Privacy Policy

DolFin ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect when you use the DolFin app, why we collect it, how we store it, and your rights. We do not sell your data to third parties.

1. Information We Collect

1.1 Account & Profile Data

When you create an account or use DolFin, we may collect:

Email address (used to identify your account)
Display name or username (if you provide one)
Avatar or profile image (if you upload one)

1.2 App Usage & Progress Data

To provide the DolFin experience, we store your in-app activity:

Habit completion records (which habits you completed and on which date)
Daily quest completions and XP earned
Current streak and longest streak
Gem balance and gem transaction history
Financial lessons completed
Level and overall DolFin Score
Achievements unlocked
Waste Finder results (e.g. subscription costs you identified)
Safety Net goal amount (a number you enter; no bank data)

1.3 Device & Technical Data

We automatically collect limited technical information to keep the app working:

Device type and operating system version
App version
Crash logs and error reports (to fix bugs)
Push notification token (if you grant notification permission)

1.4 Purchase Data

If you purchase Pro or gem packs, transactions are processed by Apple (App Store) or Google (Google Play). We receive a confirmation of the purchase (product ID, date) but never your payment card details.

1.5 What We Do Not Collect

Bank statements or financial account credentials
Government IDs or Social Security / PPS numbers
Location data
Contacts or calendar data
Browsing or search history outside the app

2. How We Use Your Data

Provide the service — sync your progress, calculate streaks, award XP and gems, unlock achievements.
Push notifications — send daily habit reminders and streak-protection warnings (only if you grant permission; you can turn these off at any time in Settings).
App improvement — analyse aggregated, anonymised usage patterns to improve features and fix bugs.
Customer support — respond to enquiries or restore purchases if needed.
Legal compliance — meet applicable laws and regulations.

We do not use your data to serve third-party advertising or sell it to data brokers.

3. Data Storage & Security

Your account and progress data is stored on Supabase, a secure cloud database platform. Data is encrypted in transit (TLS) and at rest. Supabase infrastructure is hosted on AWS and complies with SOC 2 Type II standards.

Some data (e.g. notification preferences, offline progress) is also stored locally on your device using AsyncStorage and only synced to our servers when you are online.

We retain your data for as long as your account is active or as required by law. If you delete your account, your personal data is removed within 30 days, except where retention is required for legal or fraud-prevention purposes.

4. Sharing Your Data

We do not sell, rent, or trade your personal data. We share data only in these limited cases:

Service providers — Supabase (database hosting), Apple / Google (purchase verification), and crash-reporting tools that operate under strict data-processing agreements.
Legal requirements — if required by law, court order, or to protect the rights and safety of users.
Business transfer — in the event of a merger or acquisition, your data may transfer to the acquiring entity, which will be bound by this policy.

5. Push Notifications

DolFin can send you two types of local push notifications:

Daily habit reminder — at a time you choose in Settings.
Streak protection warning — at 21:00 if you haven't completed your habits that day.

Notifications are scheduled locally on your device. You can enable or disable them at any time in the DolFin Settings screen or in your device's system notification settings.

6. Children's Privacy

DolFin is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at hello@dolfin.app and we will promptly delete the account and associated data.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

Access — request a copy of the data we hold about you.
Correction — ask us to correct inaccurate data.
Deletion — request deletion of your account and associated data.
Portability — receive your data in a machine-readable format.
Objection / Restriction — object to or restrict certain processing activities.
Withdraw consent — where processing is based on consent (e.g. notifications), withdraw it at any time.

To exercise any of these rights, email us at hello@dolfin.app. We will respond within 30 days.

If you are in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

8. Tracking & Analytics

The DolFin mobile app does not use cookies. We may use anonymised, aggregated analytics to understand how features are used. We do not use cross-app tracking or share your identifier with advertising networks.

If you are visiting this website (dolfin.app), standard web server logs may record your IP address and browser agent. We do not use third-party advertising trackers on our website.

9. Third-Party Services

DolFin may contain links to external websites or services (e.g. App Store, Google Play). Once you leave the app, this Privacy Policy no longer applies. We encourage you to read the privacy policies of any third-party services you use.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. For significant changes we will notify you via the app or email. Your continued use of DolFin after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: hello@dolfin.app