Privacy Policy

1. Who we are and how to reach us

Doodle Save (“we,” “us”) operates the Doodle Save mobile app and the websites at doodlesave.co, doodlesave.ca, and doodlesave.in. We are the data controller for the personal information described in this Policy.

• General contact: help@doodlesave.co
• Privacy Officer (Canada / PIPEDA / Law 25): privacy@doodlesave.co
• Grievance Officer (India / DPDP §13): grievance@doodlesave.co

2. What we collect

2.1 Information you give us

• Account: email, password (hashed by our authentication provider), display name, country, date of birth, and a record of the Terms and Privacy versions you accepted (including the date and best-effort IP address).
• Subscription tracking: the names, amounts, billing cycles, and renewal dates of services you choose to track.
• Content you post: flyer photos, blog posts, votes, and notes.
• Optional profile fields: province / state, city, currency preference.

2.2 Information collected automatically

• Diagnostic and usage data: basic operational logs (sign-in events, errors, push-notification delivery, affiliate-link clicks) used to keep the app working and to detect abuse. You can turn off analytics in Settings → Privacy → Analytics & crash reporting.
• Device and platform identifiers: Expo push tokens (only if you grant notification permission) and minimal device platform info (iOS or Android) to deliver notifications.

2.3 Information from integrations

If you connect a third-party integration in the future (for example, Google sign-in), we request the narrowest scope necessary for that feature. We do not request access to your email contents, calendar, contacts, drive, or financial accounts. We document the exact scopes we use in our public compliance page.

2.4 What we don’t collect

Doodle Save does not store payment-card numbers, bank credentials, government identity numbers, social-security/SIN/Aadhaar numbers, biometric data, or precise GPS coordinates. Location is used only to look up your city when you opt in; the coordinate is not stored.

3. How we use your information

• To operate the app: keep you signed in, sync your subscriptions, send renewal reminders, surface flyers and tips in your country.
• To process consent and age verification, as required to make the service available to you.
• To detect, prevent, and respond to fraud, abuse, and security incidents.
• To send transactional emails (account, security, legal notices).
• To send marketing emails only if you opt in at signup or in Settings → Privacy.
• To comply with applicable law, court orders, and regulator requests.

We rely on consent for marketing communications, performance of contract for service operation, and legitimate interest for fraud prevention and product improvement. In India under DPDP, our lawful basis is your consent under §6.

4. AI-assisted features

Some features of Doodle Save are AI-assisted — for example, grocery price extraction from public merchant pages, and certain recommendations or summaries. Where you see output generated or assisted by AI, we label it clearly with an “AI-generated” tag and an information icon. AI output may be inaccurate; please verify before acting on it.

We do not send your personal subscription data, contact list, or flyer photos to a third-party AI model. Where AI is used for catalog or price work, it operates on public merchant pages, not on your personal information.

5. Country isolation

Your data is partitioned by country. A user in Canada cannot see flyers, blog posts, or other user-generated content from India, and vice versa. The country you choose at signup is permanent, because it is enforced at the database level for every read and write of user-generated content.

6. Affiliate links and analytics

Doodle Save earns revenue partly from affiliate links. When you click a deal card we may record the click (with a deal identifier and your user ID, or anonymously if you have analytics disabled) so we can pay our partners correctly and improve which deals we surface. We do not pass your email, date of birth, or any sensitive field to the merchant. The merchant’s page that opens is governed by their own privacy policy.

You can disable affiliate-click logging at Settings → Privacy → Analytics & crash reporting.

7. Who we share data with

• Supabase Inc. — our database, authentication, file storage, and serverless-function provider. The Supabase project is hosted in ca-central-1 (Canada Central). Supabase is contractually bound to protect personal data and use it only to operate the service.
• Expo (Universe, Inc.) — push-notification delivery. Receives only the push token and the notification payload (e.g., “Netflix renews in 3 days”).
• Affiliate networks (Booking.com, MakeMyTrip, CueLinks, Flipp, and similar) — receive a click-through with a referral identifier when you tap an affiliate link. They do not receive your account information from us.
• Anthropic / model providers — for AI-assisted feature work (e.g., grocery price extraction). They receive public merchant page content, not your personal data.
• Regulators, courts, and law enforcement — only when we are legally required, and we will narrow disclosures to what is necessary.

We do not sell your personal information, and we do not share it with advertisers for targeted-advertising purposes.

8. Security

We apply the following safeguards:

• Passwords are never stored in plain text; they are hashed by our authentication provider using bcrypt.
• All traffic between the app and our servers uses HTTPS / TLS.
• Every database table enforces row-level security so users can only read or write rows that belong to them or to their country.
• An append-only audit log records sensitive administrative actions; update and delete are revoked at the database level so the log cannot be rewritten.
• Administrative access requires multi-factor authentication, and step-up MFA is required for sensitive actions.

