Privacy Policy

Introduction

Dito ("we," "us," or "our") is operated by Redhead Studio (a trade name of Ashley Redhead). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Dito mobile application ("App"). By using Dito, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, username, and password when you register for an account.
• Profile Information: Profile pictures you upload, which are stored on Google Cloud Storage servers in the United States.
• Location Information: When you grant iOS location permission, we temporarily obtain your coordinates to bias Google Places search results toward nearby venues. We do not store your location coordinates; only the venue addresses you manually select are saved.
• Contacts Information: When you grant iOS contacts permission, we access phone numbers only to help you find friends on Dito. Phone numbers are sent to our backend for matching but are not stored permanently.
• Photos: When you grant iOS photo library permission, you can upload profile pictures to the App. Uploaded photos are stored in Google Cloud Storage (us-central1 region) and are accessible via public URLs to anyone who has the link.
• User Content: Meetup invitations ("nudges"), messages, location preferences, and addresses you manually enter for suggested venues.
• Calendar Information: With your explicit permission through Google Calendar OAuth, we access your calendar events including event titles, locations, start/end times, and all-day status. This data is cached locally on your device for up to 5 minutes to improve performance. Your friends see only your busy/free availability windows using Google Calendar's FreeBusy API and never see your event titles, descriptions, or other details. We store encrypted access and refresh tokens to request calendar data as needed.
• Friend Connections: Information about your friend relationships within the App, including friend requests and accepted connections.

1.2 Automatically Collected Information

• Device Information: Device type, operating system, unique device identifiers, and mobile network information.
• Push Notification Tokens: Expo push notification tokens to send you notifications about friend requests, meetup invitations, and reminders.
• Usage Information: Information about how you interact with the App, including features used and actions taken.
• Log Data: Server logs including IP address, access times, and error reports for troubleshooting and security purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App's core functionality, including facilitating friend connections and coordinating meetups.
• Identify mutual free time slots between you and your friends using calendar availability data.
• Suggest nearby venues using your temporary location to bias Google Places search results.
• Help you discover friends on Dito by matching phone numbers from your contacts.
• Display calendar event information to you within the App to help you schedule around your existing commitments.
• Send you push notifications about friend requests, meetup invitations, confirmations, and reminders.
• Send you password reset emails when requested.
• Authenticate your identity and maintain account security.
• Improve and optimize the App's performance and user experience.
• Troubleshoot technical issues and provide customer support.
• Comply with legal obligations and enforce our Terms of Service.

2.1 Use of Google APIs

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use your Google Calendar data only to:

• Display your own calendar events to you within the App.
• Show you your availability and suggest meeting times based on your schedule.
• Share only busy/free time blocks (not event details) with your friends using Google Calendar's FreeBusy API to find overlapping availability for meetups.

We do not use your Google Calendar data for advertising or marketing, and we do not allow humans to read this data except where required for security, abuse prevention, or legal compliance.

3. How We Share Your Information

3.1 With Other Users

• With Your Friends: Users you have accepted as friends can see your name, username, profile picture, and busy/free availability blocks when coordinating meetups. Friends never see your calendar event titles, descriptions, locations, or other event details. We use Google Calendar's FreeBusy API to share only availability windows, not event contents.
• With Users You Invite: When you send a friend request, the recipient will see your name, username, and profile picture.

3.2 With Service Providers

• Google Cloud Platform: For hosting our backend infrastructure and PostgreSQL database. Servers are located in the United States.
• Google Cloud Storage: For storing profile pictures in the us-central1 region. Profile pictures are accessible via public URLs to anyone with the link.
• Google Calendar API: For accessing your calendar events (titles, times, locations) to display to you and for accessing FreeBusy availability to share with friends. We store encrypted access and refresh tokens to maintain calendar sync. Friends never receive your event details—only busy/free blocks via the FreeBusy API.
• Google Places API: For venue search and suggestions. When you grant location permission, we send your coordinates to Google Places to bias results toward nearby venues. Your location coordinates are not stored by Dito.
• Gmail (Google SMTP): For sending password reset emails.
• Expo Push Notification Service: For delivering push notifications to your device about friend requests, meetups, and reminders.

3.3 For Legal Reasons

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to:

• Comply with legal obligations.
• Protect our rights, property, or safety.
• Protect the rights, property, or safety of our users or the public.
• Prevent or investigate possible wrongdoing, fraud, or security issues.

