Privacy Policy

James Graham ("I," "me," or "my")
Effective Date: January 2025
Last Updated: January 2025

This Privacy Policy describes how I handle your information when you use Donna, including the mobile application, the Alexa skill, the website at donna-ai.app, and any related services (collectively, the "Service"). By using the Service, you agree to this Privacy Policy.

1. Who Operates Donna

Donna is operated by:

James Graham
Email: [email protected]

2. Information I Collect

2.1 Information You Provide

Account Information
When you create an account, I collect:

  • Email address
  • Name (optional)
  • Timezone
  • LLM provider preference (Claude or GPT-4)

Organization & Family Information
When you set up your household, you may provide:

  • Organization/family name
  • Family member names and relationships
  • Preferences (dietary restrictions, schedules, etc.)

Content You Create
When you use the Service, I store:

  • To-dos and tasks
  • Calendar events
  • Meal plans and recipes
  • Shopping lists
  • Notes and other content you create

Communications
If you contact me for support, I collect the content of your messages.

2.2 Information Collected Automatically

Usage Data
I collect information about how you use the Service:

  • Features used and actions taken
  • Date and time of access
  • App version and platform (iOS/Android)
  • Error logs and performance data

Device Information
I collect basic device information:

  • Device type and model
  • Operating system version
  • Unique device identifiers (for push notifications)
  • General location (timezone, not precise GPS)

Analytics
I use analytics services (such as Mixpanel) to understand usage patterns. This data is aggregated and used to improve the Service.

2.3 Information from Third-Party Services

Google Calendar
If you connect Google Calendar, I access:

  • Calendar events (read and write)
  • Calendar metadata (names, colors)

I only access calendars you explicitly authorize. I do not access your Gmail, Google Drive, or other Google services.

Alexa (Voice Assistant)
If you use the Donna Alexa skill:

  • Amazon processes your voice and converts it to text
  • I receive only the text transcription, not voice recordings
  • I do not receive your Amazon account information

Apple/Google App Stores
If you make in-app purchases, payment processing is handled entirely by Apple or Google. I receive confirmation of your subscription status but not your payment details.

3. How I Use Your Information

I use your information to:

  • Provide the Service — Execute your requests, create tasks, schedule events, plan meals
  • Process with AI — Send your text inputs to AI providers to interpret natural language requests
  • Sync calendars — Read and write events to connected calendar services
  • Send notifications — Deliver reminders, suggestions, and proactive recommendations
  • Improve the Service — Analyze usage patterns, fix bugs, develop new features
  • Provide support — Respond to your questions and requests
  • Personalize your experience — Learn your preferences to provide better defaults and suggestions

4. AI and Large Language Model Processing

The Service uses artificial intelligence to understand your natural language requests. Here's how it works:

What happens when you send a message:

  1. Your text input is sent to my backend server
  2. The server sends your request to an AI provider (Anthropic or OpenAI, based on your preference)
  3. The AI interprets your request and determines the appropriate action
  4. Results are returned to you and stored in your account

What AI providers receive:

  • Your text input for that specific request
  • Relevant context (recent conversation, your preferences)
  • They do NOT receive your email, name, or account credentials

AI provider data practices:

  • Anthropic and OpenAI have their own privacy policies governing how they handle data
  • I use API configurations that minimize data retention where available
  • AI providers may use data to improve their models unless opted out at the API level

Important notes:

  • AI responses are generated automatically and may occasionally be inaccurate
  • The AI does not provide professional advice (medical, legal, financial)
  • You should verify important information independently

5. How I Share Your Information

I do not sell your personal information.

I share information only in these circumstances:

Service Providers
I use third-party services to operate Donna:

  • Supabase — Database hosting and authentication
  • Anthropic / OpenAI — AI language processing
  • Apple / Google — App distribution and payments
  • Mixpanel — Analytics
  • Sentry — Error tracking
  • Amazon — Alexa skill hosting

These providers access only the data necessary to perform their functions and are bound by their own privacy policies.

Connected Services
When you connect third-party services (like Google Calendar), data flows between Donna and those services as necessary to provide the integration.

Legal Requirements
I may disclose information if required by law, legal process, or government request, or to protect rights, safety, or property.

Business Transfers
If Donna is acquired or merged with another company, your information may be transferred as part of that transaction. I will notify you before your information becomes subject to a different privacy policy.

6. Data Storage and Security

Where data is stored:

  • Your account data and content are stored in Supabase (cloud database)
  • Data may be processed in the United States

Security measures:

  • All data is encrypted in transit (HTTPS/TLS)
  • Database access is protected by authentication and row-level security
  • API keys and credentials are stored securely
  • I follow industry-standard security practices

Retention:

  • Your data is retained while your account is active
  • You can delete your data at any time through the app
  • After account deletion, data is removed from active systems within 30 days
  • Backups may retain data for up to 90 days before being purged

No system is 100% secure. I cannot guarantee absolute security of your data.

7. Your Rights and Choices

Access and Portability
You can view your data within the app. You can request a copy of your data by emailing [email protected].

Correction
You can edit your information directly in the app, or contact me for assistance.

Deletion
You can delete individual items in the app, or delete your entire account through Settings. You can also email [email protected] to request deletion.

Disconnect Third-Party Services
You can disconnect Google Calendar or other integrations at any time through the app settings.

Opt-Out of Analytics
Contact me at [email protected] to opt out of analytics collection.

Push Notifications
You can disable push notifications through your device settings or within the app.

Alexa Skill
You can disable the Donna Alexa skill at any time through the Alexa app.

8. Children's Privacy

The Service is not intended for children under 13. I do not knowingly collect personal information from children under 13.

The Service does allow you to store information about family members, including children, for household organization purposes (e.g., scheduling a child's activities). This information is provided and controlled by the adult account holder.

If you believe a child under 13 has created an account or provided personal information directly, please contact me at [email protected] and I will delete it.

9. International Users

The Service is operated from the United States. If you use the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your country.

By using the Service, you consent to this transfer and processing.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — You can request what personal information I collect, use, and disclose
  • Right to Delete — You can request deletion of your personal information
  • Right to Opt-Out — I do not sell personal information, so this right does not apply
  • Non-Discrimination — I will not discriminate against you for exercising your rights

To exercise these rights, email [email protected].

11. Changes to This Policy

I may update this Privacy Policy from time to time. The "Last Updated" date at the top will be revised accordingly.

For material changes, I will notify you through the app or by email before the changes take effect.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or my data practices, contact:

Email: [email protected]

13. Platform-Specific Information

Mobile App (iOS and Android)

Push Notifications: If you enable push notifications, I receive a device token from Apple or Google to deliver notifications. I do not receive other device data through this token.

In-App Purchases: Subscription payments are processed by Apple (App Store) or Google (Play Store). I receive confirmation of your subscription status but do not receive your payment card details.

Offline Data: Some data may be cached on your device for offline access. This data is deleted when you log out or uninstall the app.

Alexa Skill

Voice Processing: Amazon Alexa processes your voice input and converts it to text. I receive only the text transcription, not voice recordings. I do not store voice data.

Permissions: The Donna Alexa skill does not request access to your Amazon profile, contacts, location, or other Alexa permissions beyond the basic skill interaction.

Account Linking: The Alexa skill connects to your Donna account to access your tasks, lists, and calendar. You can unlink your account through the Alexa app at any time.

Website

Cookies: The website at donna-ai.app uses minimal cookies for basic functionality. I do not use advertising or tracking cookies.

Analytics: Basic analytics may be collected to understand website traffic and improve the user experience.

This Privacy Policy was last updated in January 2025.