No system is perfectly secure. We continue to harden the service over time.

9. Breach notification

If we become aware of a personal-data breach, we will notify affected users and the relevant regulators as soon as feasible (PIPEDA s. 10.1) and within 72 hours for users in India (DPDP §8(6)). The notification will describe the nature of the incident, the data affected, the steps we are taking, and what you can do.

10. Your rights of access and download

You can request a copy of the personal data we hold about you in two ways:

• In-app: Settings → Privacy → Download my data. We generate a JSON bundle with your profile, subscriptions, flyers, blog posts, votes, push tokens, affiliate clicks, and your own audit-log entries, and deliver a 24-hour signed download link.
• By email: write to privacy@doodlesave.co. We respond within 30 days.

This right is granted by PIPEDA Principle 9, Quebec Law 25 §27, and DPDP §11.

11. Correction

You can correct your profile fields (display name, province, city) in the app at any time. For corrections to other data, contact privacy@doodlesave.co. This right is granted by PIPEDA Principle 9 and DPDP §12.

12. Marketing emails and consent withdrawal

Marketing emails (product updates, savings tips) are opt-in. You can opt in at signup or in Settings → Privacy → Marketing emails, and you can opt out at any time using the same toggle or the unsubscribe link in every marketing email. Transactional emails (account, security, legal notices) are not optional while you have an active account.

13. Children

Doodle Save is not directed at children and is only available to users aged 18 and over. We collect date of birth at signup and block account creation for anyone under 18 at both the app and database levels. If you believe a child has created an account, please contact privacy@doodlesave.co and we will remove it.

14. Cookies and similar technologies

The Doodle Save mobile app does not use web cookies. It stores your session token in the secure storage of your device so you stay signed in. The marketing websites (doodlesave.co, .ca, .in) use minimal first-party analytics that do not set tracking cookies. We do not run third-party ad pixels.

15. International transfers and data residency

Our primary database is hosted in Canada Central. Some service providers we use (notification delivery, app distribution) may process data in the United States. Where transfers leave Canada or India, we rely on the contractual safeguards required by PIPEDA, Quebec Law 25, and DPDP, and we limit the data shared to what is necessary for the service.

16. Retention

• Account & subscriptions: kept while your account is active.
• Affiliate-click logs: 13 months, then purged.
• Audit log: 24 months, then purged.
• Deleted accounts: hard-deleted 30 days after a deletion request (see section 21). Records we are legally required to keep (e.g. transaction history for tax) are anonymised — identifiers are stripped, amounts and dates remain.
• Backups: rotate out within 35 days.

17. Automated decisions

Doodle Save does not make decisions about you that produce legal or similarly significant effects through purely automated means. Recommendations and AI-generated content are labelled and advisory.

18. Quebec residents (Law 25)

If you reside in Quebec, you have the rights described in this Policy plus the additional rights granted by Quebec’s Act respecting the protection of personal information in the private sector (Law 25), including the right to data portability and the right to be informed of automated decisions.

Our Privacy Officer for Quebec residents is reachable at privacy@doodlesave.co. Pour les résidents du Québec, vous pouvez contacter notre responsable de la protection des renseignements personnels à l’adresse ci-dessus.

19. India residents (DPDP)

If you are in India, you are a “Data Principal” under the DPDP Act, 2023 and have the rights described in §§11–14 (access, correction and erasure, grievance redressal, and nomination of an authorised representative).

Our Grievance Officer is reachable at grievance@doodlesave.co. We respond to grievances within 30 days. If you are not satisfied with our response, you may complain to the Data Protection Board of India.

20. Changes to this Policy

We may update this Policy. If a change is material we will notify you in-app and ask you to accept the new version before you continue using Doodle Save. The current version number is shown at the top of this page; older versions are archived on request to privacy@doodlesave.co.

21. Account deletion

21.1 How to delete

You can delete your account from Settings → Privacy → Delete my account in the app, or from the web at doodlesave.co/delete-account.

21.2 What gets deleted

Your profile, tracked subscriptions, flyers you posted, blog posts and votes, push tokens, and notification settings.

21.3 What gets anonymised, not deleted

Affiliate-click rows and any transaction-history record we are legally required to keep. We strip your user identifier so the row no longer points back to you; only amounts and dates remain.

21.4 Timing

Deletion is processed within 30 days. You can sign back in within that 30-day window to cancel the deletion. After 30 days the deletion is final.

22. Complaints

If you believe we have mishandled your personal information, please contact our Privacy Officer (privacy@doodlesave.co) or Grievance Officer (grievance@doodlesave.co) first. You also have the right to complain to:

• Office of the Privacy Commissioner of Canada (priv.gc.ca)
• Commission d’accès à l’information du Québec (cai.gouv.qc.ca)
• Data Protection Board of India (once operational)