# Donut Chat Privacy Policy **Last Updated:** January 31, 2025 **Effective Date:** January 31, 2025 --- ## Introduction Donut Chat ("we," "our," or "us") provides a real-time messaging service that enables you to communicate with others. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile applications, websites, and related services (collectively, the "Service"). We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully to understand how we handle your information. --- ## Information We Collect ### Information You Provide **Account Information** - Email address (required for account creation) - Username (unique display name, 1-30 characters) - Display name (your full name) - Profile picture (optional) **Authentication Data** When you sign up or log in, we collect: - Password (stored as a secure hash, never in plain text) - Social authentication data if you use Google Sign-In or Apple Sign-In (provider ID only) - Authentication tokens for session management **Messages and Communications** - Message content (text you send and receive) - Media files (images, videos, audio, documents you share) - File metadata (filename, size, type, dimensions) - Poll questions, options, and voting data - Location data when you choose to share your location - Message reactions (emoji reactions) **User-Generated Content** - Chat titles and descriptions you create - Profile information you add - Webhook configurations you create ### Information Collected Automatically **Device Information** - Device type and model - Operating system and version - App version - Device identifier - Screen resolution - Language and timezone settings **Usage Information** - Login timestamps - Last active time - Message read status and timestamps - Feature usage patterns **Connection Information** - IP address - Connection type **Push Notification Tokens** - Apple Push Notification Service (APNS) tokens for iOS devices - Firebase Cloud Messaging (FCM) tokens for Android devices ### Information from Third Parties **Social Sign-In Providers** When you authenticate via Google or Apple: - Provider user ID - Email address (from provider) - Name (from provider) - Profile picture URL (from provider) --- ## How We Use Your Information We use your information to: ### Provide and Operate the Service - Create and manage your account - Enable you to send and receive messages - Deliver files and media you share - Process polls and voting - Enable location sharing when requested - Send push notifications for new messages ### Improve and Personalize the Service - Understand how features are used - Develop new features - Fix bugs and improve performance - Personalize your experience ### Safety and Security - Verify your identity - Detect and prevent fraud, abuse, and security threats - Enforce our Terms of Service - Protect users from harmful content ### Communications - Send service-related announcements - Respond to your support requests - Notify you of policy changes ### AI Features (Optional) When you use AI-powered features: - Analyze message content to extract action items and summaries - Generate AI responses based on conversation context - Track AI token usage for service operation --- ## How We Share Your Information ### With Other Users - Your profile information (username, name, profile picture) is visible to users you interact with - Your messages are shared with intended recipients - Your poll votes may be visible to other chat members (unless anonymous voting is enabled) - Your location is shared only when you explicitly choose to share it ### With Service Providers We work with third-party service providers who help us operate the Service: - **Cloud Infrastructure**: Amazon Web Services (AWS) for hosting and storage - **Push Notifications**: Apple (APNS) and Google (FCM) for delivering notifications - **AI Services**: OpenAI-compatible providers for AI features (when enabled) - **Content Delivery**: CloudFront CDN for media delivery These providers are contractually bound to protect your information and use it only for the services they provide to us. ### For Legal Reasons We may disclose your information if required by law or if we believe disclosure is necessary to: - Comply with legal process or government requests - Enforce our Terms of Service - Protect the rights, property, or safety of Donut Chat, our users, or others - Detect, prevent, or address fraud, security, or technical issues ### Business Transfers If Donut Chat is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change. --- ## Data Storage and Security ### Where We Store Your Data Your data is stored on secure servers provided by Amazon Web Services (AWS). Data may be processed in multiple geographic regions to ensure reliability and performance. ### How We Protect Your Data We implement industry-standard security measures including: - Encryption of data in transit (TLS/HTTPS) - Encryption of sensitive data at rest - Secure password hashing (bcrypt) - Access controls and authentication - Regular security assessments - Rate limiting and abuse prevention ### Data Retention - **Account data**: Retained while your account is active - **Messages**: Retained until you or the chat owner deletes them - **Media files**: Retained until associated messages are deleted - **Authentication tokens**: Automatically expire and are rotated - **Deleted data**: Soft-deleted data may be retained for a limited period for recovery purposes before permanent deletion --- ## Your Rights and Choices ### Access and Portability You can access your account information through the app settings. You may request a copy of your personal data by contacting us. ### Correction You can update your profile information (name, username, profile picture) at any time through the app. ### Deletion You can: - Delete individual messages - Leave or delete chats - Delete your account entirely When you delete your account: - Your profile information is removed - Your messages in group chats may remain visible to other members - Some information may be retained for legal compliance or legitimate business purposes ### Push Notification Preferences You can control push notifications through your device settings or within the app (mute specific chats). ### Location Sharing Location sharing is always opt-in. You choose when and with whom to share your location. --- ## Children's Privacy Donut Chat is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us. --- ## International Data Transfers Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards to protect your information. --- ## Third-Party Links and Integrations The Service may contain links to third-party websites or integrate with third-party services (webhooks, RSS feeds). This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with your information. --- ## Cookies and Similar Technologies Our web-based services may use cookies and similar technologies to: - Maintain your session - Remember your preferences - Analyze usage patterns You can control cookies through your browser settings. --- ## Changes to This Policy We may update this Privacy Policy from time to time. When we make significant changes, we will: - Update the "Last Updated" date at the top of this policy - Notify you through the app or via email - Provide a summary of key changes Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. --- ## Contact Us If you have questions about this Privacy Policy or our data practices, please contact us at: **Email:** help@donutchat.com **Address:** Donut Chat [Your Company Address] --- ## Additional Information for Specific Regions ### European Economic Area (EEA), United Kingdom, and Switzerland If you are located in these regions, you have additional rights under the General Data Protection Regulation (GDPR): - **Right to Access**: Request a copy of your personal data - **Right to Rectification**: Correct inaccurate personal data - **Right to Erasure**: Request deletion of your personal data - **Right to Restriction**: Request limited processing of your data - **Right to Data Portability**: Receive your data in a portable format - **Right to Object**: Object to processing based on legitimate interests - **Right to Withdraw Consent**: Withdraw consent at any time **Legal Basis for Processing:** - **Contract**: Processing necessary to provide the Service - **Legitimate Interests**: Improving the Service, security, fraud prevention - **Consent**: Marketing communications, optional features - **Legal Obligation**: Compliance with applicable laws To exercise these rights, contact us at help@donutchat.com. ### California Residents (CCPA) California residents have the right to: - Know what personal information is collected - Know whether personal information is sold or disclosed - Say no to the sale of personal information - Access their personal information - Request deletion of personal information - Not be discriminated against for exercising these rights We do not sell personal information. --- ## Summary of Data We Collect | Category | Data Types | Purpose | |----------|-----------|---------| | Account | Email, username, name, profile picture | Identify you, enable account access | | Authentication | Password hash, tokens, social IDs | Secure login and session management | | Messages | Text, media, files, reactions | Enable communication | | Device | Device type, OS, app version, tokens | Deliver notifications, ensure compatibility | | Usage | Timestamps, read status | Provide read receipts, order chats | | Location | GPS coordinates (when shared) | Enable location sharing feature | | AI Usage | Token consumption | Operate and improve AI features | --- *This Privacy Policy is provided for informational purposes. We recommend consulting with legal counsel to ensure compliance with applicable laws in your jurisdiction.*