Privacy Policy

Last updated: 29 May 2026

This Privacy Policy explains how Doneness and Lodo.ai collect, use, store, and share personal data when you use the Doneness API website, services, and the Lodo.ai app. It is intended to provide clear information for individuals, organisations, developers, and app store reviewers.

1. Who this policy applies to

This policy applies to:

  • Visitors and users of the Doneness API website.
  • Organisations and developers using the Doneness API and related documentation.
  • Lodo.ai users, including Listers, Doers, reviewers, and authorised administrators.
  • Google-connected users of Lodo.ai, where Google account data is used as part of app functionality.

2. Information we collect

Depending on your use of our services, we may collect:

  • Account and contact details (for example name, email address, organisation, role).
  • API usage data (for example API keys, endpoint usage, request metadata, error logs, quota and abuse monitoring signals).
  • Task and evidence data submitted to Lodo.ai and Doneness services (for example text, images, video, location evidence, timestamps, and optional notes).
  • Device and technical data (for example IP address, browser/app type, operating system, diagnostics).
  • Communications and support information (for example trial requests and support enquiries).

3. How we use information

  • Provide, operate, and improve Doneness API and Lodo.ai.
  • Validate task completion using evidence and return outcomes such as done / not done / unclear.
  • Provide onboarding, API documentation, customer support, and service communications.
  • Protect service integrity, detect abuse, enforce rate limits, and maintain security.
  • Meet legal and regulatory obligations, and enforce our terms.

4. Google user data and Google API Services disclosure

Where Lodo.ai uses Google account authentication or Google API Services data, we only access data needed to provide user-requested app features.

  • We do not sell Google user data.
  • We do not use Google user data for advertising.
  • We do not use Google user data for profiling unrelated to providing or improving core app functionality.
  • We do not transfer Google user data to third parties except as required to provide the requested feature, comply with law, or protect rights and security.
  • Access to Google user data is limited to authorised personnel and systems with appropriate safeguards.

If your Google data is no longer required for the connected feature, or if you disconnect your account, we delete or anonymise that data in line with our retention schedule unless law requires otherwise.

5. Legal bases for processing (UK/EU)

We process personal data under one or more lawful bases, including contract performance, legitimate interests (such as service security, abuse prevention, and product improvement), legal obligations, and consent where required.

6. Sharing and subprocessors

We may share data with trusted service providers that help us operate our platform (for example hosting, analytics, messaging, and security services), subject to contractual confidentiality and data protection obligations.

We may also disclose data where required by law or where necessary to establish, exercise, or defend legal rights.

7. Data retention

We keep personal data only for as long as needed for the purposes described in this policy, including contractual, support, legal, and security needs. Retention periods may differ by data type (for example account records, evidence, logs, and billing records).

When data is no longer required, we delete it or irreversibly anonymise it.

8. Security and abuse prevention

  • We use technical and organisational controls to protect data from unauthorised access, loss, misuse, or alteration.
  • We apply safeguards such as access controls, logging, monitoring, key management, and secure transmission.
  • We monitor for abuse and suspicious activity and may throttle, suspend, or block access to protect users and systems.

9. Children and supervised use

Lodo.ai may be used by minors only under the supervision and control of a responsible organisation or adult (for example a school, club, or parent/guardian).

  • We do not knowingly market the services directly to children as independent consumers.
  • Organisations using Lodo.ai with minors are responsible for obtaining any required consents and notices.
  • If we learn that personal data has been collected from a child in a manner inconsistent with applicable law, we will take steps to delete or remediate that data.

10. International data transfers

Where data is transferred internationally, we use appropriate safeguards as required by applicable law (for example contractual protections and equivalent transfer mechanisms).

11. Your rights

Subject to applicable law, you may have rights to access, correct, delete, restrict, object to, or port your personal data, and to withdraw consent where processing relies on consent.

To exercise rights, contact us using the details below. You may also have a right to complain to your local data protection authority.

Account and data deletion (Lodo.ai and Doneness API)

If you use the Lodo.ai app (including via Google Play) or the Doneness API, you can request deletion of your account and associated personal data without signing in to the app:

Delete your account — doneness.ai/delete-account

Process: Submit your account email and choose Lodo.ai, Doneness API, or both. If an account exists, we email you a link to confirm deletion. After confirmation, your account is scheduled for permanent deletion (not temporary deactivation). You may request restoration within 30 days; after that, deletion is permanent except for data we must retain for legal, security, or fraud-prevention purposes (see sections 7 and 8 above).

Data deleted includes account profile information, Lodo.ai tasks and evidence, Doneness API keys, and Google sign-in tokens where applicable. Data we may retain includes legal/compliance records, security logs (typically up to 90 days), and anonymised analytics, as described on the deletion page.

12. Contact us

Privacy enquiries: [email protected]

If you are using the service through an organisation (for example a school or club), you may also contact your organisation's administrator first.

13. Changes to this policy

We may update this policy from time to time. We will publish the latest version at this page and update the "Last updated" date above.

Delete your accountBack to home