Do-Do legal terms
These starter clauses are written for a family coordination app operating in the EU/EEA and the United States. They must be reviewed by qualified counsel before commercial launch.
Do-Do is a coordination tool. It is not a law firm, court, mediator, emergency service, medical provider, bank, or tax adviser.
Terms of Use
These Terms govern access to Do-Do, including the mobile web app, installed PWA, notifications, calendar features, messages, reminders, expenses, shopping lists, settings, and related services.
Accounts and authority
- You must provide accurate account and family information and keep access credentials secure.
- You confirm that you have authority to add children, pets, co-parents, caregivers, or family members to a shared board.
- You are responsible for the content you add, including messages, expenses, schedules, reminders, and family details.
Family records
- Cards, messages, reminders, and activity trails may be retained as coordination records.
- Do-Do may show timestamps, status changes, read states, reminder settings, and message history to authorized family-board members.
- Unless a paid legal export feature is separately agreed, Do-Do does not guarantee that records are court-admissible in any jurisdiction.
Acceptable use
- Do not use Do-Do to harass, threaten, impersonate, stalk, abuse, or unlawfully monitor another person.
- Do not upload or enter unlawful, exploitative, discriminatory, or highly sensitive information unless necessary for legitimate family coordination.
- Do not bypass security, scrape the service, overload systems, or attempt to access another family board without permission.
Health, finance, and emergencies
- Medical, allergy, medication, expense, and schedule details attached to Dos are user-entered coordination notes, not professional advice.
- For emergencies, contact local emergency services directly. Do-Do notifications may be delayed, muted, or unavailable.
- Expense and budget modules are not banking, accounting, tax, or legal settlement services unless expressly stated in a separate agreement.
Disclaimers and liability
- The service is provided "as is" and "as available" during prototype and MVP stages.
- We do not promise uninterrupted availability, legal outcomes, successful co-parent communication, or error-free automations.
- To the maximum extent permitted by law, liability is limited to the amount paid for the service in the previous 12 months, or USD 100 if no amount was paid.
Changes and termination
- We may change features, pricing, or these Terms with reasonable notice where required by law.
- You may stop using Do-Do and request export or deletion as described in the Privacy Notice.
- We may suspend access for security risk, unlawful use, non-payment, or material breach of these Terms.
Privacy Notice
This notice describes how Do-Do collects, uses, and protects your personal data. Do-Do is operated by Bart Gumowski (Switzerland). Effective date: June 2026.
Data we may collect
- Account data: name, email, phone, authentication provider, device, and account settings.
- Family-board data: co-parent names, child names, pet names, schedules, reminders, tasks, expenses, messages, shopping lists, and budget entries.
- Usage data: logins, app interactions, notification permissions, read receipts, card status changes, and feature analytics.
- Device data: browser, operating system, approximate region, push subscription, and service-worker status.
How we use data
- Provide the family board, messages, reminders, calendar cards, expenses, settings, and onboarding.
- Send push notifications, reminders, account messages, invitations, and security notices.
- Maintain audit trails, prevent abuse, protect accounts, debug issues, and improve reliability.
- Comply with legal obligations and respond to lawful requests.
EU/EEA legal bases
- Contract: to provide the app and account features you request.
- Consent: for optional notifications, analytics where required, and certain child-data processing where required.
- Legitimate interests: security, fraud prevention, product improvement, and service reliability.
- Legal obligation: tax, accounting, lawful requests, and compliance duties.
EU/EEA and UK rights
- You may request access, correction, deletion, restriction, portability, or objection to processing.
- You may withdraw consent where processing relies on consent.
- You may complain to your local data protection authority.
- Some requests may be limited where records must be kept for security, legal claims, or another user's rights.
United States privacy rights
- California and other eligible U.S. residents may request access, correction, deletion, portability, and information about categories of data collected, used, disclosed, or shared.
- Do-Do does not sell personal information. If targeted advertising or data sharing is added later, a clear opt-out control must be provided.
- We do not discriminate against users for exercising privacy rights.
Sharing and processors
- Supabase (EU-West-1, Ireland) - database, authentication, file storage, and real-time sync. Your data is stored in the EU.
- Vercel (US) - serverless API hosting. Request data passes through Vercel's infrastructure.
- Anthropic (US) - AI field extraction via Claude Haiku. Card text submitted for AI interpretation is sent to Anthropic's API. No data is used for model training without consent.
- Stripe (US/EU) - payment processing for subscriptions and expense payments. Payment card data is handled exclusively by Stripe and never stored by Do-Do.
- Resend (US) - transactional email delivery (reminders, invites, payment requests).
- Data is shared with your invited co-parent according to family-board permissions.
- Data may be shared with authorities when legally required.
Retention and deletion
- Account and board data is kept while the account or family board is active.
- You may delete your account at any time via Settings → Account → Delete account. Your profile and messages are removed immediately. Cards you authored are anonymised within 30 days. Your co-parent's data is preserved.
- You may export all your personal data via Settings → Account → Download my data (GDPR data portability).
- Backups may persist for up to 30 days before automatic deletion.
- Stripe retains payment transaction records as required by financial regulations.
Data residency
- Primary data storage: Supabase EU-West-1 (Ireland). Do-Do selects EU storage to serve Swiss and European users.
- API processing: Vercel edge functions may execute in the closest available region.
- AI processing: Anthropic's API (US). Only card text submitted for interpretation is transferred.
Children and Family Data
Do-Do is designed for parents and guardians to coordinate family logistics. Child profiles are controlled by adults.
- Adults must have parental responsibility or another lawful basis before adding a child profile.
- Children under 13 in the United States should not create independent accounts unless a COPPA-compliant parental consent flow is active.
- Parents may request access, correction, export, or deletion of child data, subject to safety, record-retention, and other users' rights.
- Do-Do should collect only the child information reasonably needed for coordination.
- Future child-facing features must use age-appropriate design, limited collection, and parental controls.
Security and Incident Notice
- Use encryption in transit, access controls, least-privilege admin access, logging, and regular dependency updates.
- Protect push subscriptions, auth tokens, child data, and message records as sensitive family coordination data.
- Notify affected users and regulators where required after a confirmed data breach.
- Users should report suspected unauthorized access immediately.
Cookies and Local Storage
- Session cookies - Supabase uses a single authentication cookie to keep you signed in. This is strictly necessary and does not require consent.
- Local storage - Do-Do stores your board data, settings, and preferences in your browser's local storage to keep the app fast and available offline. No personal data is sent to advertisers.
- Service worker cache - App assets (HTML, CSS, JS) are cached for offline use and fast loading. No tracking data is cached.
- No advertising or analytics cookies - Do-Do does not use Google Analytics, Facebook Pixel, or any advertising-network cookies. There is no tracking of your activity across other websites.
- Push notifications - require your explicit browser permission and can be disabled at any time in your browser or device settings, or in Do-Do Settings → Notifications.
- If analytics are added in future they will be privacy-preserving (e.g. Plausible or Fathom) and this notice will be updated.
Contact
Operator: Bart Gumowski
Country: Switzerland
Privacy contact: hello@do-do.app
Security issues: hello@do-do.app
Swiss users: Do-Do processes personal data under the Swiss Federal Act on Data Protection (revDSG / nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR) for EU residents. You have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.