Privacy Policy
Last updated: May 12, 2026
1. Who We Are
DoneDanaDone ("we", "our", "us") operates the DoneDanaDone Android application and web dashboard.
2. What We Collect
| Data | Why | Where stored |
|---|---|---|
| Email address | Account authentication | Supabase (Mumbai) |
| Full name | Display in app, task assignment | Supabase (Mumbai) |
| Phone number | Staff profile (optional) | Supabase (Mumbai) |
| Task photos | Proof of task completion | Supabase Storage (Mumbai) |
| Crash logs | Bug diagnosis | Firebase Crashlytics (Google) |
| FCM device token | Push notifications | Firebase (Google) |
3. How We Use Your Data
- Authenticate users and maintain sessions.
- Display assigned tasks and workflow progress.
- Store photo evidence of completed task steps.
- Send push notifications about task assignments.
- Diagnose and fix application crashes.
We do not sell, rent, or share personal data with third parties for marketing.
4. Data Retention
Account data is retained while your employer's organisation account is active. Task photos are retained per your organisation's configuration. Crash logs are retained for 90 days in Crashlytics.
5. Your Rights & Data Deletion
You may request access to, correction of, or deletion of your personal data at any time.
How to request account or data deletion:
- Email gakshayapps@gmail.com with subject line "Data Deletion Request".
- Include your registered email address and the type of data you want deleted (account, photos, or all data).
- We will confirm receipt within 3 business days and complete deletion within 30 days.
What gets deleted:
- Account deletion: email, name, phone number, session data — permanently deleted.
- Task photos: permanently deleted from Supabase Storage.
- Crash logs: retained for up to 90 days in Firebase Crashlytics per Google's policy, then auto-deleted.
Note: Account deletion is managed by your organisation admin. If you are a staff member, your admin may need to initiate the request on your behalf.
6. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access is scoped by organisation — no cross-tenant data access is possible.
7. Third-Party Services
- Supabase — database and file storage. Privacy policy.
- Firebase Crashlytics — crash reporting. Privacy policy.
- Firebase Cloud Messaging — push notifications. Privacy policy.
8. Children
The app is intended for adult employees only. We do not knowingly collect data from anyone under 18.
9. Changes
Material changes will be notified via email or in-app notice. Continued use after notice constitutes acceptance.