<img alt="" src="https://secure.bank8line.com/220276.png" style="display:none;">
Watch a Demo

Privacy Policy

March 5, 2024

Updated March 5, 20214

We at Dooap are committed to protecting your privacy and to complying with applicable data protection and Privacy Laws. This Privacy Policy applies to your use of Dooap product (“Product”) and to processing of personal data we receive through your use of Product or Dooap websites, and explains and governs our data collection, processing and usage practices. Throughout this Privacy Policy the term “personal data” means information relating to an identified or identifiable individual (i.e. a natural person).

By using the Product or the Dooap website, you agree to the data practices described in this Privacy Policy. If you do not agree with the data processing practices described herein, you should not use the Product. Dooap may modify this Privacy Policy from time to time and will update the date appearing at the beginning of this Privacy Policy when modifications take place. The most current Privacy Policy will be available in the Microsoft AppSource and on the Dooap website. You accept such modified Privacy Policy by continuing to use of the Product. We recommend that you visit our website occasionally to review any changes.

The terms "Dooap", "we", "us" or "our" used in this Privacy Policy refer to Dooap Oy, a Finnish corporation with business I.D. 3207965-7, having his registered domicile in Hatanpään valtatie 24, 33100 Tampere, Finland that is doing business under the name Dooap and is the developer and owner of the Product.

1. The Dooap Product and Applicability of this Privacy Policy

The Product is an invoice management tool designed to be utilized by our customers for their internal invoice management purposes. 

Please acknowledge that this Privacy Policy applies to personal data that is processed by Dooap as a data controller. It does not apply to any personal data you submit, store or process in the Product utilising the functionalities of the Product. With respect to such personal data, you (or your employee or another entity authorized to use the Product) act as controller under applicable data protection laws and Dooap acts as a processor for the purposes of providing the Product. The processing of personal data in such case is not controlled by us, and you (or your employee or another entity authorized to use the Product) are solely liable for appropriate and legal processing of personal data in such case.

2. The Information We Collect

2.1 Data You Provide

When you use the Product, we collect data that you provide to us directly. For example, when you use or register for the Product, we may ask you to provide us with registration information, which includes, for example, your name, contact details (such as address, e-mail address and phone number), company name and occupation and language, as well as user names, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you access to the Product.

Moreover, we may collect or ask for information relating to your subscription or license and/or use of the Product and other interactions with us. Such information may include, for example, details of agreements between you and Dooap, records of contacts and communications, information and details relating to the content you have provided us with and other such transactional information.

2.2 Website usage, log files and cookies

You are free to explore the Dooap websites without providing any information about yourself. However, we collect certain information received automatically through the use of the Product and Dooap websites. Such information refers to your computer (or other device) and your use of the Product, and includes (i) information about your use of and your interactions with the Product and Dooap website, including advertising, products and services which are displayed, offered or otherwise made available on the Product or Dooap website; (ii) details pertaining to your use of the Product features and other contributions to the Product or Dooap website; (iii) technical data, such as the referring website address, access times, your IP address, device identifier, network and computer performance, browser type, language, operating system, and the Product version; and (iv) location information. We may use cookies and similar technologies to collect this information (see Section 7 below). We may store and use this information in accordance with this Privacy Policy.

2.3 Payment information

When you order the Dooap Product through Microsoft webpages, we do not store and process your credit card information and other invoicing data provided by you. All processing of credit card information is performed by trusted third parties for the sole purpose of verifying your financial qualifications and collect payment from you. The use of your data by our invoicing service provider is subject to its privacy policies. Trial use of the Product is provided free of charge and thus no payment information will be collected unless you subscribe to a license subject to a charge.

2.4 Children

The Dooap Product is a business-to-business product and not intended for children under the age of 18 who are not legally capable of forming binding contracts in most jurisdictions. We do not knowingly collect personal data from children under 13. If we learn we have collected or received personal data from a child under 13 without verification of parental consent, we will delete that personal data.

