Privacy Policy

Last updated: February 16, 2026

This Privacy Policy explains how Done ("Done", "we", "our", "us") collects, uses, stores, and shares information when you use the Done mobile app and Done website.

1. Information We Collect

Information you provide directly

• Account data: first name, last name, email address, password, and date of birth during sign-up.
• Profile data you choose to add or edit, such as phone, city, and profile photo.
• Task and collaboration data: lists, tasks, due dates, priorities, comments, mentions, and invite emails.
• Attachments and files you upload to tasks.
• Support or privacy inquiries you send to us.

Information collected from device/app usage

• Technical information such as app version and device model used for reliability and troubleshooting.
• Authentication/session tokens and app state saved on your device to keep you signed in and restore app state.
• Notification and activity information related to task/list events in the app.

Optional permissions/data

• Contacts: if you choose invite-from-contacts features, Done reads contact names/emails to let you select invitees.
• Location: if you choose location features, Done may access your location to help you pick places.
• Files/photos: if you choose attachment/upload actions, Done accesses selected files/photos.

2. How We Use Information

• To create and manage accounts, authenticate users, and secure sessions.
• To provide core product features: lists, tasks, assignments, comments, mentions, invites, and reminders.
• To process password reset and invite links.
• To support optional location and contact-based workflows you explicitly use.
• To maintain app reliability, prevent abuse, detect errors, and improve performance.
• To show advertising placements in the app.

3. Ads and Third-Party SDKs/Services

Done uses third-party SDKs/services to operate features. These providers may process technical data under their own privacy terms.

• Ads: Google Mobile Ads SDK (banner ads). This may process advertising identifiers, IP, and ad interaction metadata.
• Maps/Places: Google Places services for location search and place suggestions.
• App Updates: RevoPush / CodePush services for OTA app updates.
• Infrastructure/Storage: cloud hosting and storage providers used to run backend services and store uploaded files.

4. When We Share Information

We do not sell personal data. We may share data only as needed to:

• Provide requested functionality (for example, sending list invites to selected recipients).
• Operate hosting, storage, delivery, and technical infrastructure.
• Comply with legal obligations or enforce our terms.
• Protect rights, security, and integrity of users, Done, and the service.

5. Data Retention

• Account and collaboration data are retained while your account is active.
• If you request account deletion, we will begin deletion of your account data after verification. Primary data is typically removed within 30 days.
• Backup copies may remain for a limited period (typically up to 90 days) before automatic overwrite/deletion.
• Limited records may be retained when required for legal, security, fraud-prevention, and compliance obligations.
• Local app data on your device (such as cached auth/session values) may remain until you log out, clear app data, or uninstall.

6. Account Deletion Request Process

If you want your account deleted, send an email request to ajay@littlebirdie.com.au.

• Use subject: Delete My Done Account.
• Send the request from the email address registered in your Done account.
• We may ask for basic verification before processing to protect account security.
• After verification, we process deletion according to the retention policy above.

7. Your Choices and Rights

• You can decline optional permissions (contacts/location/photos), though related features may not work.
• You can request account/data deletion using the process above.
• You can request access/correction of your account information by contacting us.

8. Security

We use reasonable administrative, technical, and organizational measures to protect data. No system is 100% secure, so we cannot guarantee absolute security.

9. Children

Done is not intended for children under the age required by applicable law in your region. If you believe a child provided personal data without authorization, contact us so we can investigate and take action.

10. International Data Transfers

Your information may be processed in countries other than your own, where data protection laws may differ.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date.

12. Contact Us

Email: ajay@littlebirdie.com.au

Before App Store / Play Store submission, replace this placeholder email with your real production privacy contact email.