Privacy Policy

Effective Date: April 6, 2026

DOLO ("we," "us," or "our") is operated by Cohesyn. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the DOLO mobile application and website (collectively, the "Service"). By using the Service you agree to the practices described below.

1. Information We Collect

1.1 Information You Provide

• Account data — name, email address, and authentication credentials when you create an account.
• Voice journal entries — audio recordings you submit for AI-powered transcription and analysis. Raw audio is processed in real-time and deleted from our servers once transcription is complete; only the text transcript is retained.
• Written entries & prompts — any text you type or select within the journaling experience.
• Focus session data — timer durations, streak counts, goals, and achievement progress.
• Social features — display name, avatar, and leaderboard statistics shared with friends you connect with.

1.2 Information Collected Automatically

• Device & usage data — device model, operating system version, app version, session duration, feature usage, crash logs, and performance metrics.
• IP address & approximate location — used for security, fraud prevention, and aggregated analytics. We do not collect precise GPS location.
• Cookies & similar technologies — on our website we may use essential cookies for functionality. We do not use third-party advertising or tracking cookies.

1.3 Information from Third Parties

If you sign in via a third-party service (e.g., Apple Sign-In, Google OAuth), we receive your name and email address from that provider. We do not access your contacts or social-media profiles without your explicit consent.

2. How We Use Your Information

• Provide & improve the Service — process voice entries, generate AI-powered reflections, track focus sessions, and maintain streaks.
• Personalization — customize AI prompts and insights based on your journaling history.
• Social features — display your progress on the friends leaderboard with people you have chosen to connect with.
• Communications — send service-related notifications (streak reminders, feature updates). You can opt out at any time.
• Security & fraud prevention — detect and prevent unauthorized access, abuse, or security incidents.
• Analytics — understand usage patterns in aggregate to improve features and performance.
• Legal compliance — meet applicable legal obligations, resolve disputes, and enforce our terms.

3. AI & Machine Learning Practices

• Your journal entries are processed by our AI models to provide transcription, summaries, and reflective prompts.
• We do not use your personal journal content to train general-purpose AI models. Your entries remain private and are not shared with third-party AI providers for model training.
• We may use de-identified, aggregated usage patterns (never individual journal content) to improve our AI features.
• AI outputs (summaries, prompts, insights) are generated automatically. They are not reviewed by humans unless you contact support and explicitly share them.
• No automated decisions with legal or similarly significant effects are made about you based on AI processing.

4. Data Sharing & Disclosure

We do not sell your personal information. We share data only in the following circumstances:

• Service providers — trusted third parties that help us operate the Service (cloud hosting, analytics, payment processing). They are contractually obligated to protect your data and use it only for the services they provide to us.
• Friends & leaderboard — display name, avatar, streak count, and focus hours are visible to friends you have accepted on the platform.
• Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Data Retention

• Account & journal data — retained as long as your account is active. Upon deletion, we remove your personal data within 30 days, except where retention is required by law.
• Voice recordings — raw audio is deleted from our servers immediately after transcription is complete. Only the text transcript is stored.
• Usage & analytics data — de-identified aggregate data may be retained indefinitely for product improvement.
• Backup copies — encrypted backups are purged within 90 days of data deletion.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, and regular security audits. While no system is completely secure, we are committed to protecting your information and will notify affected users promptly in the event of a data breach.

7. Your Rights & Choices

Depending on your location, you may have the following rights:

• Access & portability — request a copy of your personal data in a structured, portable format.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of your account and associated data.
• Restriction & objection — restrict or object to certain processing activities.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Opt-out of communications — manage notification preferences in the app settings or unsubscribe from emails.

To exercise any of these rights, contact us at privacy@trydolo.app. We will respond within 30 days (or as required by applicable law).

8. International Data Transfers

Your data may be processed in countries other than your own. When we transfer data outside your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms recognized under applicable data protection laws.

9. Children's Privacy

DOLO is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we discover that we have collected data from a child below the applicable age, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@trydolo.app.

10. Third-Party Links

The Service may contain links to third-party websites or services (e.g., Apple App Store, Google Play Store). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. Additional Disclosures for EEA Users (GDPR)

If you are located in the European Economic Area, our legal bases for processing your personal data are:

• Contract — processing necessary to provide the Service you signed up for.
• Legitimate interest — analytics, security, and product improvement, balanced against your rights.
• Consent — marketing communications and optional data uses. You may withdraw consent at any time.
• Legal obligation — compliance with applicable laws.

You have the right to lodge a complaint with your local data protection supervisory authority.

12. Additional Disclosures for California Users (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Opt out of the sale or sharing of your personal information. Note: we do not sell or share your personal information for cross-contextual behavioral advertising.
• Non-discrimination for exercising your privacy rights.

Categories of personal information collected in the preceding 12 months: identifiers (name, email), internet or network activity (device data, usage logs), and audio information (voice recordings processed for transcription).

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page and updating the "Effective Date" above. For significant changes, we will also notify you via in-app notification or email.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, contact us at: