Privacy Policy

1. Introduction

DOER ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered goal achievement platform (the "Service") available at usedoer.com.

DOER is based in Seattle, Washington, United States. By using our Service, you agree to the collection and use of information in accordance with this policy.

If you have any questions about this Privacy Policy, please contact us at help@usedoer.com.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Account Information

• Email address (required for account creation)
• Username (optional, for account identification)
• Password (stored in hashed format using secure encryption)
• Authentication tokens and session data

2.2 Profile Data

• Display name
• Avatar URL (if you upload a profile picture)
• Timezone and locale preferences
• User preferences including:
  • Workday hours (start/end times, lunch breaks)
  • Time format (12-hour or 24-hour)
  • Theme preferences (dark/light mode)
  • Privacy settings (analytics preferences, model improvement consent)

2.3 Goal & Plan Data

• Goal text and descriptions
• Clarification responses (when you provide additional context about your goals)
• Start dates and end dates for your plans
• Plan status (active, completed, paused, archived)
• Plan type (AI-generated or manually created)
• Timeline and summary data

2.4 Task Data

• Task names and detailed descriptions
• Estimated duration for each task
• Complexity scores and priority levels
• Task schedules (dates, start times, end times)
• Task categories and classifications
• Rescheduling history and adjustments

2.5 Completion & Analytics Data

• Task completion timestamps
• Scheduled vs. actual completion dates
• Productivity patterns and trends
• Completion rates and consistency metrics
• Health scores and progress tracking
• Rescheduling frequency and patterns

2.6 Integration Data

• Google Calendar connection tokens (encrypted and stored securely)
• Selected calendar IDs for synchronization
• Auto-sync and auto-push preferences
• Calendar event data (when you choose to sync tasks to your calendar)

2.7 Usage & Billing Data

• API usage credits and consumption
• Subscription information and plan details
• Billing data processed through Stripe (payment method information is handled by Stripe, not stored by us)
• Subscription status and renewal dates

2.8 Newsletter & Marketing Data

• Email address (when you subscribe to our newsletter)
• Subscription source (blog, landing page, etc.)
• Subscription status and preferences
• IP address and user agent (collected at time of subscription for security and compliance)

2.9 Technical Data

• IP addresses
• Browser type and version
• Device information
• Cookies and similar tracking technologies
• Usage patterns and service interaction data

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our Service, including generating AI-powered plans, managing your tasks, and tracking your progress
• AI Plan Generation: To process your goals through OpenAI's services to generate personalized action plans and task breakdowns
• Calendar Integration: To sync your tasks with Google Calendar when you choose to connect your calendar account
• Payment Processing: To process payments, manage subscriptions, and handle billing through Stripe
• Communication: To send you email notifications, service updates, and important account-related information
• Newsletter: To send you newsletter emails with articles, tips, and updates when you subscribe (you can unsubscribe at any time)
• Analytics & Insights: To provide you with productivity analytics, completion trends, and personalized insights about your goal achievement patterns
• Service Improvement: With your explicit consent (via the improve_model_enabled preference), we may use your data to improve our AI models and service quality
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• User Support: To respond to your inquiries, provide customer support, and address technical issues

4. Third-Party Services & Data Sharing

We use third-party services to operate our Service. These service providers have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose:

4.1 Supabase

We use Supabase for database storage, user authentication, and email services. Supabase processes your account information, profile data, plans, tasks, and all other data stored in our Service. Supabase is bound by data processing agreements and maintains industry-standard security measures.

4.2 OpenAI

When you request an AI-generated plan, we send your goal text, clarifications, and related context to OpenAI's API to generate your personalized action plan. OpenAI processes this data according to their privacy policy. We do not send your personal identifying information (email, name) to OpenAI, only the goal-related content necessary for plan generation.

4.3 Google Calendar

If you choose to connect your Google Calendar account, we use Google Calendar API to sync your tasks. We store encrypted OAuth tokens to maintain the connection. When you enable calendar sync, we may read your calendar events to avoid scheduling conflicts and write tasks as calendar events. Google processes this data according to their privacy policy.

4.4 Stripe

We use Stripe to process payments and manage subscriptions. Stripe handles payment card information and billing details. We do not store your full payment card details. Stripe processes payment data according to their privacy policy and PCI-DSS compliance standards.

4.5 Email Services

We use Nodemailer and Supabase's email services to send transactional emails, notifications, and account-related communications. These services process your email address and email content to deliver messages.

4.6 Data Sale

We do not sell your personal information. We do not share your data with third parties for their marketing purposes. We only share data as necessary to provide our Service and as described in this Privacy Policy.

