Privacy policy

1. Controller and scope

The controller of personal data processed through the Service is Fabio Godoy, as CEO and person responsible for operating goDone (hereinafter «we», «us» or «Operator»).

• Mailing address: Rua Augusta Karg, 193, Bauru/SP, ZIP 17018-710, Brazil.
• Email: appgodone@gmail.com

This policy applies to processing carried out through the website, web app, any APIs made available, email communications with support, billing and security processes.

If access to goDone is provided by an organization (employer, client or partner), two controllers or joint controllers may exist: the Operator and that organization. Each party will inform data subjects, as applicable, about purposes and forms of processing.

2. Definitions

For this policy, LGPD concepts apply, including:

• Personal data: information related to an identified or identifiable natural person.
• Data subject: the natural person to whom the personal data refers.
• Processing: any operation on personal data (collection, storage, use, sharing, erasure, etc.).
• Processor: a person or entity that processes data on behalf of the controller.

3. Data we collect

Depending on how you use the Service, we may process:

• Account data: display name, email, password hash (for local login), language/UI preferences, internal user and workspace identifiers.
• Google sign-in: when you sign in with your Google account, we receive technical identifiers and, where authorized, name and email from Google, under Google’s terms.
• Product usage data: content you enter (tasks, titles, descriptions, deadlines, tags, comments, allowed attachments), activity records needed for operation (e.g. completion times for stats/rankings), reminder or notification settings you enable.
• Billing data: for paid plans, customer identification, subscription history and transaction IDs. Card data is generally processed by a certified payment provider (e.g. Stripe); we do not store full card numbers on our servers.
• Support communications: email, subject and message content, plus metadata needed to prevent spam and fraud.
• Technical and security data: IP address, browser/device type, diagnostic logs, session identifiers and, where applicable, device tokens for push notifications.

4. Purposes and legal bases

• Providing the Service (LGPD art. 7(V)): account, authentication, sync, team and workspace features.
• Legal obligations (art. 7(II)): tax/accounting records, lawful court orders.
• Legitimate interests (art. 7(IX)), balanced with your rights: security, fraud prevention, aggregated metrics, technical improvement and support.
• Consent (art. 7(I)), where required for optional features (e.g. certain marketing or non-essential cookies, if implemented).

5. Minors

The Service is not directed to children under 16. If we learn of processing without an adequate legal basis, we will take steps to delete data and close the account as required by law.

6. Sharing and processors

We do not sell personal data. We may share data with processors (cloud hosting, transactional email, payments such as Stripe, Google for sign-in when you use it, error/performance tools if used, minimized).

International transfers may rely on standard contractual clauses, ANPD adequacy decisions or other legal mechanisms under Brazilian law.

7. Retention

We keep data as long as needed for the purposes above, the contractual relationship and legal duties. After account closure, we may retain minimal anonymized/aggregated data or data legally required.

8. Data subject rights (LGPD art. 18)

You may request confirmation of processing, access, correction, anonymization/blocking/deletion where applicable, portability (subject to trade secrets), information on sharing, information on consent and its withdrawal, and deletion of data processed on a consent basis when applicable. You may also file a complaint with the ANPD or consumer protection bodies where applicable.

9. Security

We adopt technical and administrative measures to protect personal data, including encryption in transit where appropriate, access controls and segregation. No system is perfectly secure; use a strong unique password and protect your device.

10. Cookies and local storage

We use cookies and browser local storage necessary for authentication, preferences, limited offline use if enabled, and abuse prevention (e.g. CSRF protection where applicable). If non-essential third-party cookies are added later, we will update this policy and request consent when required.

11. Data protection officer (DPO)

If a DPO is appointed under the LGPD, professional contact details will be published on this page or in the authenticated area of the Service.

12. Changes

We may update this Policy; the «last updated» date will change. Material changes may be communicated by email or prominent notice in the Service.

13. Governing law

This Policy is governed by the laws of the Federative Republic of Brazil, especially the LGPD.

14. Terms of use

The Terms of use complement this policy regarding use rules, intellectual property and limitations of liability.

15. Privacy contact

For personal data requests, exercise of LGPD rights or questions about this Policy, email appgodone@gmail.com with subject «Privacy / LGPD». Mail may be sent to: Rua Augusta Karg, 193, Bauru/SP, ZIP 17018-710, Brazil, to the attention of Fabio Godoy (CEO).

We will respond within reasonable legal timeframes and may request minimal information to verify your identity before disclosing or changing data.