Privacy policy.

1 Interpretation and definitions

1.1 — Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in the singular or in the plural.

1.2 — Definitions

For the purposes of this Privacy Policy:

Account

means a unique account created for You to access our Service or parts of our Service.

Affiliate

means an entity that controls, is controlled by, or is under common control with a party.

Application

means the software program provided by the Company, named DoneThat.

Business

refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of that information.

Company

(referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to DoneThat, [COMPANY ADDRESS], [BUSINESS ID]. For the purpose of the GDPR, the Company is the Data Controller.

Consumer

refers to You.

Cookies

are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country

refers to [COUNTRY].

Data Controller

for the purposes of the GDPR, refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Device

means any device that can access the Service such as a computer, a cellphone, or a digital tablet.

Do Not Track (DNT)

is a concept that has been promoted by US regulatory authorities for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

Personal Data

is any information that relates to an identified or identifiable individual.

Service

refers to the Application or the Website or both.

Service Provider

means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.

Third-party Social Media Service

refers to any website or any social network website through which a User can log in or create an account to use the Service.

Usage Data

refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website

refers to DoneThat, accessible from donethat.app.

You

means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service. Under GDPR, You can be referred to as the Data Subject or User.

2 Contact us

If you have any questions about this Privacy Policy, You can contact us:

• By email: hello@getdonethat.com
• Through our help center: FAQ & Support

3 Collecting and using your personal data

3.1 — Types of data collected

3.1.1 — Personal data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Address, city, state, country, ZIP/postal code
• Bank account information (Experts only — for receiving payouts via Stripe Connect)
• Payment card details (handled directly by Stripe — not stored on Our servers)
• Profile photo and bio
• Usage Data

3.1.2 — Usage data

Usage Data is collected automatically when using the Service. It may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service via a mobile device, We may collect certain information automatically — including the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, and other diagnostic data.

3.1.3 — Information from third-party social media services

The Company may allow You to create an account and log in to use the Service through Third-party Social Media Services. These may include, but are not limited to:

• Google
• Apple
• Facebook

If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect personal data that is already associated with Your Third-Party Social Media Service's account, such as Your name, Your email address, and Your profile picture.

3.1.4 — Tracking technologies and cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. We use both types for the purposes set out below:

• Necessary / Essential Cookies (Session, administered by Us) — essential to provide You with services through the Service, authenticate users, and prevent fraudulent use of accounts. Without these Cookies, the services cannot be provided.
• Cookies Notice Acceptance Cookies (Persistent, administered by Us) — identify if users have accepted the use of cookies on the Service.
• Functionality Cookies (Persistent, administered by Us) — allow Us to remember choices You make, such as login details or language preference.
• Tracking and Performance Cookies (Persistent, administered by third parties) — used to track information about traffic to the Service and how users interact with it.

3.2 — Use of your personal data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including monitoring its usage.
• To manage Your Account, including Your registration as a user of the Service.
• For the performance of a contract: developing, complying with, and undertaking the Booking contract for Sessions or any other contract with Us through the Service.
• To contact You: by email, phone, SMS, or other equivalent forms of electronic communication regarding updates, security notices, or service-related communications.
• To send You newsletters and special offers, where You have consented and have not opted out.
• To manage Your requests: to attend to and manage any requests You make to Us.
• For business transfers: in connection with any merger, acquisition, or asset sale, where Personal Data may be among the assets transferred.
• For other purposes: data analysis, identifying usage trends, determining the effectiveness of Our marketing, and improving the Service and Your experience.

We may share Your personal information in the following situations:

• With Service Providers: to monitor and analyze use of Our Service, process payments, send transactional email, and contact You.
• For business transfers: in connection with any merger, financing, or acquisition.
• With Affiliates: where required, We will require those affiliates to honor this Privacy Policy.
• With other users: when You share information or otherwise interact in public areas (e.g., your public profile, listings, reviews), such information may be viewed by other users.
• With Your consent: for any other purpose with Your consent.

3.3 — Retention of your personal data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or where We are legally obligated to retain it for longer.

3.4 — Transfer of your personal data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy.

3.5 — Delete your personal data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You. Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account and visiting the account settings section. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

3.6 — Disclosure of your personal data

3.6.1 — Business transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

3.6.2 — Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

3.6.3 — Other legal requirements

The Company may disclose Your Personal Data in the good-faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

3.7 — Security of your personal data

The security of Your Personal Data is important to Us. While We strive to use commercially acceptable means to protect Your Personal Data — including SSL encryption in transit and access controls at rest — no method of transmission over the Internet or electronic storage is 100% secure, and We cannot guarantee its absolute security.

4 Detailed information on processing

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process, and transfer information about Your activity on Our Service in accordance with their privacy policies.

4.1 — Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service, including:

• Google Analytics — a web analytics service offered by Google that tracks and reports website traffic. Privacy policy: policies.google.com/privacy.

4.2 — Email communication

We may use Your Personal Data to contact You with transactional notifications (booking confirmations, calendar invites, recordings) and — where You have consented — newsletters or product updates. You may opt out of marketing communications by following the unsubscribe link or instructions in any email We send, or by contacting Us. Transactional emails are required for Service delivery and cannot be opted out of without closing Your Account.

4.3 — Payments

We provide paid Sessions within the Service. We use third-party services for payment processing.