3.4 What We Do Not Share

• Sell your personal information to third parties.
• Share your calendar event details, titles, descriptions, or locations with your friends. They only see busy/free availability blocks via Google Calendar's FreeBusy API.
• Use analytics or advertising services that track you across apps and websites.
• Share your information for marketing purposes.

4. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: Google Calendar refresh tokens are encrypted using AES-256-GCM encryption before storage. Data is transmitted over HTTPS/TLS.
• Authentication: Passwords are hashed using industry-standard methods. Access to the App requires authentication.
• Access Controls: Access to user data is restricted to necessary personnel and systems.
• Secure Infrastructure: Our servers are hosted on Google Cloud Platform with enterprise-grade security.
• Public Profile Pictures: Profile pictures stored in Google Cloud Storage are accessible via public URLs. Anyone with the URL can view the image. Do not upload photos containing sensitive information.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and, where required, the appropriate authorities, in accordance with applicable law.

5. Data Retention

We retain your information for as long as necessary to provide the App's services and as described in this Privacy Policy:

• Active Accounts: While your account is active, we retain your account information, profile data, friend connections, and meetup history.
• Account Deletion: You can delete your account at any time through the App's Settings > Delete Account screen or by emailing us at ashleyredhead5@proton.me. Upon deletion, your account information, profile data, friend connections, and stored Google Calendar access and refresh tokens are removed within 30 days. To preserve the integrity of your friends' meetup history, past confirmed meetups will remain in their archives with your name replaced by "Deleted User". Future confirmed meetups will be canceled and participants notified.
• Legal Requirements: We may retain certain information longer if required by law or to resolve disputes, prevent fraud, or enforce our agreements.
• Anonymized Data: We may retain anonymized or aggregated data indefinitely for analytics and improvement purposes.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your account information, profile picture, and preferences directly within the App.

6.2 Calendar Access

You can disconnect your Google Calendar at any time through the App's settings. This will revoke our access to your calendar and delete stored calendar tokens.

6.3 iOS Permissions

You can manage permissions for location, contacts, and photos through your iPhone's Settings app under Dito. Revoking these permissions will disable related features:

• Location: Prevents venue search from being biased toward nearby results.
• Contacts: Prevents phone number-based friend discovery.
• Photos: Prevents uploading new profile pictures.

6.4 Push Notifications

You can disable push notifications through your device settings or by logging out of the App.

6.5 Account Deletion

You can delete your account through the app's Settings > Delete Account screen. Alternatively, you can email ashleyredhead5@proton.me with your account information. We will process your request within 30 days.

6.6 Data Portability

You may request a copy of your personal information by emailing ashleyredhead5@proton.me. We will provide your data in a commonly used format within 30 days.

7. Children's Privacy

Dito is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at ashleyredhead5@proton.me.

8. International Data Transfers

Dito is operated from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, stored, and processed in the United States. By using the App, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and similar laws. In this section, "personal information" has the meaning given in those laws.

Categories of Personal Information We Collect and Purposes of Use

In the past 12 months, we have collected the following categories of personal information from California residents:

• Identifiers (such as name, email address, username, and device identifiers) – used to create and manage your account, connect you with friends, secure the App, and communicate with you.
• Internet or other electronic network activity information (such as usage data and log information) – used to operate, secure, and improve the App and to troubleshoot problems.
• Geolocation or location-related information (such as addresses you enter for suggested venues or meetups) – used to help suggest and coordinate meetup locations.
• Precise geolocation data (such as GPS coordinates temporarily obtained when you grant location permission) – used transiently to bias Google Places venue search toward nearby results. Coordinates are not stored by Dito.
• Contact information (such as phone numbers from your contacts) – used temporarily for friend discovery and matching. Phone numbers are sent to our backend for matching but are not permanently stored.
• Profile information and user content (such as profile photo stored in Google Cloud Storage, nudges, and messages) – used to provide social and meetup features in the App. Profile photos are publicly accessible via URL.

We collect these categories directly from you, automatically from your device, and from integrated services (such as Google Calendar) as described above. We do not "sell" or "share" personal information as those terms are defined under California law.

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email ashleyredhead5@proton.me with your request.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this policy and notify you through the App or by email if the changes are material. Your continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Redhead Studio
Dito
Email: ashleyredhead5@proton.me