Legal

Privacy Policy

Last updated: April 2026

    We take your privacy seriously. This policy explains clearly what personal data we collect, why we collect it, and how we use and protect it. We will never sell your personal data.
  

1. Who We Are

Dexter (the "Service") is operated by Whittingham Marketing & Consultancy ("we", "us", "our"), based in Brighton, England. We are the data controller for personal data collected through dexterhub.io.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at hello@dexterhub.io.

2. What Data We Collect

We collect the following categories of personal data when you use Dexter:

Account data

Email address — required to create an account and communicate with you
First name — optionally provided at sign-up to personalise your dashboard
Password — stored securely as a hashed value; we never see your plain-text password

Usage data

Tasks, tags, notes, and archived items you create within the app
Activity dates (the calendar days on which you complete tasks) used for streak and heatmap tracking
Your app preferences such as light/dark mode and column widths

Billing data

Subscription plan and status
Stripe customer ID — a reference used to link your account to your Stripe subscription
Trial end date and billing status
Card details are collected and stored entirely by Stripe — we never see or store your full card number, expiry date, or CVV

Technical data

Browser type and device type (collected automatically by our hosting infrastructure)
IP address (collected by Netlify and Supabase as part of normal web hosting)
Error logs where applicable, to help us identify and fix technical issues

3. How We Use Your Data

Purpose	Data used	Legal basis
Creating and managing your account	Email, name, password	Contract performance
Providing the Dexter dashboard and storing your tasks	Tasks, tags, notes, activity data	Contract performance
Processing subscription payments	Email, Stripe customer ID, billing status	Contract performance
Sending account emails (confirmation, password reset)	Email address	Contract performance
Sending billing notifications and receipts	Email address, billing status	Contract performance / Legal obligation
Improving and maintaining the Service	Technical and usage data (anonymised where possible)	Legitimate interests
Complying with legal obligations	Any data required by law	Legal obligation

We do not use your data for advertising or profiling purposes, and we do not sell your data to any third party.

4. Who We Share Your Data With

We use a small number of trusted third-party services to operate Dexter. Each acts as a data processor under our instruction:

Supabase — our database and authentication provider. Your account data and task data is stored on Supabase infrastructure. Supabase is GDPR compliant and stores data in the EU. Supabase Privacy Policy
Stripe — our payment processor. Stripe handles all card data and billing. We share your email address with Stripe to create a customer record. Stripe is PCI DSS compliant. Stripe Privacy Policy
Netlify — our hosting provider. Netlify serves the Dexter application and processes web requests. Netlify Privacy Policy
Resend — our email delivery provider, used to send transactional emails such as account confirmations and password resets. Resend Privacy Policy

We do not share your data with any other third parties except where required by law or with your explicit consent.

5. How Long We Keep Your Data

Active accounts: We retain your data for as long as your account is active.
Cancelled accounts: We retain your data for 90 days after cancellation, after which it is permanently deleted from our systems. This gives you time to reactivate your account and recover your data if you change your mind.
Billing records: We are required by law to retain billing and transaction records for 7 years.
Data deletion requests: You may request immediate deletion of your account and all associated data at any time by emailing hello@dexterhub.io. Billing records retained for legal compliance are excluded from this.

6. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can ask us to correct inaccurate or incomplete data.
Right to erasure: You can ask us to delete your personal data, subject to any legal obligations to retain certain records.
Right to restriction: You can ask us to restrict how we process your data in certain circumstances.
Right to data portability: You can request your data in a machine-readable format.
Right to object: You can object to processing based on legitimate interests.
Rights related to automated decision-making: Dexter does not make automated decisions with legal or significant effects on you.

To exercise any of these rights, please contact us at hello@dexterhub.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

All data is transmitted over HTTPS (TLS encryption)
Passwords are hashed using industry-standard algorithms — we never store plain-text passwords
Database access is restricted by Row Level Security — users can only access their own data
Payment card data is handled entirely by Stripe and never passes through our systems
API keys and secrets are stored as environment variables, not in code

No system is completely secure. If you believe your account has been compromised, please contact us immediately at hello@dexterhub.io.

8. Cookies and Local Storage

Dexter uses browser localStorage (not cookies) to store your preferences locally on your device, including your light/dark mode preference and column width settings. This data never leaves your device and is not sent to our servers.

Supabase uses a session token stored in localStorage to keep you logged in. This is a functional requirement of the authentication system and does not track you across other websites.

We do not use advertising cookies, tracking pixels, or third-party analytics tools.

9. Children's Privacy

Dexter is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at hello@dexterhub.io and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of the Service after changes take effect constitutes your acceptance of the revised Policy.

11. Contact Us

For any privacy-related questions, data access requests, or complaints, please contact:

Email: hello@dexterhub.io
Website: dexterhub.io
Operated by: Whittingham Marketing & Consultancy, Brighton, England

We aim to respond to all privacy enquiries within 5 working days.