3. How We Use the Information We Collect

3.1 Use of Personal Data and Legal Bases for Processing 

We may use your Personal Information and other data we collect to:

  1.  set up and maintain your registration with the Product and to fulfill your requests;
  2. provide the functionalities, personalize and improve the Product and Dooap website, for example by providing customized or localized content and advertising to the extent permitted by applicable law or by your consent (see Section 7 below);
  3. ensure technical functioning of the Dooap Product, develop new features or services and provide support;
  4. perform research, analyze and compile statistical information about your use of the Dooap Product, including your interaction with content made available therein;
  5. communicate with you for purposes related to the management of Customer or user relationship (including billing, surveys, newsletters etc.); and
  6. protect our rights and/or our property and to prevent and investigate fraud and other misuses;
  7. comply with any mandatory legal requirements and/or in connection with law enforcement or other civil or criminal legal proceedings; and
  8. send you promotional material and other marketing communications relating to our or our Customers’ products or services to the extent permitted by applicable law or by your consent (see Section 8 below).

The legitimate grounds for processing your personal data are either compliance with the agreement entered into between us and you, our legitimate interest, compliance with legal obligations to which we are subject or your consent as further described in the examples below.

  • Contractual obligations: Processing of your personal data to certain extent is necessary to enable us to fulfil the agreement we have concluded with you or our customer. For example, when you subscribe to the Product, it is necessary for us to process your personal data so that we can carry our contractual obligations so that you can use the Product.
  • Our legitimate interest: We process your personal data based on our legitimate interest in particular to improve, audit and analyze the Product as well as for administrative purposes and to preventing and resolving possible misconduct.
  • Consent: Based on your consent, we can process your personal data to sending you direct electronic marketing.

The provision of your personal data as described in this Privacy Policy is partially a contractual requirement. For example, when you subscribe to the Product, you are required to provide us with certain personal data for processing purposes specified in this Privacy Policy. Failure to provide us personal data may prevent us from performing our contractual obligations, which may lead to you being unable to use our Product.

We may transfer the data (whether personal data or non-personally identifiable anonymous data) with our subcontractors or partners for the above purposes. In such cases, these subcontractors and partners act as our data processors and process the personal data on our behalf. In case we transfer the data, we will ensure that personal data is transferred and processed only to the extent necessary and only for the intended purpose. Such third parties are also required to maintain the confidentiality of your Personal Information.

We may also sell, transfer or otherwise share some or all of our assets, including your personal data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

We may disclose aggregated anonymous and not personally identifiable information about our users without restriction.

Other than as provided in this Privacy Policy, we will not share your personal data with any third party. Please note that there can be exceptions based on your country due to local laws or authorities and that we may be obligated to disclose your personal data to authorities or third parties pursuant to mandatory applicable law or an order of a regulatory or statutory authority.

3.2 Access to Personal Data

Dooap’s personnel have no general access to personal data included in the Product. Access to such personal data is given exclusively to authorized persons on Dooap’s side or its subcontractors, for instance, in connection with the supply of support services relating to the Product. We have ensured that our employees do not process Personal Information on a wider basis than required for providing the Product. Our personnel have received training on the restrictions relating to the processing of personal data.

4. Third Party Services and External Websites

The Dooap Product enables you to promote and share your content with other services (such as network and invoicing services etc.). The use of your content and related information (including personal data, if any) on these services is subject to the terms and conditions and privacy policies of the relevant service providers, and we do not have access or control over nor do this Privacy Policy apply to these third party services.

Our websites may include links to third party websites. Please note that we do not control, and are not responsible for, the content or practices of such websites, which are also subject to their own terms and privacy policies.

5. Transfers to THIRD Countries

In order to ensure proper functioning of the Product, and to facilitate our global operations, we may need to transfer your personal data with companies operating outside Finland (for example if our servers are located in another country) and the EU/EEA. We also use a subcontractor established in the United States to facilitate the distribution of the Product, and a limited amount of your personal data (email address or other similar identification data needed to transmit emails) may be transferred to the said subcontractor, but solely for the said purpose.

Regarding transfers of personal data to countries where the local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission or a competent supervisory authority.

To learn more about the appropriate safeguards we use, please send us an email at infosec@dooap.com.

