Privacy Policy

Last updated: March 2026

1. Who we are

DPP Cloud is a trading name of Dynamic Systems Consulting Limited, registered in England and Wales. Dynamic Systems Consulting Limited is registered with the Information Commissioner's Office (ICO) under registration number ZA00013577864. We operate the DPP Cloud platform at dppcloud.co.uk, which provides Digital Product Passport creation and management services.

2. What data we collect

  • Account data: name, email address, company name when you register
  • Usage data: pages visited, features used, log data for security purposes
  • Passport data: product information you enter to create Digital Product Passports
  • Payment data: processed by Stripe — we do not store card details
  • Supply chain data: company names, countries, and contact information you provide for supply chain actors

3. How we use your data

  • To provide and operate the DPP Cloud platform
  • To process payments via Stripe
  • To send transactional emails (account confirmation, passport activation, trial expiry)
  • To comply with our legal obligations under the EU Battery Regulation and ESPR
  • To improve the platform based on usage patterns

4. Legal basis for processing (UK GDPR)

  • Contract performance: processing necessary to provide the service you have subscribed to
  • Legal obligation: maintaining DPP records as required by EU Battery Regulation 2023/1542
  • Legitimate interests: platform security, fraud prevention, service improvement

5. Data retention

  • Account data: retained while your account is active, deleted within 30 days of closure
  • Passport data: retained for the lifetime of the regulated product plus 10 years, as required by EU Battery Regulation 2023/1542 Article 77
  • Payment data: retained by Stripe per their data retention policy

6. Public data

Digital Product Passports that you activate are publicly accessible via their QR code URL. This is a regulatory requirement — the Battery Regulation mandates that DPP data be publicly accessible. You control which documents are marked as public.

7. Your rights

Under UK GDPR you have the right to: access your data, correct inaccurate data, request deletion (subject to legal retention obligations), object to processing, and data portability. Contact us at privacy@dppcloud.co.uk.

8. Cookies

We use essential cookies only — session management and security. We do not use advertising or tracking cookies.

9. Third-party processors

  • Stripe (payment processing) — stripe.com/privacy
  • Supabase (data storage) — supabase.com/privacy
  • Resend (transactional email) — resend.com/privacy
  • Vercel (hosting) — vercel.com/legal/privacy-policy

10. Contact

Dynamic Systems Consulting Limited, privacy@dppcloud.co.uk