DoneMode LogoDoneMode

Privacy Policy

Last updated: July 31, 2025

1. Introduction

DoneMode ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service (the "Service"), including our website and application.

This policy complies with: EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018, Irish Data Protection Act 2018, California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Connecticut Data Privacy Act (CTDPA), and Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Data Controller Information

Data Controller: DoneMode Ltd (registered in Ireland)
Email: hi@donemode.com

We do not currently require a Data Protection Officer under GDPR Article 37.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Email address, username, password (encrypted)
  • Profile Information: Any additional profile details you choose to provide
  • Communication Data: Messages you send to us, support requests
  • Payment Information: Billing details processed through LemonSqueezy (we do not store payment card details)
  • Goal and Journal Entries: Data you input for personalized goal tracking and memory features (with automatic memory extraction limited to 2 high-importance memories per day)

3.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access logs, error logs, performance data
  • Analytics Data: Aggregated usage statistics
  • Cookie Data: As described in our Cookie Policy

3.3 Information from Third Parties

  • Authentication Providers: If you sign up through third-party services

3.4 AI Coaching Content

Data submitted to and generated from our AI features is processed by OpenAI, which may temporarily store data to monitor for abuse and improve models, in accordance with OpenAI's Privacy Policy. Our AI coaching system includes multiple persona options (Direct, Supportive, Analytical, Creative) and automatically extracts and stores relevant memories from conversations to improve personalization.

4. Legal Basis for Processing (GDPR/UK GDPR)

We process your personal data under the following legal bases:

  • Consent: For marketing communications, cookies (where required)
  • Contract Performance: To provide our Service and fulfill our obligations
  • Legitimate Interest: To improve our Service, security, analytics
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

5.1 Service Provision

  • Create and manage your account
  • Provide AI-powered features and memory storage
  • Process payments and manage subscriptions
  • Provide customer support
  • Send service-related communications

5.2 Service Improvement

  • Analyze usage patterns to improve functionality
  • Develop new features and services
  • Conduct research and analytics
  • Ensure security and prevent fraud

6. Data Sharing and Disclosure

6.1 Service Providers

  • Supabase: Database and authentication services
  • OpenAI: AI processing services (data processed according to their privacy policy)
  • LemonSqueezy: Payment processing
  • Upstash: Caching and rate limiting services
  • Firebase: Notifications and analytics (if applicable)

We do not sell your personal information to third parties.

7. Your Rights

7.1 All Users

  • Access: Request access to your personal data
  • Correction: Correct inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a portable format

7.2 GDPR/UK GDPR Rights

  • Restriction: Restrict processing of your data
  • Objection: Object to processing based on legitimate interest
  • Automated Decision-Making: Not to be subject to automated decision-making
  • Withdraw Consent: Withdraw consent at any time

7.3 US State Privacy Rights (CCPA/CPRA/VCDPA/CPA/UCPA/CTDPA)

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out: Opt-out of sale/sharing (we don't sell data)
  • Right to Limit: Limit use of sensitive personal information
  • Non-Discrimination: Not be discriminated against for exercising rights

7.4 Canadian Rights (PIPEDA)

  • Access: Access your personal information
  • Correction: Correct inaccurate information
  • Complaint: File complaint with Privacy Commissioner

8. Data Retention

We retain your data for as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Specific retention periods:

  • Account data: Until account deletion + 30 days for backup recovery
  • Usage logs: 2 years
  • Support communications: 3 years
  • Payment records: 7 years (legal requirement)

Account Deletion: Upon deletion, your personal data is removed from active systems and backups within 30 days, except where retention is required by law.

9. Security Measures

We implement appropriate technical and organizational measures:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Limited access on need-to-know basis
  • Regular Audits: Security assessments and updates
  • Incident Response: Procedures for data breach response

10. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate protection through:

  • EU Standard Contractual Clauses for transfers outside the EEA
  • UK Addendum for transfers from the UK
  • Adequacy decisions where applicable
  • Other approved transfer mechanisms

Data may be processed in the United States by service providers such as OpenAI and LemonSqueezy. We use Standard Contractual Clauses (SCCs) approved by the European Commission and other legal safeguards to protect your data.

12. Contact Us

For privacy-related questions or to exercise your rights, please contact us at hi@donemode.com

Response Time: We will respond within 30 days (or as required by applicable law)

How to Exercise Your Rights: To request access, correction, or deletion, email us at hi@donemode.com from your account email. We may require verification before proceeding.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify users by email or in-app notice if material changes occur and update the "Last Updated" date.

14. Governing Law

This Privacy Policy is governed by the laws of Ireland.

15. Cookie Policy

For detailed information about how we use cookies and similar technologies, please see our Cookie Policy.

Version 1.1 • Effective July 31, 2025