5. Data Storage & Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest in our database
• Password Security: Passwords are hashed using secure algorithms and never stored in plain text
• Token Encryption: Third-party integration tokens (e.g., Google Calendar) are encrypted before storage
• Access Controls: We implement role-based access controls and limit access to personal data to authorized personnel only
• Database Security: Data is stored in Supabase's secure PostgreSQL database with regular security updates
• Regular Audits: We conduct regular security assessments and updates

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: We retain your data while your account is active and you are using our Service
• Account Deletion: When you delete your account, we immediately delete your personal data from our active systems. However, data may remain in our backups for 30-90 days before being permanently deleted. Audit logs of account deletions are retained for 7 years for compliance purposes.
• Billing Data: Financial transaction records are retained by our payment processor (Stripe) for legal compliance. Personal identifiers in these records may be redacted upon request. See section 7.3 for more details.
• Legal Requirements: We may retain certain information for longer periods if required by law, to resolve disputes, or to enforce our agreements
• Anonymized Data: We may retain anonymized, aggregated data that cannot identify you for analytical and service improvement purposes

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Right to Access

You have the right to request access to the personal information we hold about you. You can view and update much of your information directly through your account settings.

7.2 Right to Rectification

You can update your profile information, preferences, and other data through your account settings. If you need assistance updating information, please contact us.

7.3 Right to Erasure

You have the right to request deletion of your personal information. You can delete your account and all associated data through your account settings, or by using our data deletion API endpoints. This will permanently delete:

• All your plans and goals
• All tasks and task schedules
• Completion history and analytics data
• Health snapshots and scheduling history
• Profile information and preferences
• Integration connections (e.g., Google Calendar)
• Your subscription will be canceled immediately
• Your billing information will be removed from Stripe (customer deleted)

Stripe Data Retention: When you delete your account, we remove your billing information from Stripe by deleting your customer record. However, Stripe retains certain financial transaction records (invoices, payment intents, charges) for legal and compliance purposes, as required by financial regulations. Personal identifiers in these records may be redacted upon request. For more information about Stripe's data retention practices, please see Stripe's Privacy Policy.

7.4 Right to Data Portability

You have the right to receive a copy of your personal data in a structured, machine-readable format. Contact us to request your data export.

7.5 Right to Object

You have the right to object to certain processing of your personal information, including processing for direct marketing purposes or based on legitimate interests.

7.6 Privacy Preferences

You can control certain aspects of data processing through your privacy preferences:

• Analytics: You can opt-in or opt-out of analytics data collection via the analytics_enabled preference (default: disabled)
• Model Improvement: You can opt-in to allow your data to be used for improving our AI models via the improve_model_enabled preference (default: disabled)
• Newsletter: You can unsubscribe from our newsletter at any time by contacting us at help@usedoer.com or using the unsubscribe link in any newsletter email

These preferences can be updated in your account settings at any time.

7.7 Exercising Your Rights

To exercise any of these rights, please contact us at help@usedoer.com. We will respond to your request within 30 days, or as required by applicable law.

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Service:

8.1 Essential Cookies

These cookies are necessary for the Service to function and cannot be disabled:

• Authentication Cookies: Used to maintain your login session and authenticate your requests (managed by Supabase)
• Security Cookies: Used to protect against security threats and maintain service integrity

8.2 Analytics Cookies

With your consent (via the analytics_enabled preference), we may use analytics cookies to understand how you use our Service and improve user experience.

8.3 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may impact your ability to use certain features of our Service. You can manage analytics preferences through your account settings.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected information from a child under 13, we will delete that information promptly.

If you are between the ages of 13 and 18, you must have your parent's or guardian's permission to use our Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. Specifically:

• Our primary data storage is through Supabase, which may process data in various data center locations
• Third-party services (OpenAI, Google, Stripe) may process data in their respective service locations
• We ensure that appropriate safeguards are in place, including data processing agreements and standard contractual clauses where applicable

By using our Service, you consent to the transfer of your information to these locations.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to know what personal information we collect, use, disclose, and sell. This Privacy Policy provides detailed information about our data practices.

11.2 Right to Delete

You have the right to request deletion of your personal information. You can delete your account and data through your account settings or by contacting us.

11.3 Right to Opt-Out of Sale

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

11.4 Non-Discrimination

We will not discriminate against you for exercising your privacy rights under CCPA.

11.5 Exercising Your Rights

To exercise your California privacy rights, please contact us at help@usedoer.com. We will verify your identity before processing your request.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification for material changes (if you have provided an email address)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For privacy-related complaints, you also have the right to lodge a complaint with your local data protection authority if you are located in the European Economic Area (EEA) or other jurisdictions with similar rights.