Image Image Dark
Image Image Dark

Privacy Policy

Introduction

This Privacy Policy explains how InstaDispatch ("we", "our", "us"), a company registered in England and Wales (Company Number: [Company Registration Number]) with registered address at [Registered Office Address], collects, uses, processes, and protects personal data when customers access or use the InstaDispatch platform, website, APIs, and related services (the "Service").

We are committed to protecting your personal data and to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this Policy, please contact our Data Protection Officer at dpo@instadispatch.com.

Our ICO registration number is: [ICO Registration Number].

Data Controller and Processor Roles

InstaDispatch operates primarily as a data processor under UK GDPR when processing shipment data on behalf of its customers.

Courier companies and logistics providers using the Service act as data controllers for shipment data relating to their customers, senders, and recipients. As controllers, they determine the purpose and means of processing that personal data.

InstaDispatch acts as a data controller in its own right for data relating to its own customer accounts, marketing communications, and platform analytics.

Where InstaDispatch processes personal data as a processor, the obligations of both parties are governed by a Data Processing Agreement (DPA) available at https://www.instadispatch.com/dpa/.

Personal Data We Collect

Account and Business Data

  • Company name, contact names, and business address
  • Account login credentials (usernames; passwords are not accessible to us)
  • Billing information and payment details
  • IP addresses and device/browser information

Shipment and Delivery Data

When customers create shipments, the Service processes:

  • Sender names, addresses, and contact details
  • Recipient names, delivery addresses, and contact details
  • Shipment descriptions, weight, dimensions, and declared value
  • Tracking numbers and delivery status updates
  • Customs and export information

Proof of Delivery Data

Where delivery confirmation features are used, the Service may process:

  • Recipient signatures
  • Delivery photographs
  • GPS delivery location data
  • Delivery timestamps

Customers are responsible for ensuring their end users are informed that such data may be captured as part of shipment services.

Technical Data

We automatically collect technical information including:

  • IP address and browser type
  • Device information and operating system
  • Usage logs and platform activity

Third-Party Services We Use

We use the following named third-party services that may process personal data:

  • Amazon Web Services (AWS) — cloud infrastructure and data hosting (EU region)
  • Plausible Analytics — privacy-preserving website analytics (no personal data stored)
  • Freshdesk (Freshworks) — customer support ticketing; name, email, and device info may be processed
  • GoCardless — direct debit payment processing
  • Google Fonts — font delivery (IP address may be collected by Google)

All sub-processors are required to maintain appropriate security safeguards and are bound by data processing agreements.

How We Use Personal Data

We use personal data to:

  • Operate and maintain the Service and fulfil our contract with customers
  • Facilitate shipment booking and logistics operations
  • Provide technical support and respond to queries
  • Improve the functionality, security, and performance of the platform
  • Send service communications, invoices, and important notices
  • Comply with legal and regulatory obligations
  • Prevent fraud and misuse of the platform

Legal Basis for Processing

We process personal data on the following legal bases:

  • Performance of a contract: processing necessary to provide the Service to customers
  • Legitimate interests: fraud prevention, platform security, and service improvement
  • Legal obligation: compliance with applicable laws and regulations
  • Consent: where we rely on consent (e.g. marketing communications), you may withdraw at any time

Data Retention

We retain personal data for the following periods:

  • Account data: for the duration of the customer relationship and for 7 years after termination for tax and legal compliance purposes
  • Shipment data: for 7 years after shipment completion for legal and audit purposes
  • Proof of delivery data: for 2 years unless the customer requests earlier deletion
  • Support communications: for 3 years after resolution
  • Technical logs: for 12 months

Upon termination of a customer account, all customer data will be irretrievably deleted within 30 days, except where longer retention is required by law.

Sharing of Personal Data

Personal data may be shared with third parties where necessary to provide the Service, including:

  • Courier and logistics carriers selected by the Customer
  • Customs authorities where required by law
  • Cloud infrastructure and security providers (see Section 4)
  • Legal or regulatory authorities where required by law
We do not sell personal data to third parties. We do not share personal data for third-party marketing purposes.

International Data Transfers

We store data primarily within the United Kingdom and the European Economic Area. Where personal data is transferred outside the UK or EEA, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs) where applicable
  • transfers to countries with an adequacy decision

Data Security

We implement appropriate technical and organisational security measures to protect personal data, including:

  • TLS/SSL encryption for data in transit
  • Encryption of data at rest
  • Role-based access controls
  • Regular security monitoring and penetration testing
  • Staff data protection training

Data Breach Notification

In the event of a personal data breach, we will notify affected customers without undue delay and within 72 hours of becoming aware of the breach, where required under UK GDPR. We will provide sufficient information to enable customers to meet their own obligations to notify the ICO and affected data subjects.

Customer Responsibilities

Customers using the Service as data controllers are responsible for:

  • Ensuring they have a lawful basis for processing personal data submitted to the platform
  • Ensuring their end users are informed of how their data is used
  • Complying with applicable data protection laws in their own operations
  • Entering into appropriate agreements with InstaDispatch under the DPA

Data Subject Rights

Individuals have rights under UK GDPR including:

  • Right of access to personal data
  • Right to rectification of inaccurate data
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Rights in relation to automated decision-making
Because InstaDispatch operates primarily as a data processor, requests relating to shipment data should generally be directed to the relevant courier company or logistics provider acting as data controller. We will cooperate with customers to support lawful data subject requests. Requests relating to account data held by InstaDispatch as data controller should be sent to dpo@instadispatch.com. We will respond within one month of receipt. If you are dissatisfied with our handling of a request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at www.ico.org.uk.

Cookies

We use cookies and similar technologies on our website. Full details are set out in our Cookie Policy available at https://www.instadispatch.com/cookie-policy/. Cookie consent is managed through our cookie consent tool.

Automated Processing

Certain features of the InstaDispatch platform may use automated processing to calculate shipment pricing, select available carriers, or determine delivery routing options. These automated processes are used solely to provide logistics functionality and do not produce legal or similarly significant effects on individuals. As such, the provisions of UK GDPR Article 22 relating to solely automated decision-making do not apply to these processes. Customers retain full control over final shipment decisions made through the platform.

Changes to this Privacy Policy

Certain features of the InstaDispatch platform may use automated processing to calculate shipment pricing, select available carriers, or determine delivery routing options. These automated processes are used solely to provide logistics functionality and do not produce legal or similarly significant effects on individuals. As such, the provisions of UK GDPR Article 22 relating to solely automated decision-making do not apply to these processes. Customers retain full control over final shipment decisions made through the platform.

Contact

For questions about this Privacy Policy or data protection matters, contact our Data Protection Officer:

  • Email: dpo@instadispatch.com
For complaints: you may also contact the ICO at www.ico.org.uk or on 0303 123 1113.

InstaDispatch is a powerful cloud-based courier dispatch software, which has been created keeping in mind all the small and the big aspects of the courier industry.

© 2025 InstaDispatch. All rights reserve

Facebook Linkedin X-twitter Instagram Whatsapp
instadispatch
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.