Privacy Policy

Last updated: 26 March 2026

1. Who we are

DIMS-it is a product of Stirling Jones Solutions Ltd ("SJS", "we", "us", "our"), registered in England and Wales. We provide automated parcel dimensioning hardware and cloud software to businesses.

For data protection purposes, Stirling Jones Solutions Ltd is the data controller. If you have questions about this policy, contact us at privacy@dims-it.com.

2. What data we collect

2.1 Account data

When your organisation signs up for DIMS-it, we collect:

• Company name, address, and billing information
• User names, email addresses, and roles
• Login credentials (passwords are hashed with bcrypt and never stored in plaintext)

2.2 Measurement data

When a DIMS-it station measures a parcel, we collect:

• Parcel dimensions (length, width, height), weight, and volume
• Barcode data scanned from the parcel
• Measurement metadata (confidence score, shape classification, cycle time)
• Timestamp, station ID, and shipment reference

2.3 Image data (Professional and Enterprise plans only)

If your plan includes 4K image capture:

• RGB photographs of parcels taken during measurement
• Images are stored securely on our servers and are accessible only to authorised users within your organisation
• Images are retained according to your plan's data retention period and then permanently deleted

2.4 Station telemetry

DIMS-it stations send periodic heartbeat data to our cloud, including:

• Hardware status (CPU, memory, disk usage)
• Software version and update status
• Network connectivity information (IP address for remote management)
• Calibration state

2.5 Website enquiry data

If you submit an enquiry via our website, we collect:

• Name, email, phone number, company name
• Your message and plan interest

2.6 Cookies and analytics

Our website uses minimal, essential cookies only. We do not use third-party tracking or advertising cookies. The DIMS-it cloud dashboard uses an HTTP-only session cookie for authentication.

3. How we use your data

We use your data to:

• Provide the service: Process measurements, manage shipments, generate carrier rate quotes, and deliver integration data to your connected systems
• Maintain and improve: Monitor station health, deliver software updates, diagnose issues, and improve measurement accuracy
• Communicate: Send service notifications, respond to support requests, and provide account information
• Bill and invoice: Generate invoices for your subscription and hardware purchases
• Comply with law: Meet legal obligations, including tax and financial reporting

We do not sell your data to third parties. We do not use your measurement data or images for advertising purposes.

4. Data sharing

We share your data only when necessary to provide the service:

• Carrier services: When you request rate quotes or book shipments, we share parcel dimensions and shipping details with your selected carriers (DHL, FedEx, UPS, or via gateways like EasyPost, ShipEngine, ShipStation)
• ERP/WMS integrations: When you configure integrations (Xero, Sage 200, Odoo, etc.), measurement data is pushed to those platforms using credentials you provide
• Webhook endpoints: If you configure webhooks, measurement events are sent to URLs you specify
• Infrastructure providers: We use cloud hosting providers to run the DIMS-it platform. All data is encrypted at rest and in transit

5. Data retention

We retain your data according to your subscription plan:

• Standard plan: 90 days for measurement data, 30 days for audit logs
• Professional plan: 1 year for measurement data and audit logs
• Enterprise plan: Custom retention period as agreed in your contract

After the retention period, data is permanently deleted. Account data (user details, billing) is retained for as long as your subscription is active plus 6 years for tax/legal compliance.

6. Data security

We take security seriously:

• All data is encrypted in transit (TLS 1.2+) and at rest
• Carrier and integration credentials are encrypted with AES-256-GCM per tenant
• Row-level security enforces tenant isolation in the database
• API keys are hashed with bcrypt; plaintext is shown only once at creation
• Regular security audits and penetration testing
• Station-to-cloud communication uses authenticated API keys over HTTPS

7. Your rights (GDPR)

If you are in the UK or European Economic Area, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Ask us to correct inaccurate data
• Erasure: Ask us to delete your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Ask us to limit how we process your data
• Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact privacy@dims-it.com. We will respond within 30 days.

8. International transfers

DIMS-it operates primarily in the UK and EU. If data is transferred outside these regions (for example, to serve US-based customers), we ensure appropriate safeguards are in place, including standard contractual clauses where required.

9. Children

DIMS-it is a business-to-business service. We do not knowingly collect data from children under 16. If you believe we have collected such data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact us

For privacy-related queries:

• Email: privacy@dims-it.com
• Post: Stirling Jones Solutions Ltd, United Kingdom

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).