Standalone preview · privacy-en
Privacy

Privacy Policy.

What we collect, what we do with it, and what you have to say about it. No legalese, no fine print. Everything in plain English, in one place.

Last updated: May 2026  ·  Applies to: doreply.com and all DoReply platforms

Who we are

DoReply B.V. is based in Amersfoort, the Netherlands. We build software that lets organisations turn customer questions and internal knowledge into Guided Search experiences. We are registered with the Dutch Chamber of Commerce under number 69645337.

For questions about this policy or your personal data, contact privacy@doreply.com. We respond within five working days.

When this policy applies

This policy covers two situations:

  • When you visit doreply.com. We collect minimal data to run the site and, with your consent, basic analytics to improve it.
  • When you are a customer logged in to the DoReply platform. There we process personal data of you as administrator or editor, to track changes to content and deliver the service securely.

What we do not do: we do not track end users who go through a Guided Search flow. Someone looking for an answer on your site stays anonymous to us. No cookies, no profiles, no personal data. That is a design choice, not an oversight.

Processor, not controller

In GDPR terms: for data of your end users, you are the controller and we are the processor. Concretely:

Your role as customer
You decide what goes into your flows and what content you publish. You are responsible for the lawfulness of that content.
Our role
We host the software, secure the infrastructure, and process personal data only on your instructions. We sign a data processing agreement with every customer.
For our website doreply.com
There we are the controller ourselves. This policy describes what we collect there and why.

What we collect

On the website doreply.com

  • What you send us. If you fill in the contact form or email us, we receive your name, email and what you write.
  • How you use the site. With your consent we measure via Google Analytics 4 which pages get visited. We anonymise IP addresses and do not link profiles.
  • Cookies. Only functional cookies (such as language preference) without consent. Analytical cookies only after acceptance on the cookie banner.

On the DoReply platform (customers only)

  • Account details. Name, email, organisation, role within the platform.
  • IP addresses. On login and on changes to content, for the Audit Trail.
  • Change history. Who changed what, when, from which IP. This is a security and compliance feature.

Audit Trail retention: up to twelve months, depending on your subscription. Business retains 90 days, higher tiers retain longer.

AI and your data

Guided Search flows do not use AI to process end-user personal data. The flows are pre-defined by your editorial team. An end user picks from options and arrives at a pre-approved answer. Nothing goes to a language model.

For optional features such as AI suggestions during content management (visible only to your editors), we use models hosted in the EU where possible. We do not share customer content with third parties for training purposes.

Who we share with

We share personal data only with parties needed to deliver our service:

  • Hosting: AWS Frankfurt (data stays inside the EU)
  • Email: standard business email provider for our internal communication
  • Analytics: Google Analytics 4 with anonymised IP addresses, only after cookie consent

With all of these parties we have data processing agreements in place, and we do not sell, rent or share data with third parties for commercial purposes.

Your rights

Under GDPR you have the right to:

  • Access. See what data we have about you.
  • Correction. Have incorrect data fixed.
  • Deletion. Have data erased when no longer needed.
  • Restriction. Temporarily stop processing.
  • Portability. Receive your data in a readable format.
  • Objection. Object to processing based on legitimate interest.

Send your request to privacy@doreply.com. We respond within one month. If you are not satisfied with how we handle your request, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

How we secure data

Our technical measures are described on the Compliance page. Briefly here, the highlights:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access, no shared accounts, MFA required for administrators
  • Hosting in the EU (AWS Frankfurt)
  • Regular security reviews and internal audits

Changes to this policy

If we change this policy materially, we actively notify customers and publish the updated version here. We make small textual edits silently, with a new date at the top of this page.

Questions about this policy?

Email privacy@doreply.com. Or call +31 (0)33 720 0808 during office hours (CET). We respond within five working days.

More on security?

The Compliance page describes how we secure the infrastructure, which frameworks we follow, and how we handle incidents.

See Compliance
Privacy Compliance Contact
© 2026 DoReply B.V. · Standalone preview, niet de productie-build