Doris - bookwithdoris.com

Last updated: 11 June 2026

This Privacy Policy explains how ItsMeFil Ltd ("we", "us", "our") collects, uses, and protects personal data when you use Doris at bookwithdoris.com.

We are registered in England and Wales. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data controller: ItsMeFil Ltd (Company No. 17218858), registered in England and Wales.

Contact: [email protected]

For the personal data of members invited by an organisation administrator, the organisation acts as data controller and we act as data processor on their behalf.

2. What Data We Collect

Organisation administrators

Name and email address (used for account creation via Clerk)
Organisation name and settings
Subscription and billing information (held by Paddle - we do not store payment card data)

Organisation members (invited users)

Name and email address
Booking records - which rooms were booked, when, and by whom
Custom field responses on bookings (as configured by the organisation administrator)
Push notification subscription data (if opted in)

What we do NOT collect

Passwords - authentication is handled entirely by Clerk (clerk.com)
Payment card data - billing is handled entirely by Paddle (paddle.com)
Client, patient, or customer data of any kind
Special category data (health, clinical, religious, political data etc.)

Doris is a room booking tool. The only personal data it holds is the data of the people who book rooms - staff, volunteers, and members of the organisation. If you are a counsellor or therapist, your clients' details should never enter Doris.

3. How We Use Your Data

We use your data to:

Operate the room booking service
Manage your account and subscription
Send push notifications you have opted into
Send service-related communications (trial status, account notifications)
Comply with our legal obligations

We never use your account or booking data for advertising, and we do not sell your data to third parties. The only advertising-related measurement we do happens on our public marketing pages, uses no Doris account data, and only runs if you consent to it (see Sections 5 and 9). We do not share your data with any third party except as described in Section 5.

4. Legal Basis for Processing

We process personal data on the following legal bases under UK GDPR:

Contract - to provide the service you have signed up for
Legitimate interests - to operate, maintain, and improve the service
Legal obligation - where required by law
Consent - for optional processing such as push notifications and the optional marketing cookie on our public pages (either can be withdrawn at any time)

5. Third-Party Services

We use the following third-party services to operate Doris:

Clerk (clerk.com) - user authentication. Clerk processes email addresses and manages passwords. We never see your password.

Paddle (paddle.com) - subscription billing. Paddle acts as Merchant of Record and processes all payment data. We do not store card numbers or payment details.

Cloudflare (cloudflare.com) - hosting, database, and infrastructure. Data is stored in the EU/UK region. We also use Cloudflare Web Analytics to understand aggregate site usage (page views, approximate visitor counts, and country-level location). This is privacy-first and cookieless: it sets no cookies, does not store IP addresses, does not build a profile of you, and does not track you across other websites.

Sentry (sentry.io) - error monitoring. When Doris encounters a technical error, Sentry records diagnostic information (the error, the page or screen involved, and browser/device type) so we can find and fix bugs. We configure Sentry to minimise personal data: IP-address collection is disabled and identifying details are stripped before a report is sent. Error data is processed in Sentry's EU (Germany) region.

Anthropic (anthropic.com) - powers the in-app help assistant. The assistant receives only your typed question. No booking data, account data, or personal information is passed to the assistant.

Meta (facebook.com) - optional advertising measurement on our public marketing pages only (the landing, pricing, and about pages). If - and only if - you accept the cookie banner shown on those pages, the Meta Pixel sets a cookie and tells Meta which of our public pages you visited, so we can measure whether our advertising works and reach people who showed interest in Doris. It never runs inside the Doris app itself, and no account, member, or booking data is ever shared with Meta. If you decline, nothing is loaded and no data is sent. Meta acts as an independent data controller for this data - see Meta's own privacy policy at facebook.com/privacy/policy.

Each of these providers has their own privacy policy and is independently responsible for their data handling.

6. Data Retention

We retain your data for as long as your organisation's account is active.

If your trial expires or subscription lapses, your organisation enters read-only mode. If the account is not reactivated within 6 months of entering read-only mode, we will send a data deletion warning to the registered email address. Data will be permanently and irreversibly deleted 30 days after that warning.

You may request deletion of your data at any time by contacting us. See Section 8 for your rights.

7. Data Security

We take appropriate technical and organisational measures to protect your data, including:

Encryption in transit (HTTPS, enforced by Cloudflare)
Database access restricted to the application layer
Secrets and API keys never stored in code or version control
Clerk and Paddle handle the most sensitive data (credentials and payment) under their own security programmes

No system is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

8. Your Rights

Under UK GDPR, you have the right to:

Access - request a copy of the personal data we hold about you
Rectification - ask us to correct inaccurate data
Erasure - ask us to delete your data (subject to legal obligations)
Restriction - ask us to restrict processing in certain circumstances
Portability - receive your data in a machine-readable format
Object - object to processing based on legitimate interests
Withdraw consent - for consent-based processing (e.g. push notifications), withdraw at any time

To exercise any of these rights, contact us at: [email protected]. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Inside the Doris app, we use only essential cookies and session tokens necessary to operate the service - no advertising or tracking cookies, ever. For usage analytics we use Cloudflare Web Analytics, which is cookieless - it sets no cookies and does not track you across other websites (see Section 5).

Our public marketing pages offer one optional cookie: the Meta Pixel, used to measure our advertising (see Section 5). It is set only if you accept the cookie banner; declining loads nothing, and your choice is remembered. You can change your mind at any time using the "Cookie preferences" link in the page footer.

10. Children

Doris is intended for use by adults within organisations. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has registered without appropriate authority, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via the Doris admin dashboard. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

12. Contact

Privacy queries and data subject requests: [email protected]

ItsMeFil Ltd (Company No. 17218858), registered in England and Wales.