Introduction

At Dommy, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Information We Collect

We may collect information about you in a variety of ways:

Personal Information

Name and email address (if you choose to create an account)
Device information and unique identifiers
Contact information you provide when reaching out to support

Usage Data

Habit tracking data and progress information
App usage statistics and interaction patterns
Crash reports and performance data

Health-Related Data

Dommy is a habit tracking application. While it is not primarily a health app, some of the data you enter may be considered health-related under applicable regulations. We are committed to handling this data with the highest level of care and transparency.

Health-Related Data We Collect

When you use Dommy to track your habits, the following health-related information that you voluntarily provide is stored locally on your device:

Habit names, descriptions, and categories (e.g., exercise, hydration, sleep, meditation, nutrition)
Habit completion records, streaks, and progress history
Frequency and scheduling preferences (e.g., daily, weekly goals)
Reminder times and notification preferences for habits
Notes or annotations you attach to your habit entries

How We Use Health-Related Data

We use your health-related data solely to provide and improve the habit tracking service:

To display your habit tracking progress, streaks, and statistics
To send you habit reminders and motivational notifications (with your consent)
To generate personalized insights and recommendations to help you build better habits
To improve the overall quality and relevance of the Dommy service

Health Data Sharing

Your health-related habit data is stored locally on your device and is not transmitted to our servers. We do not sell, share, or use your health-related data for advertising or marketing purposes. This data is never shared with third parties. Your account information (name and email) is stored on our servers under strict security measures as described in the Data Storage and Security section.

Your health-related habit data is stored locally on your device, never uploaded to our servers, and never used for advertising.

How We Use Your Information

To provide, maintain, and improve our services
To personalize your experience and provide habit recommendations
To send you notifications and reminders (with your consent)
To analyze usage patterns and enhance app performance
To respond to your requests and provide customer support

Data Storage and Security

We implement industry-standard security measures to protect your personal and sensitive user data, including health-related information. We take the security of your data seriously and employ multiple layers of protection.

Secure Data Handling Procedures

We apply the following security measures to protect your personal and health-related data:

Encryption in transit: All data transmitted between your device and our servers is protected using TLS 1.2 or higher (HTTPS), ensuring your information cannot be intercepted during transmission.
Encryption at rest: Your data is encrypted at rest using AES-256 encryption on our servers and databases, providing bank-level protection for stored information.
Authentication security: We use secure authentication methods including OAuth 2.0 for social logins and bcrypt hashing for passwords. Passwords are never stored in plain text.
Access controls: Access to personal data is restricted to authorized personnel only, following the principle of least privilege. All access is logged and audited.
Infrastructure security: Our servers are hosted in secure data centres with physical and network security measures, firewalls, and intrusion detection systems.
Incident response: We maintain an incident response plan to quickly address any security breaches. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.

Your data is encrypted with bank-level security (AES-256) both in transit and at rest.

Data Retention and Deletion

We retain your personal and health-related data only for as long as necessary to provide our services and fulfil the purposes described in this policy:

Account data: Name and email are retained while your account remains active and for up to 30 days after account deletion.
Habit and health-related data: Tracking records, streaks, and progress are retained while your account is active to provide long-term insights and historical tracking.
Usage and analytics data: Retained in anonymized form and cannot be linked back to you after anonymization.
Backup data: Backups containing personal information are purged within 90 days of account deletion.

You may request deletion of your data at any time by contacting us at [email protected] or through the account deletion feature in the app. Upon deletion, your personal and health-related data will be removed from our active systems within 30 days and from backups within 90 days.

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With your explicit consent
To comply with legal obligations or respond to lawful requests
With service providers who help us operate the app (under strict confidentiality agreements)

Your Privacy Rights

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal data ("right to be forgotten")
Data Portability: Request your data in a portable format
Object: Object to certain types of data processing

Children's Privacy

Dommy is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Essential Cookies

These cookies are necessary for the app to function and cannot be disabled:

Session Cookies - Keep you logged in and maintain your session
Preference Cookies - Remember your language, theme, and other settings
Security Cookies - Protect your account and prevent fraud

Managing Cookies

You can control cookie settings through your browser. However, disabling essential cookies may affect the functionality of Dommy.

Most browsers allow you to refuse cookies or delete them. Check your browser's help section for instructions.

Analytics

We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 only runs after you provide consent in our cookie banner in regulated regions. When enabled, Google receives device data (such as IP address, user agent, and device identifiers) to provide aggregated analytics and fraud prevention. IP addresses are not anonymized in GA4 for your session. You can withdraw consent at any time via your browser settings or by clearing cookies.

Dommy uses the IP2Location LITE database for IP geolocation.

GDPR Compliance

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR). We are committed to protecting your rights and ensuring compliance with GDPR.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent - When you provide explicit consent (e.g., accepting cookies, signing up for marketing)
Contractual Necessity - To provide you with our services as outlined in our Terms of Service
Legitimate Interests - To improve our services, prevent fraud, and ensure security
Legal Obligation - To comply with applicable laws and regulations

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access - Request a copy of all personal data we hold about you
Right to Rectification - Correct any inaccurate or incomplete personal data
Right to Erasure (Right to be Forgotten) - Request deletion of your personal data under certain circumstances
Right to Restriction of Processing - Request that we limit how we use your data
Right to Data Portability - Receive your data in a structured, machine-readable format
Right to Object - Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent - Withdraw your consent at any time where processing is based on consent
Right to Lodge a Complaint - File a complaint with your local data protection authority

Data Retention

We retain your personal data only as long as necessary:

Account data is kept while your account is active
Habit tracking data is retained to provide you with long-term insights
Deleted accounts are anonymized within 30 days, with backups purged within 90 days

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within 30 days.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]