Privacy Policy — DoneDingo

DoneDingo ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website at DoneDingo.com and related services (the "Service").

1. Data Controller

DoneDingo is the data controller responsible for your personal data collected through the Service. If you have questions about how your data is handled, please contact us through the application or at the contact information on our website.

2. Information We Collect

We collect the following categories of personal data:

Account information: Email address and display name when you register.
Authentication data: Login credentials (passwords are hashed and never stored in plain text).
User Content: Boards, activities, notes, and other data you create within the Service.
Usage data: Pages visited, features used, actions taken, timestamps, and session duration.
Device & technical data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
Support communications: Messages, feedback, or inquiries you send to us.

3. How We Use Your Information

We use your personal data for the following purposes:

Providing the Service: Account creation, authentication, data storage, and delivering core functionality.
Improving the Service: Analyzing usage patterns, identifying bugs, and developing new features.
Security & fraud prevention: Detecting unauthorized access, protecting against abuse, and maintaining the integrity of the Service.
Customer support: Responding to your inquiries and resolving issues.
Communications: Sending transactional emails (account verification, password resets) and, with your consent, product updates or marketing communications.
Legal compliance: Complying with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

Contract performance: Processing necessary to provide the Service you signed up for (account management, data storage, core features).
Legitimate interests: Improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your rights.
Consent: Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.
Legal obligation: Where processing is required to comply with applicable law.

5. Data Sharing & Recipients

We may share your personal data with the following categories of recipients:

Infrastructure & service providers: Cloud hosting, database, and analytics providers that help us operate the Service (acting as data processors on our behalf).
Merchant of Record (Paddle): Our payment processing is handled by Paddle.com, which acts as the Merchant of Record for all purchases. Paddle collects and processes payment information (card details, billing address) directly — we do not store your payment card information. Paddle processes data for sale fulfillment, subscription management, payments, tax compliance, and invoicing.
Professional advisers: Legal, accounting, or other professional advisers where necessary.
Law enforcement & authorities: Where required by law, regulation, legal process, or governmental request.

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes. Usage and analytics data may be retained in aggregated, anonymized form indefinitely.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Restriction: Request that we restrict processing of your data in certain circumstances.
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us through the application. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including encryption in transit (TLS/SSL), encrypted storage, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Cookies & Tracking

We use cookies and similar technologies to operate the Service:

Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
Analytics cookies: Help us understand how the Service is used so we can improve it. You may opt out of analytics cookies through your browser settings.

We do not use marketing or advertising cookies.

10. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with applicable law.

11. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the date of the most recent revision at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through the application or at the contact information provided on our website.