← Dovilo

Privacy Policy

Last updated: April 2026

Your Privacy is Our Priority

Dovilo ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

1. Data Collection

By default, Dovilo stores all your tasks, city progress, focus session data, and app preferences locally on your device. During this anonymous phase, no personal data is collected, transmitted, or stored on external servers. You can use Dovilo fully offline without ever sharing any information.

2. Cloud Sync & Authentication

If you choose to enable cloud sync, we use Firebase Authentication to verify your identity via Google Sign-In or Apple Sign-In. In this case, the following data is stored securely on Firebase servers:

• Your unique User ID (generated by Firebase)
• Your task and city progress data
• App preferences and settings

We do not store your email address, password, or any other personal information beyond what is required for authentication. All data is encrypted in transit (TLS) and at rest on Firebase servers.

3. Analytics

To improve Dovilo and understand how features are used, we use Firebase Analytics. This service collects aggregated, anonymized usage data such as feature engagement, session duration, and app performance metrics. This data does not identify you personally and is used solely for product improvement.

4. Subscription Management

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat processes transaction data provided by Apple App Store and Google Play Store. We do not have access to your payment details (credit card numbers, billing addresses, etc.). RevenueCat's privacy practices comply with GDPR and CCPA standards.

5. Third-Party Services

Dovilo integrates with the following third-party services, each compliant with global privacy standards:

• Firebase (Google) — Authentication, cloud database, analytics
• RevenueCat — Subscription and purchase management
• Apple / Google — Sign-in providers and app distribution

We do not sell, rent, or share your personal data with any other third parties.

6. MCP Server & AI Agent Integration (Desktop Pro)

Dovilo Desktop includes an optional Model Context Protocol (MCP) server that lets external AI agents (e.g. Cursor, Claude Code) interact with your tasks. Important privacy points:

• The MCP server runs entirely locally on your machine. It listens only on a local port and is off by default — you must explicitly enable it.
• Dovilo does not transmit your tasks, notes, or MCP traffic to our servers or any third party. Once enabled, only clients you connect to the local endpoint can read data.
• Authentication is done with a locally generated API key; it never leaves your device unless you copy it into your MCP client.
• Agents can only read and update tasks and steps you've allowed via Dovilo's per-task agent filter. Agents cannot create tasks or access data outside that filter.
• Any information the agent itself sends to its own model provider (OpenAI, Anthropic, etc.) is governed by that provider's privacy policy — not ours.

You can disable the MCP server at any time from Dovilo Desktop settings; this immediately terminates any open agent connections.

7. Data Retention

Local data remains on your device until you delete the app. Cloud-synced data is retained as long as your account is active. If you delete your account, all associated data is permanently removed from our servers within 30 days.

8. Your Rights

You have the right to:

• Access your data at any time through the app
• Export your data from the app settings
• Delete your account and all associated data from Settings > Delete Account
• Opt out of analytics by disabling it in app settings

If you are located in the EU, you also have rights under GDPR including the right to rectification, restriction of processing, and the right to lodge a complaint with a supervisory authority.

9. Children's Privacy

Dovilo is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted within the app and on this page. Continued use of Dovilo after changes constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy, please contact us at [email protected].