Privacy Policy

Last updated: October 22, 2025

1. Introduction

Welcome to Doodlr, an AI-powered short-form content creation platform ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service to create, optimize, and distribute AI-generated content for social media platforms.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, business details
  • Payment Information: Billing details, payment method (processed securely by third-party payment processors)
  • Content Input: Text prompts, images, videos, and other content you upload or provide for AI processing
  • Social Media Credentials: OAuth tokens and account information when you connect third-party platforms (TikTok, Instagram, YouTube)
  • Profile Information: Business niche, preferences, content goals

2.2 Automatically Collected Information

  • Usage Data: Features used, content generated, publishing history, platform engagement
  • Device Information: IP address, browser type, operating system, device identifiers
  • Analytics Data: Session duration, page views, clicks, interactions (via PostHog)
  • Web Vitals: Performance metrics including page load times, responsiveness, and user experience indicators
  • Cookies: Authentication tokens, preferences, analytics identifiers

2.3 AI-Generated Content

We temporarily store your input prompts, uploaded media, and AI-generated outputs to provide our service, improve AI models, and ensure quality control.

3. How We Use Your Information

We use your information to:

  • Provide Services: Generate AI content, publish to social platforms, manage your account
  • Process Payments: Handle subscriptions, invoicing, and payment processing
  • Improve Our Platform: Train and refine AI models, optimize features, analyze usage patterns
  • Personalization: Recommend templates, suggest improvements, customize your experience
  • Communications: Send service updates, feature announcements, marketing emails (opt-out available)
  • Security: Detect fraud, prevent abuse, ensure platform integrity
  • Legal Compliance: Meet legal obligations, enforce terms, protect rights
  • Analytics: Understand user behavior, measure performance, conduct research

4. AI and Machine Learning

4.1 Content Processing

Your content inputs and generated outputs may be processed by third-party AI services (e.g., OpenAI, Anthropic, Stability AI, etc.) to generate videos, images, and text. These services have their own privacy policies and data handling practices.

4.2 Model Training

We may use anonymized and aggregated data to improve our AI models and service quality. You can opt out of having your content used for model training by contacting us at privacy@doodlr.app.

5. Information Sharing and Disclosure

We share your information with:

5.1 Service Providers

  • AI Providers: OpenAI, Anthropic, Stability AI, and other AI service providers
  • Cloud Infrastructure: AWS, Vercel, Supabase for hosting and storage
  • Payment Processors: Stripe, PayPal for billing
  • Analytics: PostHog for web analytics, product analytics, and web vitals tracking
  • Email Services: For transactional and marketing communications

5.2 Social Media Platforms

When you authorize us to post content to TikTok, Instagram, YouTube, or other platforms, we share your generated content with these platforms per your instructions. These platforms have their own privacy policies.

5.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account Data: Until account deletion + 30 days
  • Generated Content: 90 days after creation (unless saved to your library)
  • Usage Analytics: 24 months
  • PostHog Analytics Data: Retained according to PostHog's data retention policies
  • Payment Records: 7 years (legal requirement)
  • Marketing Emails: Until you unsubscribe

7. Your Rights and Choices

Depending on your location, you may have rights to:

7.1 Access and Portability

Request a copy of your personal data in a structured, machine-readable format.

7.2 Correction

Update or correct inaccurate information through your account settings.

7.3 Deletion

Request deletion of your account and personal data (subject to legal obligations).

7.4 Opt-Out

  • Marketing Emails: Unsubscribe link in every email
  • Analytics: Browser settings, ad blockers (functionality may be affected)
  • Model Training: Contact privacy@doodlr.app

7.5 Restrict Processing

Request limitation of how we process your data in certain circumstances.

To exercise these rights, contact us at privacy@doodlr.app

8. Analytics with PostHog

We use PostHog, an open-source product analytics platform, to collect and analyze data about how users interact with our service. This helps us understand user behavior, improve our website's performance, and enhance user experience.

8.1 Web Analytics and Product Analytics

PostHog collects information about your interaction with our website and application, including:

  • Page views and navigation patterns
  • Features used within the platform
  • User engagement metrics
  • Session duration and frequency
  • Device and browser information

8.2 Web Vitals

We track performance metrics through PostHog, including page load times, responsiveness, and cumulative layout shift. This data helps us optimize our platform's performance and user experience.

8.3 PostHog Data Privacy

PostHog is committed to data privacy and security. It offers features that support compliance with data protection regulations, including GDPR. PostHog does not collect personally identifiable information unless explicitly provided. For more information about PostHog's privacy practices, visit PostHog's privacy policy.

8.4 Opting Out of PostHog Analytics

You can control data collection through your browser settings, including disabling cookies or using privacy-focused browser extensions. You may also opt out of PostHog tracking, though this may affect some functionality on our platform.

9. Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication with OAuth 2.0
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Automated backup systems
  • Third-party security certifications (SOC 2, ISO 27001 where applicable)

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU/UK transfers
  • Data Processing Agreements with all service providers
  • Compliance with GDPR, CCPA, and other regional regulations

11. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately at privacy@doodlr.app.

12. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, security, session management (required)
  • Analytics Cookies: Usage patterns, performance metrics (PostHog)
  • Preference Cookies: Theme, language, settings

You can control cookies through your browser settings, but disabling some cookies may affect functionality.

13. Third-Party Links

Our service may contain links to third-party websites or integrate with third-party services (social media platforms, AI providers). We are not responsible for the privacy practices of these third parties. Please review their privacy policies.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information
  • Opt-out of sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising CCPA rights

To exercise these rights, email privacy@doodlr.app with "CCPA Request" in the subject line.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing includes:

  • Contract: To provide services you've requested
  • Legitimate Interests: To improve our service, prevent fraud
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with laws

You may lodge a complaint with your local data protection authority.

16. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or prominent notice on our service at least 30 days before changes take effect. Continued use after changes constitutes acceptance.

17. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: privacy@doodlr.app

Data Protection Officer: dpo@doodlr.app

Address: 1234 Wilshire Boulevard, Los Angeles, CA 90001, USA

Response Time: We aim to respond within 30 days

This privacy policy is effective as of October 22, 2025 and applies to all users of Doodlr.

By using our service, you acknowledge that you have read and understood this privacy policy.