Privacy Policy

Introduction

Dendedo (“we,” “our,” or “us”) operates the Dendedo mobile application and the dendedo.com website (together, the “Service”). Dendedo is a sole proprietorship based in Herzliya, Israel, operated by Adi Loloi.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have. By using the Service you confirm that you have read and understood this Policy.

Information we collect

Information you provide

• Email address (received from Apple or Google when you sign in)
• Goal descriptions and answers to follow-up onboarding questions
• Journal entries
• Context documents (PDFs or pasted text describing your situation)
• Notification preferences (reminder times, timezone)
• Confirmation that you are at least 13 years old

Information generated by your use

• Task completion data and timestamps
• XP, level, streak, and achievement progression
• Cosmetic inventory and equipped items (skin, hat, shirt, accessory)
• Subscription status (when in-app subscriptions launch)

Information collected automatically

• Device type, operating system version, and app version
• App usage data (sessions, feature interactions, navigation events)
• Push notification tokens
• Crash logs and performance data
• IP address, used by our processors to deliver the Service and detect abuse

How we use your information and our lawful basis

Under the EU General Data Protection Regulation (GDPR) and equivalent laws, we rely on the following lawful bases for processing your personal data:

• Performance of a contract: creating and maintaining your account, generating personalized AI task plans, tracking your progress, sending transactional notifications related to your goals, and providing the core features of the Service.
• Legitimate interest: diagnosing crashes, improving features, preventing fraud and abuse, and securing the Service. We balance these interests against your rights and freedoms.
• Consent: sending optional marketing communications, where you have opted in. You may withdraw consent at any time.
• Legal obligation: retaining records, responding to lawful requests, and meeting tax or regulatory requirements.

Third-party processors

We rely on the following sub-processors to operate the Service. Each is bound by its own privacy terms and, where applicable, a data processing agreement with us.

We do not sell your personal information, and we do not share it with advertisers.

International data transfers

Dendedo is operated from Israel, which the European Commission has determined provides an adequate level of data protection. Several of our processors (Supabase on AWS, Anthropic, PostHog, Sentry, Vercel, Lemon Squeezy, Apple, Google) are based in or store data in the United States or other countries outside the European Economic Area.

Where we transfer personal data of users in the EEA, the United Kingdom, or Switzerland outside those regions, we rely on Standard Contractual Clauses approved by the European Commission, or an equivalent legal mechanism, to safeguard your data.

Automated decision-making

Dendedo uses Anthropic's Claude AI to generate personalized task plans, parse your goals, and analyze the context documents you provide. This processing is automated and produces output (your daily plan and follow-up tasks) that is delivered back to you in the app.

We do not consider this processing to produce legal or similarly significant effects on you, since the output is advisory and you choose which suggestions to act on. If you are in the EEA, the UK, or Switzerland and you would like a human to review, explain, or override an AI-generated plan, contact us at privacy@dendedo.com and we will do so.

You can also disable AI suggestions by discontinuing use of the Service, as plan generation is a core feature.

Your rights

Subject to applicable law, you have the following rights with respect to your personal information:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete your data. You can delete your account and all associated data from Settings inside the app.
• Restriction: ask us to pause processing of your data in certain situations.
• Portability: receive a copy of your data in a structured, commonly used, machine-readable format.
• Objection: object to processing based on legitimate interest.
• Withdrawal of consent: where processing is based on consent, withdraw that consent at any time.
• Complaint: lodge a complaint with your local data protection supervisory authority. Israeli users may contact the Israeli Privacy Protection Authority. EU users may contact the supervisory authority in their member state.

To exercise any of these rights, email privacy@dendedo.com. We respond within 30 days and may ask you to verify your identity before fulfilling a request.

California privacy rights

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you the following additional rights:

• Right to know what personal information we have collected about you, the sources we collected it from, the purposes for collecting it, and the categories of third parties we share it with.
• Right to delete personal information we have collected from you.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information. We do not sell your personal information and we do not share it for cross-context behavioral advertising.
• Right to limit the use of sensitive personal information. We do not use sensitive personal information for purposes beyond providing the Service.
• Right to non-discrimination: we will not deny you service, charge you a different price, or provide a different level of quality because you exercised these rights.

To exercise these rights, email privacy@dendedo.com. You may also designate an authorized agent to make a request on your behalf.

Children's privacy

Dendedo is intended for users who are at least 13 years old. During sign-in, you are required to confirm that you meet this age requirement. We do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13, we will delete that information promptly and terminate the associated account.

If you are a parent or guardian and you believe your child under 13 has provided us with personal information, contact us at privacy@dendedo.com and we will take action.

Data retention

• Active accounts: we retain your data for as long as your account is active.
• Deleted accounts: when you delete your account, your personal data is removed from our active systems within 30 days.
• Backups: data may persist in encrypted backups for up to 90 days after deletion before being overwritten.
• Aggregated and anonymized data: data that cannot be linked back to you (for example, aggregate usage statistics) may be retained indefinitely to improve the Service.
• Legal hold: we may retain certain information longer where required to comply with a legal obligation, resolve a dispute, or enforce our agreements.

Security

We take security seriously and apply industry-standard safeguards, including:

• TLS (HTTPS) encryption for data in transit
• Encryption at rest for stored data
• Hashed and salted passwords; we never store passwords in plain text
• Row-level security policies in our database, so users can only access their own data
• Rate limiting and abuse detection on our APIs
• Least-privilege access controls for administrative access

No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify you and the relevant authorities as required by law.

Cookies and similar technologies

The dendedo.com website uses Vercel Analytics and Vercel Speed Insights, which collect anonymous, aggregated metrics about page visits and performance without setting tracking cookies on your device. The site may set a small number of essential cookies required for it to function correctly. We do not use third-party advertising cookies.

The Dendedo mobile app does not use browser cookies, but it stores small amounts of data locally on your device (such as your authentication token and progress cache) so the app can work offline and remember you between launches.

Israeli law

As an Israeli operator, Dendedo is subject to the Israeli Privacy Protection Law, 5741-1981 and the regulations adopted under it. We handle your personal information in accordance with these requirements, including data security obligations.

Israeli users may contact the Israeli Privacy Protection Authority at gov.il/en/departments/the_privacy_protection_authority.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the app, by email, or by posting a notice on dendedo.com before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Contact us

For privacy-related questions, requests, or complaints, contact:

Dendedo
Adi Loloi, Operator
Herzliya, Israel
privacy@dendedo.com