Last Modified: 2026-04-25
Version: v1.1 (External TestFlight)
This Privacy Policy describes how DooDads ("we", "us", or "our") collects, uses, and safeguards your information when you use the DooDads iOS application ("the Service"). We have written this policy to be specific about what we collect and what we do not collect; if anything below is unclear, please contact us at support@doodads.app.
DooDads is designed to collect as little personal data as is required to deliver the Service. The following categories describe everything we collect:
When you sign in to DooDads we use your phone number to send a one-time SMS code (via Twilio Verify) so we can confirm you control that number. Before any of your data is uploaded to our servers, your phone number is hashed on your device using HMAC-SHA256 with a server-side pepper. The raw phone number never leaves your device. We use the resulting hash as your account identifier and to match you against contact-hash uploads from your friends. We do not store your raw phone number.
Each day, when you tap to post a photo in response to your daily doodad, the photo is uploaded to a private storage bucket on our infrastructure (Supabase Storage in v1; Cloudflare R2 in a future release). Photos are accessible only to your confirmed friends within the app. We serve photos to your friends via short-lived signed URLs; we do not make photos available to the public web, do not index them, and do not use them for advertising or training.
We store your timezone in IANA format (for example, America/Los_Angeles) so we can schedule the daily push notification ("ping") to arrive in your local lunch hour. We do not collect GPS coordinates or any precise location data — your timezone is the only location-related data we keep.
If you grant DooDads access to your address book, we hash the E.164-formatted phone numbers of your contacts on your device using HMAC-SHA256 with a server-side pepper, and upload only those hashes. We use the hashes to find which of your contacts already have DooDads accounts so we can suggest friends. Names, email addresses, and any other contact metadata never leave your device. Only phone-number hashes are uploaded.
Your contact hashes are deleted when you delete your account (see Section 5). A standalone "forget my contacts" affordance, separate from full account deletion, is planned for a future release.
Apple's Push Notification service (APNs) provides us with a device-specific token so we can deliver the daily ping. We store this token keyed by (user_id, device_uuid) so a single account can receive pushes on multiple devices. Tokens are rotated by Apple as needed and are not used for any tracking or analytics purpose.
When you and another user mutually confirm a friendship, we store a bidirectional record of that friendship. We use friend-graph edges to determine whose photos appear in your feed and to whom your photos are shown. Friend edges are removed when you unfriend a user or when either party deletes their account.
DooDads has an in-app cosmetic-only economy of "acorns", streaks, and badges that reflects how often you post on time. We store an append-only ledger of acorn events so we can render your current state. Acorns are cosmetic only and never redeemable for real-world goods, services, or money. They have no monetary value and cannot be transferred between accounts.
Before any photo leaves your device we run an on-device CoreML classifier to screen for not-safe-for-work content. If the classifier flags a photo, we log the image hash and a timestamp for safety auditing. The flagged image bytes themselves are not retained — only the hash and timestamp.
For accurate streak math we record server-side timestamps such as posted_at (when your photo upload completed) and ping_sent_at (when the daily push was issued). These timestamps are generated by our server, not your device.
During sign-in, we record the IP address and IP-derived country of the request to /send-otp, solely to detect and block SMS-pumping fraud (a class of abuse where attackers trigger SMS messages to inflate carrier-billed traffic). This data is retained only for the duration of the rate-limit window — typically minutes to hours — and is then deleted. We do not use IP addresses for advertising, tracking, or analytics.
To set expectations clearly, the following data is not collected by DooDads:
We use the information described in Section 1 to:
DooDads is built around a friends-only feed: photos you post are visible only to your confirmed friends within the app. Beyond that:
Our infrastructure providers ("subprocessors") and what they handle:
Each subprocessor handles data only as required to perform the function listed and is bound by their own privacy commitments to us.
We may also disclose information when required by law, valid legal process, or to protect the safety of users (including reporting child sexual abuse material to the National Center for Missing & Exploited Children, NCMEC, as required by 18 U.S.C. § 2258A and the REPORT Act).
You can delete your account in-app, in three taps or fewer, via Settings → Privacy → "delete my account". The deletion confirmation requires you to type the literal word DELETE (uppercase) to prevent accidental loss. Once you confirm:
This account-deletion flow is required by Apple App Store Review Guideline 5.1.1(v) and is implemented as a first-class feature of the app.
We retain the categories of data described in Section 1 for as long as your account is active. Specific retention notes:
If you stop using the Service for an extended period and have not deleted your account, we may, at our discretion and after attempting to notify you, delete your account and associated data.
DooDads is intended for users 13 and older. We do not knowingly collect personal information from children under 13. Account creation is hard-blocked at sign-up for users who indicate they are under 13. If we discover that a user under 13 has created an account, we will delete that account and any associated data promptly. If you believe a child under 13 has created an account, please contact us at support@doodads.app.
DooDads is currently available only in the United States and Canada. Sign-in is geographically restricted to those countries (a defense-in-depth control against SMS pumping fraud). International expansion is planned for a future release. If you are outside the US or Canada, the Service may not be available to you.
We take the security of your information seriously. Our practices include:
No system is perfectly secure; we follow industry best practices, but cannot guarantee absolute security.
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
To exercise any of these rights, contact us at support@doodads.app. We will respond within a reasonable timeframe.
The DooDads iOS app does not use cookies. The static legal pages you are reading on doodads.app are served without analytics or tracking cookies. We may use the Apple-provided Identifier for Vendors (IDFV) within the iOS app for internal analytics purposes (such as diagnosing crashes); IDFV is scoped to our app vendor and is reset when you uninstall all of our apps. We do not use the Identifier for Advertisers (IDFA).
If you grant the iOS notification permission, we send you one daily push notification ("the daily ping") containing your doodad for the day. You may also receive transactional push notifications (for example, when a friend accepts your friend request). You can disable notifications at any time via iOS Settings → Notifications → DooDads, or via the in-app Settings → Notifications switches. Disabling notifications does not delete your account or affect any other Service functionality; you simply will not be reminded that the day's doodad has dropped.
If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), to know what personal information we have collected about you, to request deletion of that information, to correct inaccuracies, and to opt out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information for cross-context behavioral advertising. To exercise your access, deletion, or correction rights, contact us at support@doodads.app or, in most cases, use the in-app account-deletion flow described in Section 5. We will not discriminate against you for exercising these rights.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent national laws give you certain rights with respect to your personal data, including the rights to access, rectify, erase, restrict processing of, and port your personal data, as well as the right to object to processing and the right to lodge a complaint with a supervisory authority. The legal bases on which we process your data are: (a) performance of a contract (delivering the Service to you), (b) legitimate interests (preventing fraud, ensuring security, moderating content), and (c) compliance with legal obligations (responding to lawful process; child-safety reporting). To exercise your GDPR rights, contact us at support@doodads.app. Note that DooDads is currently available only in the United States and Canada (see Section 8 of this policy); GDPR rights apply if and when we expand to your region.
DooDads's infrastructure (Supabase, Vercel, Cloudflare, Apple) operates in multiple jurisdictions. By using the Service, you understand that your data may be transferred to and processed in countries other than your country of residence, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms approved by the applicable supervisory authority.
When another user files a Report against one of your posts, we record the following moderation evidence solely for safety-review purposes:
This evidence is retained for ninety (90) days as described in Section 6 above. We use it to action the specific report, to detect patterns of abuse (e.g., repeat-violator accounts; griefer accounts that submit many false reports), and to satisfy preservation obligations to the National Center for Missing & Exploited Children (NCMEC) under 18 U.S.C. § 2258A and the REPORT Act in the case of suspected child sexual abuse material.
If your post is reported, we may auto-hide it pending human review. If our moderation team determines the post does not violate our Terms, the post is restored and the report is dismissed. If the post is found to violate our Terms, it is removed and we may take further account-level action up to and including suspension.
Some web browsers transmit a "Do Not Track" (DNT) signal. Because DooDads does not use cross-site or cross-app tracking, the DNT signal does not change our behavior. We do not have advertising trackers, behavioral analytics, or third-party tag managers to disable.
We may update this Privacy Policy from time to time. The Last Modified date at the top of this page reflects the most recent change. Material changes will be communicated in-app. Your continued use of the Service after the effective date of an updated policy constitutes your acceptance of the updated terms.
Questions, concerns, or requests about this Privacy Policy? Contact us at support@doodads.app.