Privacy Policy

Information We Collect

Duogenda processes account information such as name, email address, organization membership, and profile image through our authentication provider. We also store product data created in the app, including duos, shared agenda items, action items, and private notes.

If a manager connects Google Calendar, Duogenda stores the Google account email, OAuth token data, selected scope information, and recurring calendar event metadata needed to keep upcoming 1:1 schedules aligned.

If an organization subscribes to a paid plan, payment information is processed by Stripe. Duogenda stores Stripe customer and subscription metadata needed to manage billing, but does not store credit card numbers or raw payment credentials.

How We Use Information

We use data to operate the service, authenticate users, enforce organization and duo access rules, support billing, and maintain 1:1 workflows. Calendar data is used only to connect recurring events to duos, surface relevant meeting schedules, and maintain those links over time.

We also use operational logs, diagnostics, and product analytics to keep the service secure, reliable, and performant and to understand which public pages and onboarding paths lead to sign-ups and duo creation.

We also use account, membership, duo, and billing metadata to calculate plan eligibility, apply manager-license access, enforce free-plan and paid-plan limits, and determine what features or creation flows are available to an organization.

We do not sell, rent, or share personal data for third-party advertising.

How We Protect Information

Duogenda uses encrypted network transport, authenticated sessions, access controls, and limited data exposure to protect sensitive information, including Google user data. Data sent between your browser, Google, and Duogenda is transmitted over HTTPS/TLS, and duo data, private notes, and Google Calendar connection records are only available to users with the appropriate organization and duo access on the server side.

Google Calendar credentials are stored and refreshed server side so the app can keep calendar links working, and they are not exposed in the public interface. We also limit analytics and replay usage so sensitive note content is not used as analytics payload data, and authenticated-product session replay is disabled.

Where third-party services process data on our behalf, we rely on their security controls and only share the information needed for the service to function.

Sub-Processors and Third-Party Services

Duogenda relies on third-party services to operate, including Clerk for authentication, Supabase for database and realtime infrastructure, Stripe for billing, Google Calendar API for calendar integration, Vercel for hosting, Resend for transactional email, and PostHog for product analytics.

Each sub-processor processes only the data needed for its function. We review sub-processors for appropriate security and privacy practices.

Data Visibility and Access

Shared duo data is visible only to the users who belong to that duo and to authorized organization administrators where applicable. Private notes are visible only to the note author.

Users who are deactivated retain only limited dashboard and profile access. Other app surfaces and protected APIs remain blocked while the account stays deactivated.

Cookies and Tracking

Duogenda uses session cookies and authentication tokens that are required to operate the service.

Duogenda also uses analytics storage for public-site traffic and core onboarding and activation events, including page views, marketing CTA clicks, sign-up progress, and duo creation. We do not use third-party advertising cookies or cross-site tracking pixels.

PostHog is used for explicit analytics events and page measurement. Authenticated-product session replay is disabled, and private note content is not used as analytics event payload data.

Where required by applicable law, Duogenda shows an analytics consent choice before enabling non-essential analytics cookies or similar storage.

Data Retention, Deactivation, and Deletion

Normal admin offboarding in Duogenda is a soft-deactivation flow. User records and historical collaboration data are preserved unless there is an explicit account-closure or privacy-erasure request.

Deactivation and deletion are different workflows. Deactivation restricts access while preserving history. Deletion is a destructive request workflow used for account closure or privacy-erasure handling.

When a deletion or privacy-erasure request is processed, Duogenda deletes or anonymizes personal data as required, removes Google Calendar connection records, and removes user-authored content according to the current lifecycle policy.

Backups that may contain deleted data are rotated according to the normal retention schedule and are not used to restore deleted personal data back into the live service.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, export, restrict, or object to certain processing activities.

To exercise these rights, contact Duogenda at admin@duogenda.com. We aim to respond within 30 days or the period required by applicable law.

Organization administrators may be able to export some team data through the product. Full data export and deletion requests should be handled directly through Duogenda at admin@duogenda.com.

International Data Transfers

Duogenda infrastructure and sub-processors may process data outside your country of residence, including in the United States. Where required, we rely on standard contractual clauses or equivalent mechanisms to support lawful international transfers.

Children's Privacy

Duogenda is not intended for use by individuals under 16. If we learn that we have collected personal information from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. If a change is material, we will provide notice by email, in-product notice, or both, where appropriate.

The last updated date at the top of this page shows when this policy was most recently revised.

Contact

For privacy questions, data requests, or complaints, contact Duogenda at admin@duogenda.com.