DolFin ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect when you use the DolFin app, why we collect it, how we store it, and your rights. We do not sell your data to third parties.
1. Information We Collect
1.1 Account & Profile Data
When you create an account or use DolFin, we may collect:
- Email address (used to identify your account)
- Display name or username (if you provide one)
- Avatar or profile image (if you upload one)
1.2 App Usage & Progress Data
To provide the DolFin experience, we store your in-app activity:
- Habit completion records (which habits you completed and on which date)
- Daily quest completions and XP earned
- Current streak and longest streak
- Gem balance and gem transaction history
- Financial lessons completed
- Level and overall DolFin Score
- Achievements unlocked
- Waste Finder results (e.g. subscription costs you identified)
- Safety Net goal amount (a number you enter; no bank data)
1.3 Device & Technical Data
We automatically collect limited technical information to keep the app working:
- Device type and operating system version
- App version
- Crash logs and error reports (to fix bugs)
- Push notification token (if you grant notification permission)
1.4 Purchase Data
If you purchase Pro or gem packs, transactions are processed by Apple (App Store) or Google (Google Play). We receive a confirmation of the purchase (product ID, date) but never your payment card details.
1.5 What We Do Not Collect
- Bank statements or financial account credentials
- Government IDs or Social Security / PPS numbers
- Location data
- Contacts or calendar data
- Browsing or search history outside the app
2. How We Use Your Data
- Provide the service — sync your progress, calculate streaks, award XP and gems, unlock achievements.
- Push notifications — send daily habit reminders and streak-protection warnings (only if you grant permission; you can turn these off at any time in Settings).
- App improvement — analyse aggregated, anonymised usage patterns to improve features and fix bugs.
- Customer support — respond to enquiries or restore purchases if needed.
- Legal compliance — meet applicable laws and regulations.
We do not use your data to serve third-party advertising or sell it to data brokers.
3. Data Storage & Security
Your account and progress data is stored on Supabase, a secure cloud database platform. Data is encrypted in transit (TLS) and at rest. Supabase infrastructure is hosted on AWS and complies with SOC 2 Type II standards.
Some data (e.g. notification preferences, offline progress) is also stored locally on your device and only synced to our servers when you are online.
We retain your data for as long as your account is active or as required by law. If you delete your account, your personal data is removed within 30 days, except where retention is required for legal or fraud-prevention purposes.
4. Sharing Your Data
We do not sell, rent, or trade your personal data. We share data only in these limited cases:
- Service providers — Supabase (database hosting), Apple / Google (purchase verification), and crash-reporting tools that operate under strict data-processing agreements.
- Legal requirements — if required by law, court order, or to protect the rights and safety of users.
- Business transfer — in the event of a merger or acquisition, your data may transfer to the acquiring entity, which will be bound by this policy.
5. Push Notifications
DolFin can send you two types of local push notifications:
- Daily habit reminder — at a time you choose in Settings.
- Streak protection warning — at 21:00 if you haven't completed your habits that day.
Notifications are scheduled locally on your device. You can enable or disable them at any time in the DolFin Settings screen or in your device's system notification settings.
6. Children's Privacy
DolFin is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at hello@dolfin.app and we will promptly delete the account and associated data.
7. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — request deletion of your account and associated data.
- Portability — receive your data in a machine-readable format.
- Objection / Restriction — object to or restrict certain processing activities.
- Withdraw consent — where processing is based on consent (e.g. notifications), withdraw it at any time.
To exercise any of these rights, email us at hello@dolfin.app. We will respond within 30 days.
8. Tracking & Analytics
The DolFin mobile app does not use cookies. We may use anonymised, aggregated analytics to understand how features are used. We do not use cross-app tracking or share your identifier with advertising networks.
9. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at hello@dolfin.app.