Privacy Policy

Effective Date: June 22, 2026

DodotX ("we", "our", "us") is committed to protecting the privacy of families and children. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Parent Accounts:

• Email address (for account creation and password recovery)
• Name (to personalize the experience)
• Hashed password (securely encrypted, never stored in plain text)

Child Profiles:

• Nickname or pet name only — we do not collect a child's real name, email, or any personal identifiers
• Age (to provide age-appropriate task suggestions)
• Avatar emoji selection (no photographs required)
• Task completion data and point totals

2. Children's Privacy (COPPA Compliance)

DodotX is designed with children's privacy as a core principle:

• Children never need an email address or password to use DodotX
• Children join only through a parent-generated, time-limited family code
• We only collect the minimum data necessary: a nickname, age, and task progress
• We do not serve advertisements to children
• We do not use any tracking, analytics, or fingerprinting SDKs
• Parents have full control to view, modify, or delete their child's data at any time through the app's Settings

3. How We Use Your Data

• To provide and improve the DodotX service
• To generate AI-powered task suggestions and routines (processed server-side, not shared with third parties)
• To send password reset emails (only when requested by a parent)
• To maintain account security (rate limiting, JWT authentication)

4. Data Sharing

We do not sell, rent, or share personal data with third parties. Data is only shared in these limited cases:

• AI Processing: Task data may be sent to our AI provider for generating suggestions. No personally identifiable information is included.
• Email Delivery: Your email address is shared with our email provider (Gmail SMTP) solely for sending password reset codes.
• Legal Requirements: We may disclose data if required by law or to protect the safety of our users.

5. Data Security

• Passwords are hashed using bcrypt (industry standard)
• API endpoints are protected with JWT authentication
• Rate limiting prevents brute-force attacks (10 attempts per minute)
• Family invitation codes expire every 60 minutes
• All API documentation is disabled in production

6. Data Retention & Deletion

We retain account data for as long as your account is active. Parents can:

• Delete any child profile (and all associated data) from the Settings screen
• Request full account deletion by contacting support@dodotx.net

Upon account deletion, all data is permanently removed within 30 days.

7. Visitor Access

DodotX offers a read-only "Visitor View" for family members (e.g., grandparents). Visitors enter a time-limited family code and can view children's progress without creating an account. No visitor data is stored.

8. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of any material changes. Continued use of DodotX after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

• Email: support@dodotx.net
• Website: dodotx.net/support