6. Security

We employ several security technologies and measures to protect and prevent your personal data stored on our data systems and servers from unauthorized access, use and disclosure. Our servers are in a controlled and secure environment and user credentials are required to access the environment and Personal Information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information as set forth in this Privacy Policy, we cannot guarantee the security of your personal data transmitted to our website or via the Product.

7. Information about Cookies and Similar Technologies

A “cookie” is a small text file that is placed on your computer or other terminal device by a web server when you visit a website. Cookies are used to personalize your browsing experience by helping a website recognize your device when you return to that website. Each cookie is individually assigned to your terminal device and only the server that has placed the cookie is able to read it later. A cookie does not run programs and it cannot be used to deliver viruses or other malware, or harm your terminal device or data files. An individual user is not identifiable merely through the use of cookies or similar technologies.

We use cookies and other similar technologies to operate, analyze and improve the Product and Dooap websites to better serve our Customers and users, and to provide you with personalized information and content in accordance with this Privacy Policy. The information we collect by these means is described in Section 2.2 above. If you have provided personal data about yourself, we may combine the information we receive with the help of these techniques with your personal data.

You have the option to manage your cookie preferences through your web browser. You can set your browser to accept, block or delete all or certain cookies. Please note that if you choose to block cookies, this may prevent the proper functioning of the Product or Dooap websites. For more information about cookies and how to block them, please visit for example www.youronlinechoices.com or www.allaboutcookies.org.

8. Retention time of personal data

Personal data is retained as long as it is necessary for the execution of the processing purposes mentioned in this Privacy Policy. The retention periods are defined based on the following grounds:

  • We will retain your personal data as long as we have a contractual obligation or a legitimate interest to do so. We define the validity of our legitimate interest based on your use of our online services as well as based on the communication between you and us. Our contractual obligation to process your personal data terminates upon the termination of your subscription to our Product.
  • We will delete your personal data in case you cancel your permission for direct marketing or if you object to the processing of your personal data for the purposes of direct marketing. In such case, the information regarding prohibition of direct marketing is, however, retained.
  • Your personal data is deleted in case your have requested the deletion of your personal data and we have no other ground for the processing of such data.

Outdated data and data that has been marked to be deleted will be deleted in course of regular database updates.

9. Your Rights With Respect to Personal Data

In case you wish to know what personal data we hold about you, you may, as appropriate and in accordance with applicable law, exercise such rights by contacting us through the contact points referred to below.

Also, in case you wish to rectify any incomplete, incorrect or outdated personal data, you may, as appropriate and in accordance with applicable law, exercise such rights by contacting us through the contact points referred to below.

You also have the right at any time to request us to erase personal data concerning you and processed by us and we are obliged to erase the data if there is no longer a legal ground for processing the data.

In some cases, you have the right to object to the processing of your personal data if the data has been processed on the basis of our legitimate interest, and we are obliged to stop processing such personal data unless we can demonstrate compelling legitimate grounds for further processing of such personal data. You also have the right to prohibit us from processing your personal data for purposes of direct marketing, distance selling and other marketing communications, market research and opinion polls (opt-out) by informing us thereof. We may send you marketing communication using electronic means (e-mail, SMS etc.), and you have the option to unsubscribe at any time.

In addition you may, under certain circumstances have the right to obtain from us restriction of processing of your personal data. Should the restriction of processing apply, the respective personal data will be marked and may only be processed by us for certain defined purposes. Where your personal data has been processed based on your consent or an agreement entered into between you and us, you have the right to receive such personal data from us that you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another entity without hindrance from us.

Lastly, you as a data subject have the right to file a complaint with the competent supervisory authority regarding our processing of personal data.

10. Governing Law

This Privacy Policy shall be interpreted and construed in accordance with the laws of Finland, without regard to the principles governing conflicts of law of any jurisdiction. Dooap strives to comply with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Act on Electronic Communication Services (917/2014) as well as other Finnish and EU privacy legislation while processing any personal data or other similar user data in the course of providing our products and services.

Should you have any questions or comments about this Privacy Policy, please contact:


Hatanpään valtatie 24
33100 Tampere, Finland