We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processor whose use of Your personal information is governed by their privacy policy. Our payment processor adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council.

• Stripe — payment processor and Connect platform for Expert payouts. Privacy policy: stripe.com/privacy.

4.4 — Behavioral remarketing

The Company may use remarketing services to advertise to You after You have accessed or visited our Service. We and Our third-party vendors may use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can serve You advertisements that are likely to be of interest to You.

You can opt out of personalized advertising via:

• The NAI's opt-out platform: networkadvertising.org/choices
• The EDAA's opt-out platform: youronlinechoices.com
• The DAA's opt-out platform: optout.aboutads.info
• Mobile device settings: “Limit Ad Tracking” (iOS) or “Opt Out of Ads Personalization” (Android).

5 Links to other websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the privacy policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

6 GDPR privacy

6.1 — Legal basis for processing personal data under GDPR

We may process Personal Data under the following conditions:

• Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
• Performance of a contract: provision of Personal Data is necessary for the performance of an agreement with You.
• Legal obligations: processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
• Vital interests: processing Personal Data is necessary to protect Your vital interests or those of another natural person.
• Public interests: processing Personal Data is related to a task that is carried out in the public interest.
• Legitimate interests: processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

6.2 — Your rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:

• Request access to Your Personal Data and receive a copy of what We hold.
• Request correction of any incomplete or inaccurate information.
• Object to processing based on legitimate interest, or for direct marketing purposes.
• Request erasure of Your Personal Data when there is no good reason for Us to continue processing it.
• Request transfer of Your Personal Data to You or a chosen third party in a structured, commonly used, machine-readable format.
• Withdraw consent on the use of Your Personal Data — though if You withdraw consent, We may not be able to provide certain functionality.

6.3 — Exercising your GDPR data protection rights

You may exercise Your rights of access, rectification, cancellation, and opposition by contacting Us. We may ask You to verify Your identity before responding. We will respond as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. If You are in the European Economic Area (EEA), please contact Your local data protection authority.

7 CCPA, CalOPPA, and California privacy rights

This section supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.

7.1 — Categories of personal information collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following categories may have been collected from California residents within the last twelve (12) months:

• Category A — Identifiers (real name, alias, postal address, unique identifier, IP address, email address, account name): Yes.
• Category B — California Customer Records categories (name, signature, address, telephone number, bank account number, credit card number): Yes.
• Category C — Protected classification characteristics: No.
• Category D — Commercial information (records of services purchased or considered): Yes.
• Category E — Biometric information: No.
• Category F — Internet or other similar network activity: Yes.
• Category G — Geolocation data: No.
• Category H — Sensory data (audio/video from Sessions, when recordings are made and stored with consent): Yes, with consent.
• Category I — Professional or employment-related information (Experts only — career background, business operating history): Yes.
• Category J — Non-public education information: No.
• Category K — Inferences drawn from other personal information: No.

7.2 — Sources of personal information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from You — for example, from forms You complete on our Service or preferences You express through our Service.
• Indirectly from You — for example, from observing Your activity on our Service.
• Automatically from You — for example, through cookies We or our Service Providers set on Your Device.
• From Service Providers — for example, third-party vendors for analytics or payment processing.

7.3 — Use of personal information for business purposes

We may use or disclose personal information We collect for business or commercial purposes, including: operating our Service, providing You support, fulfilling Your requests, responding to law enforcement requests, internal administrative and auditing purposes, and detecting security incidents.

7.4 — Sale of personal information

We do not sell Your personal information for monetary consideration. Some sharing of personal information with our Service Providers (for analytics, advertising, and similar purposes) may fall under the broad CCPA definition of “sale”. If You wish to opt out of such sharing, please contact Us or use the opt-out tools listed in section 4.4.

7.5 — Sharing of personal information

We may share Your personal information with: Service Providers, payment processors, our affiliates, and third-party vendors to whom You authorize Us to disclose Your personal information.

7.6 — Sale of personal information of minors under 16

We do not knowingly collect personal information from minors under the age of 16, and we do not sell the personal information of Consumers We actually know are less than 16 years of age.

7.7 — Your rights under the CCPA

The CCPA provides California residents with specific rights regarding their personal information. If You are a California resident, You have the following rights:

• The right to notice — to be notified which categories of Personal Data are being collected and the purposes.
• The right to request disclosure of information We collected, shared, or used in the previous 12 months.
• The right to opt out of the sale (or sharing under CCPA definitions) of personal information.
• The right to delete Your Personal Data, subject to certain exceptions (legal obligations, ongoing transactions, security incidents).
• The right not to be discriminated against for exercising any of Your consumer rights.

7.8 — Exercising your CCPA rights

To exercise any of Your rights under the CCPA, contact Us at hello@getdonethat.com. Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information. We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request.

7.9 — Do Not Track signals (CalOPPA)

Our Service does not currently respond to Do Not Track signals. Some third-party sites do keep track of Your browsing activities; You can set Your preferences in Your web browser to inform websites that You do not want to be tracked.

8 Children's privacy rights

8.1 — General privacy rights for children

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

8.2 — California privacy rights for minor users

California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online services to request and obtain removal of content or information they have publicly posted. To request removal, contact Us using the contact information above and include the email address associated with Your account.

9 Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.