Privacy Policy

1. Introduction

Desk Dojo ("we," "our," or "us") operates the Desk Dojo mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the App.

2. Information We Collect

2.1 Information You Provide

When you create an account, we collect:

• Email Address: Used for account authentication, password recovery, and important account notifications.
• Password: Stored in encrypted (hashed) form. We never store or have access to your plaintext password.
• Display Name (optional): If you choose to set a display name, it is used to personalize completion certificates. You may change or remove it at any time.

We do not collect your profile photo, phone number, age, or any other personal demographic information.

2.2 Learning Progress Data

To provide our educational services and track your learning journey, we collect:

• Lesson completion status and scores
• Quiz and drill performance (attempts, correct answers)
• Experience points (XP) earned
• Daily activity streaks
• Achievement unlocks and timestamps
• World/course completion records
• Swipe game scores and statistics
• Prestige level (for users who reset and replay content)

2.3 Device Preferences (Stored Locally)

The following preferences are stored only on your device and are never transmitted to our servers:

• Theme preference (light or dark mode)
• Sound effects enabled/disabled
• Haptic feedback enabled/disabled
• Keyboard shortcut platform preference (Windows or Mac)

2.4 Automatically Collected Information

When you use the App, we may automatically collect certain information for error tracking and app improvement:

• Error and Crash Data: When the App encounters an error, we collect crash reports, error messages, and the sequence of actions leading to the error. This helps us identify and fix bugs.
• Device and App Information: Our analytics service automatically collects your operating system and version, device model, screen dimensions, timezone, locale, and app version. This helps us diagnose device-specific issues and improve compatibility. We do not collect advertising identifiers.
• Vendor Identifier (iOS): On iOS devices, our subscription management provider (RevenueCat) collects your Identifier for Vendor (IDFV) to validate purchases and prevent fraud. This identifier is specific to our app and cannot be used to track you across other apps.

Important: Our error tracking system is explicitly configured to not collect personally identifiable information (PII). Your email address is never included in error reports.

2.5 Guest Users

You may use the App as a guest without creating an account. Guest user data is stored only on your local device and is not transmitted to our servers. If you uninstall the App or clear its data, your guest progress will be permanently lost.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the App
• Create and manage your account
• Track and display your learning progress
• Sync your progress across devices (for registered users)
• Send password reset emails when requested
• Identify and fix bugs and errors in the App
• Improve the App based on usage patterns
• Respond to your support requests

4. Third-Party Services

We use the following third-party services to operate the App:

4.1 Supabase (Authentication & Database)

We use Supabase to handle user authentication and store your learning progress data. When you create an account, your email address and encrypted password are stored with Supabase. Your progress data is also stored in Supabase to enable cross-device syncing.

Supabase Privacy Policy: https://supabase.com/privacy

4.2 PostHog (Analytics)

We use PostHog to understand how the App is used, such as which lessons are completed and which features are popular. PostHog receives your anonymous user ID (not your email) and anonymized usage events such as lesson completions, feature interactions, subscription status, and app lifecycle events (such as when the App is opened, backgrounded, installed, or updated). We have disabled location tracking (GeoIP) in PostHog. No personally identifiable information is included in analytics events.

PostHog Privacy Policy: https://posthog.com/privacy

4.3 Sentry (Error Tracking)

We use Sentry to track errors and crashes in the App. Sentry collects error messages, stack traces, and contextual information about how the error occurred. We also collect performance data (such as screen load times and network request durations) to monitor app responsiveness. We have configured Sentry to not collect personally identifiable information. Only your anonymous user ID (not your email) may be associated with error reports and performance data.

Sentry Privacy Policy: https://sentry.io/privacy/

4.4 RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat receives your anonymous user ID (not your email or name), your purchase and subscription history, and on iOS, your Identifier for Vendor (IDFV). We also store subscription metadata (plan type, subscription status, and billing period dates) in our database to manage your access to premium features. RevenueCat processes transactions through the Apple App Store and Google Play Store.

RevenueCat Privacy Policy: https://www.revenuecat.com/privacy

4.5 Expo (App Platform)

The App is built using Expo, a platform for React Native applications. Expo provides various services including app updates and build infrastructure. Expo does not receive your personal data or learning progress.

Expo Privacy Policy: https://expo.dev/privacy

5. Data Storage and Security

5.1 Where Your Data Is Stored

• Local Storage: Your preferences and, for guest users, all progress data is stored locally on your device.
• Cloud Storage: For registered users, your email and progress data are stored in Supabase's secure cloud infrastructure.

5.2 Security Measures

We implement appropriate technical and organizational security measures to protect your data, including:

• Encryption of passwords using industry-standard hashing algorithms
• Secure token storage using platform-specific secure storage (iOS Keychain, Android Keystore)
• HTTPS encryption for all data transmitted between the App and our servers
• Regular security updates and monitoring

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you delete your account:

• Your account and personal data (email, display name, learning progress, achievements, drill statistics, and subscription records) are permanently deleted from our database immediately.
• Error tracking data (Sentry) associated with your anonymous user ID is automatically deleted within 30 days per Sentry's retention policy.
• Analytics data (PostHog) associated with your anonymous user ID may be retained for up to 90 days. After your account is deleted, this data can no longer be linked to your identity because the association between your user ID and email is permanently removed.
• Subscription records (RevenueCat) associated with your anonymous user ID may be retained by RevenueCat as required for App Store and Google Play transaction compliance.

All local data stored on your device is also cleared upon account deletion.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to request access to the personal data we hold about you. Contact us at support@deskdojo.co to request a copy of your data.

7.2 Correction

You may update your display name through the App's settings. To update your email address or make other corrections, please contact us at support@deskdojo.co.

7.3 Deletion

You have the right to request deletion of your account and associated data. You can do this by:

• Using the account deletion feature in the App's settings
• Contacting us at support@deskdojo.co

When you delete your account, your personal data is permanently removed from our database immediately. Third-party service data retention is described in Section 6 above.

7.4 Opt-Out

You may opt out of certain data collection:

• Cloud Sync: Use the App as a guest to keep all data local to your device.
• Analytics: Analytics data collection is enabled by default. You can disable it at any time in the App's settings.
• Error Tracking: Crash and performance monitoring (Sentry) cannot be disabled, as it is essential for maintaining app stability and quality for all users. This data contains no personally identifiable information.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Notice: We do not sell your personal information to third parties.

To exercise your CCPA rights, contact us at support@deskdojo.co.

9. Children's Privacy

The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@deskdojo.co, and we will delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

For significant changes, we may provide additional notice, such as an in-app notification or email (if you have provided your email address).

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@deskdojo.co
• Website: https://deskdojo.co