inc. to email you our newsletters or notifications of our product/service offerings. To send you such email, from which you can opt out at any time, the data we upload to the email marketing software will include your name, job title, email address, and company information;
  • We may share your personal information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce a customer agreement, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
  • We may share your personal information with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues;
  • We may share your Payment Information to process your payments, as further described in Section "Payment Information"; and
  • We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets.

Payment Information

When you make a purchase on the Services, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Stripe through their Stripe Checkout service. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here: https://stripe.com/us/checkout/legal.

Other Access to or Disclosure of Your Information

The Services may also contain links to third party websites. This Privacy Policy applies solely to information collected by us. Even if the third party is affiliated with us through a business partnership or otherwise, we are not responsible for the privacy practices of such third party. We encourage you to familiarize yourself with the privacy policies of such third parties to determine how they handle any information they separately collect from you. Please be aware that we do not warn you when you choose to click through to another website when using the Services.

The Websites contain features that enable you to post reviews, comments or other content that is publicly viewable. You should be aware that any personal information you submit as part of those posts can be read, collected, or used by other visitors to the Websites, and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to publicly post on the Websites. Please see our Website Terms of Use for more information and for other guidelines about posting content on the Websites.

Your Rights and Choices

You have the following data protection rights:

Deletion of Your Data.You can erase your personal information at any time by emailing us at admin@dossier.work, and we will delete, within 24 hours, all personally identifiable information including email, name and address.

Unsubscribe From Our Communications. You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails that are sent to you, or by sending us email us at admin@dossier.work. Please note, however, that you may be unable to opt-out of certain service-related communications unless you delete your information with us.

Blocking Cookies. You can remove or block certain cookies using the settings in your browser but the Services may cease to function properly if you do so.

How We Respond to Do Not Track Signals. Your Web browser may have a “do not track” setting which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Services do not respond to this type of signal.

Complaints. You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.)

To exercise any of these rights, please contact us at admin@dossier.work or by mail to Dossier, Inc., 69 Dorman Ave, San Francisco, CA 94124 USA, Attention: Privacy. We will respond to your request to delete your information within a reasonable timeframe and notify you of the action we have taken.

Accessing and Updating Your Personal Information

When you use the Services, we make good faith efforts to provide you with access to your personal information upon your request and either provide you the means to correct this information if it is inaccurate or to delete such information at your request if it is not otherwise required to be retained by law or for legitimate business purposes. You may email admin@dossier.work with your name and the information requested to be accessed, corrected or removed, or if you are using the Product, sign in to your account, go to your profile, and make the desired changes. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort (for instance, requests concerning information residing on backup tapes), jeopardize the privacy of others, would be extremely impractical, or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.

We may retain your information as necessary to support the Services, comply with our legal obligations or resolve disputes. Note that content you post may remain on the Services even if you cease using the Services or we terminate your access to the Services.

Changes to the Privacy Policy

We reserve the right to change our Privacy Policy at any time. If we make changes, we will post them and will indicate on this page the policy’s new effective date. If we make material changes to this policy, we will notify you by email or through notice on the Services.

No Children Under Age 16

The Services are not intended for use by anyone under the age of 16, nor does Dossier knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, you may not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we confirm that we have collected personal information from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that we might have any information from or about such child, please contact us at the email admin@dossier.work.

Your California Privacy Rights and Disclosures

California Shine the Light Law. If you are a California resident and we disclose your personally identifiable information to third parties for such third parties’ direct marketing purposes, California’s Shine the Light Law (CA Civil Code Section 1798.83) allows you to request certain information from us about such disclosures. To make a request under the Shine the Light Law, please contact us at admin@dossier.work. Please note that under California law, businesses are not required to respond to such requests more than once during any calendar year.

California Minors. At any time, you can delete or remove your posts using the same deletion or removal procedures described in Section "Accessing and Updating Your Personal Information" above, or otherwise through the Services. If you have questions about how to remove your posts or if you would like additional assistance with deletion you can contact our support team at admin@dossier.work. Although we offer deletion capability for our Services, you should be aware that the removal of posts may not ensure complete or comprehensive removal of that content or information posted through the Services.


The security of your personal information is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your personal information. We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Our employees do not access Your Data, except if you give us permission, for the purpose of responding to you, when you contact us, or for a security reason that may jeapordize the privacy or security of others. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect personal information about you. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

International Transfer of Data; EU-U.S. and Swiss-U.S. Privacy Shield

We may from time to time transfer your personal information to other countries outside the United States and make it accessible to our parents, subsidiaries, affiliates and third party service providers internationally. We will protect your personal information in accordance with this Privacy Policy wherever it is processed. Dossier has business entities in the United States and a number remote employees globally. Personal information may be processed in any country where an Dossier employee accesses the Dossier system.

Dossier has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield.

Contact Us

If you have questions or need to contact us about this Privacy Policy, please email us at admin@dossier.work.