Privacy Policy

1. Introduction

Welcome to dozone ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using dozone, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use our Service, we collect the following personal information:

Account Information:

Username (3-30 characters)
Email address (for account verification and communication)
Password (encrypted and hashed using bcrypt)
First and last name (up to 50 characters each)
Profile picture (optional)
Bio/description (optional, up to 500 characters)
User color preference

Profile Preferences:

First day of week preference (Sunday/Monday)
Notification preferences (email, push, SMS)
Privacy settings (profile visibility, online status)
Theme preferences (light/dark mode)

2.2 Objective and Goal Data

We collect information about your objectives, tasks, habits, and goals:

Tasks: Title, description, due dates, completion status, priority, tags, notes
Habits: Title, frequency patterns, completion tracking, streak data, target metrics
Goals: Title, description, milestones, target values, deadlines, progress tracking
Lists and Categories: Custom organization systems you create
Completion Data: When you complete, skip, or fail objectives
Statistics: Performance metrics, streaks, achievement progress

2.3 Usage and Activity Data

We automatically collect certain information about your use of the Service:

Authentication Data:

Login timestamps and frequency
Device information (type, operating system, unique device identifiers)
IP addresses and approximate location
Session tokens and refresh tokens
Login attempt history and security events

App Usage Data:

Features used and frequency of use
Time spent in the application
Navigation patterns and user interactions
Performance metrics and crash reports
Cache and offline usage patterns

2.4 Device Permissions

Our app may request the following permissions:

Notifications: To send reminders and updates about your objectives
Calendar Access: To create calendar events for your objectives (optional)
Camera/Photo Library: To upload profile pictures (optional)
Network Access: To sync data and provide online features

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Service Functionality

Provide and maintain the DoZone application
Create and manage your user account
Store and sync your objectives, tasks, habits, and goals
Calculate statistics, streaks, and achievement progress
Enable collaboration features with friends and groups

3.2 Communication

Send account verification emails
Provide password reset functionality
Send welcome emails after verification
Deliver push notifications for reminders (with your consent)
Respond to your support requests and inquiries

3.3 Security and Safety

Authenticate your identity and prevent unauthorized access
Detect and prevent fraud, abuse, and security threats
Monitor for suspicious activities and security breaches
Enforce our Terms of Service and community guidelines

3.4 Improvement and Analytics

Analyze usage patterns to improve our Service
Debug technical issues and optimize performance
Develop new features and functionality
Generate anonymized statistics and insights

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share your information only in the following circumstances:

4.1 With Your Consent

When you explicitly choose to share objectives with friends or groups
When you grant calendar access to create events
When you enable social features or integrations

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service:

Cloud Storage: AWS S3 for file storage (profile pictures, attachments)
Email Services: SMTP providers for sending verification and notification emails
Push Notifications: Expo Push Notification service for mobile notifications
Error Tracking: Sentry for monitoring application errors and performance
Analytics: Google Analytics for usage statistics (if enabled)

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal processes (subpoenas, court orders)
Government investigations or law enforcement requests
Protection of our rights, property, or safety
Emergency situations involving threat to life or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. Data Security

We implement robust security measures to protect your information:

5.1 Technical Safeguards

Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
Password Security: Passwords are hashed using bcrypt with salt rounds
Access Controls: JWT-based authentication with access and refresh tokens
Input Sanitization: Protection against XSS, SQL injection, and other attacks
Rate Limiting: Protection against brute force attacks and abuse

5.2 Administrative Safeguards

Regular security audits and vulnerability assessments
Employee access controls and training
Incident response procedures
Regular software updates and security patches

5.3 Physical Safeguards

Secure data centers with restricted access
Environmental controls and monitoring
Backup and disaster recovery procedures

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained until you delete your account
Objective Data: Retained until you delete specific items or your account
Usage Logs: Typically retained for 90 days for security and debugging purposes
Security Logs: Retained for up to 1 year for fraud prevention and security monitoring

When you delete your account, we will permanently delete your personal information within 30 days, except where retention is required by law.

7. Your Rights and Choices

7.1 Account Management

Access: View and download your personal data through the app
Update: Modify your profile information and preferences at any time
Delete: Permanently delete your account and associated data
Export: Request a copy of your data in a portable format

7.2 Communication Preferences

Email: Opt out of non-essential emails while keeping security notifications
Push Notifications: Disable notifications through device settings or app preferences
Marketing: Opt out of promotional communications (currently not implemented)

7.3 Privacy Controls

Profile Visibility: Control who can see your profile (public, friends, private)
Online Status: Choose whether to show your online status
Data Sharing: Control sharing of objectives with friends and groups

8. Children's Privacy

dozone is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and provide adequate protection for your personal information.

10. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services (such as calendar applications). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated Privacy Policy in the app
Sending an email notification to your registered email address
Displaying a prominent notice in the app

The "Last Updated" date at the top of this policy indicates when the most recent changes were made.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal information we collect
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise these rights, please contact us using the information provided below.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Lawful Basis: We process your data based on contract performance, legitimate interests, and consent
Access: Request access to your personal data
Rectification: Request correction of inaccurate personal data
Erasure: Request deletion of your personal data
Portability: Request transfer of your data to another service
Objection: Object to processing of your personal data
Withdraw Consent: Withdraw consent for data processing where applicable

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@dozone.app

Address: [Company Address]

Data Protection Officer: dpo@dozone.app (if applicable)

For EU residents, you also have the right to lodge a complaint with your local data protection authority.

15. Acknowledgment

By using dozone, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.