Privacy Policy

Last updated: January 2026

Overview

PurchaseDot is a software service used by post-primary schools to manage purchasing and expense claims.

We take privacy seriously and aim to collect and process only the data required to provide the service.

Who This Policy Applies To

This policy applies to teaching and non-teaching staff who use PurchaseDot through their school.

PurchaseDot is provided to schools as an organisational service. Schools are responsible for how the service is used within their organisation.

Roles & Responsibilities

Schools using PurchaseDot are the data controllers of the personal data entered into the system.

PurchaseDot acts as a data processor, processing data only on behalf of schools and only for the purpose of providing the service.

Data We Collect

We collect and process the following types of data:

  • Names
  • Email addresses
  • User account information
  • Expense claim data (amounts, dates, categories)
  • Uploaded receipts (such as PDFs or images)

We do not store bank details such as IBAN or BIC numbers.

How We Use Data

Personal data is used only to:

  • Provide and operate the PurchaseDot service
  • Allow users to submit and review expense claims
  • Send transactional emails (such as notifications and approvals)
  • Maintain system security and reliability

We do not use personal data for advertising or marketing purposes.

Analytics

We use PostHog (EU-hosted) to understand how the service is used and to improve functionality.

Analytics data is used in aggregate form and is not used for advertising or tracking users across other websites.

Emails

PurchaseDot sends transactional emails only, such as:

  • Account-related notifications
  • Expense approval updates
  • System messages

Emails are delivered using Amazon Simple Email Service (AWS SES).

We do not send marketing emails.

Data Storage & Location

PurchaseDot is hosted on Amazon Web Services (AWS) and Netlify.

All application data is stored in the European Union, primarily in Ireland.

Data Sharing

We do not sell personal data.

We do not share personal data with third parties except where required to operate the service (such as hosting, analytics, and email delivery providers).

Data Retention

Data is retained for as long as a school has an active account or as required to meet legal or operational obligations.

Schools may request data deletion in accordance with their policies and applicable law.

Security

We take reasonable technical and organisational measures to protect personal data, including access controls and secure infrastructure.

Your Rights

Users should contact their school in the first instance regarding access, correction, or deletion of personal data.

Schools may contact PurchaseDot to assist with fulfilling data protection requests.

Contact

If you have questions about this policy or how data is handled, please contact:

PurchaseDot
Email: privacy@purchasedot.com