Privacy Policy

Privacy Policy for Dottle

Last updated: April 16, 2026

This Privacy Policy explains how Cardboard, LLC ("we," "us," or "our") collects, uses, and shares information in connection with the Dottle mobile application ("Dottle" or the "App"). By using Dottle, you agree to the practices described below.

If you have any questions, contact us at: support@dottleapp.com

1. Who We Are

Dottle is a productivity and focus app owned and operated by Cardboard, LLC. The App helps users stay focused by timing focus sessions, blocking selected apps during those sessions, and using AI to verify task completion. This policy covers the Dottle mobile app across iOS and Android.

2. Information We Collect

We collect the following categories of information:

Account information (provided by you):

  • Email address

  • Password (stored only in hashed form by our authentication provider)

  • Name (if provided during onboarding)

Content you create inside the App:

  • Task names and descriptions

  • Timer session durations and completion times

  • Photos you upload as proof of task completion

  • Text notes you enter as proof of task completion

  • Lists of apps you select to block during focus sessions (stored only on your device — see Section 5)

Usage and technical data:

  • Timestamps of focus sessions, task creations, and task completions

  • Streak and progress statistics derived from your task history

  • Device model, OS version, and app version (for error reporting)

  • IP address (automatically logged by our hosting provider)

Purchase data:

  • Subscription status (active / inactive)

  • Purchase and renewal history

  • Subscription tier

We do NOT collect: precise location, contacts, health data, financial information, or biometric data.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account

  • Provide the App's core features (task creation, timer, app blocking, AI task verification, streak tracking)

  • Process subscription payments and manage your subscription tier

  • Send essential service communications (account verification, payment confirmations, support responses)

  • Analyze your AI task-completion proof to determine whether a task was actually done as described

  • Diagnose bugs and improve app reliability

  • Protect against fraud, abuse, and violations of our Terms of Service

We do NOT use your information for advertising, marketing to third parties, or any tracking across other apps or websites.

4. How We Share Your Information (Third-Party Services)

We work with the following third-party service providers. Each has its own privacy policy:

Clerk (authentication) — stores your email, name, password hash, and session tokens. Clerk is used for signing in and maintaining your logged-in state. Clerk's Privacy Policy

RevenueCat (subscription management) — stores your anonymized RevenueCat user ID, linked to your Clerk user ID, plus your purchase and subscription history. RevenueCat does not receive your email or name. RevenueCat's Privacy Policy

Google Cloud Storage (task proof photos) — stores photos you upload as proof of task completion. Photos are associated with your user ID but are not shared with anyone outside our systems. Google Cloud's Privacy Notice

OpenAI (AI task verification) — when you submit proof of a completed task, the photo URLs and any text you write are sent to OpenAI's GPT model to evaluate whether the proof matches the task. OpenAI does not train models on API data by default. OpenAI's Privacy Policy

Railway (backend hosting) — hosts our application servers and database. Railway processes any data you send to our backend as part of standard infrastructure operations. Railway's Privacy Policy

We do not sell, rent, or share your personal information with advertisers, data brokers, or any other third parties beyond those listed above.

5. Apple Screen Time / Family Controls

Dottle uses Apple's Family Controls and DeviceActivity frameworks to let you block distracting apps during focus sessions. When you select apps to block:

  • All Screen Time data stays on your device. We never receive, transmit, store, or share the list of apps you select or your Screen Time usage patterns.

  • The iOS system enforces the blocks on your behalf — our servers are not involved.

  • You can revoke Screen Time access at any time via iOS Settings → Screen Time → Allow Apps to Access or by deleting the App.

  • We only request the Screen Time permission so you can use our focus features. Nothing is logged about which apps you block or how often.

6. Data Retention

  • Active account data (email, name, tasks, subscription status) is retained as long as your account is active.

  • Task proof photos are retained for 12 months after the associated task is completed, then automatically deleted.

  • After you delete your account, we delete your account record, task history, and photos within 30 days, except where we are legally required to retain specific records for tax, fraud prevention, or regulatory compliance (up to 7 years for financial records).

  • Anonymized analytics and aggregate usage data may be retained indefinitely.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you

  • Correct any inaccurate information

  • Delete your account and associated personal data

  • Export your account data in a machine-readable format

  • Withdraw consent for optional processing at any time

To exercise any of these rights, email us at support@dottleapp.com with your account email. We respond within 30 days.

Users in the European Union / United Kingdom

Under the GDPR / UK GDPR, you have additional rights including the right to restrict or object to processing, the right to data portability, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is (a) performance of our contract with you (to provide the App) and (b) our legitimate interest in operating and improving the App.

California residents

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the "sale" of your personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.

8. Children

Dottle is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, email support@dottleapp.com and we will delete it.

9. Security

We use industry-standard security measures including:

  • TLS encryption for all data in transit

  • Encrypted storage at rest via our cloud providers

  • Password hashing (we never store passwords in plain text)

  • Limited employee access to production systems

No security system is perfect. If we ever become aware of a breach that affects your personal information, we will notify you as required by applicable law.

10. International Data Transfers

Our service providers may process data in the United States and other countries. By using the App, you consent to the transfer of your information to these countries. For users in the EU/UK, we rely on standard contractual clauses and the adequacy decisions where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where required by law, notify you in the App or by email. Continued use of Dottle after changes means you accept the updated policy.

12. Contact

For privacy questions, data requests, or concerns:

Email: support@dottleapp.com
Company: Cardboard, LLC
App: Dottle