Privacy Policy

1. Introduction

Do & Dough ("we", "our", "us") is a family pocket money management application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Please read this Privacy Policy carefully. By using the application, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• Name (first and last name)
• Email address
• Password (stored in hashed form; we never store plain-text passwords)

2.2 Family and Financial Data

When you use the application, we collect:

• Family group information (family name, member roles)
• Transaction data (pocket money allowances, task rewards, spending records)
• Task and chore information (task descriptions, assigned members, completion status)
• Savings goal information (goal descriptions, target amounts, progress)

2.3 Device Information

We may collect:

• Device type and operating system version
• Push notification tokens (for sending notifications)
• App version information

2.4 Biometric Data

If you enable biometric login:

• We use your device's biometric authentication (fingerprint or face recognition)
• We do NOT store biometric data — authentication is handled entirely by your device's secure hardware

3. How We Use Your Information

We use the collected information to:

• Provide and maintain the application and its features
• Manage your account and authenticate your identity
• Process transactions within your family group
• Send notifications about account activity, task completions, and allowance payments
• Send transactional emails (account verification, password resets, family invitations)
• Synchronise data across your devices in real-time
• Improve the application through usage analytics

4. Data Storage and Security

4.1 Storage

• Your data is stored on Microsoft Azure servers
• Offline data is stored locally on your device using encrypted SQLite databases
• Data is synchronised between your device and our servers when connectivity is available

4.2 Security Measures

• All data transmitted between the app and our servers is encrypted using TLS/SSL
• Passwords are hashed using industry-standard algorithms
• Authentication uses JWT (JSON Web Tokens) with configurable expiry
• The app locks automatically after a configurable period of inactivity (default: 2 minutes)
• Biometric authentication is available as an additional security layer

5. Data Sharing

We do not sell your personal information.

We may share your data with:

• Family members within your family group (transaction data, task information, as required by app functionality)
• Service providers who assist in operating the application:
  • Microsoft Azure (cloud hosting and database services)
  • Firebase Cloud Messaging (push notifications — only device tokens are shared)
  • TouchBasePro (transactional email delivery — only email addresses and message content are shared)

6. Children's Privacy

Do & Dough is designed for family use, including children. We take children's privacy seriously:

• Children's accounts are always created and managed by a parent or guardian
• Children can only be part of a family group administered by an adult
• We collect minimal information about child users (name and role within the family)
• Children do not have independent email accounts or login credentials — they access the app through the family group
• Parents can view, modify, or delete their children's data at any time

7. Data Retention

• We retain your data for as long as your account is active
• If you delete your account, we will delete your personal data within 30 days
• Transaction history may be retained in anonymised form for analytical purposes
• Backup copies may persist for up to 90 days after deletion

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your data in a portable format
• Withdraw consent for optional data processing

To exercise any of these rights, contact us at the email address below.

9. Offline Functionality

• The app stores data locally on your device for offline use
• Locally stored data is synchronised with our servers when connectivity is restored
• You can clear locally cached data through the app settings

10. Push Notifications

• We use Firebase Cloud Messaging to send push notifications
• You can disable push notifications through your device settings
• Notification types include: transaction alerts, task reminders, allowance payments, and family invitations

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy within the application
• Updating the "Last Updated" date at the top of this document
• Sending a notification through the app for significant changes

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: support@doanddough.com