Privacy Policy

Last updated: March 29, 2026

Masayuki Yamada ("we", "us", or "our") operates the Doneo mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the App. Please read this policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

The data controller responsible for your personal data is:

Masayuki Yamada
Email: doneoapp@gmail.com

For purposes of the EU General Data Protection Regulation ("GDPR"), the Act on the Protection of Personal Information of Japan ("APPI"), and any other applicable data protection laws, Masayuki Yamada is the data controller of your personal data collected through the App.

2. Information We Collect

2.1 Data You Provide Directly

Session Data — Focus session timestamps, duration, and completion status.
Diary Entries — Star ratings and optional text notes you write after each session.
App Settings — Your timer preferences (focus duration, break duration, vibration/sound settings, language preference).
Account Information — If you create an account (e.g., via Sign in with Apple or Sign in with Google), we collect your name, email address, and authentication identifiers solely for account management and data synchronization.

2.2 Data Collected Automatically

Usage Statistics — XP earned, levels, streaks, and session counts, calculated locally from your session data.
Device Information — Device model, operating system version, and app version, collected for crash reporting and compatibility purposes.
Advertising Data — Our advertising partner Google AdMob may collect device identifiers (such as IDFA on iOS or Advertising ID on Android), IP address, and ad interaction data for the purpose of serving advertisements. See Section 5 for details.
Analytics Data — Anonymized and aggregated usage patterns (e.g., screen views, feature adoption rates) collected to improve the App. No personally identifiable information is included in analytics data.

2.3 Data Collected with Your Permission

Push Notifications — We request notification permission to alert you when a focus session or break ends, and to send optional nightly reminders. You can revoke this permission at any time in your device settings.
Microphone Access — If you use the speech-to-text diary feature (available in a future premium plan), we request microphone access to transcribe your voice into text. Audio data is processed on-device or via Apple's/Google's speech recognition service and is not stored or transmitted to our servers.
Screen Time / Usage Access — If you use the app-blocking feature (available in a future premium plan), we request Screen Time (iOS) or Usage Stats (Android) access to detect app switches during focus sessions. This data is processed locally on your device and is never transmitted to our servers.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

Processing Activity	Legal Basis
Core app functionality (sessions, XP, streaks)	Performance of a contract (Art. 6(1)(b) GDPR)
Account creation and data synchronization	Performance of a contract (Art. 6(1)(b) GDPR)
Personalized advertising via AdMob	Consent (Art. 6(1)(a) GDPR)
Non-personalized advertising	Legitimate interest (Art. 6(1)(f) GDPR)
Analytics and product improvement	Legitimate interest (Art. 6(1)(f) GDPR)
Crash reporting	Legitimate interest (Art. 6(1)(f) GDPR)
Push notifications and reminders	Consent (Art. 6(1)(a) GDPR)
Microphone (speech-to-text)	Consent (Art. 6(1)(a) GDPR)
Screen Time / Usage Access (app blocking)	Consent (Art. 6(1)(a) GDPR)
Legal compliance	Legal obligation (Art. 6(1)(c) GDPR)

Where processing is based on consent, you may withdraw your consent at any time by adjusting your device settings or contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

4. How We Store Your Data

4.1 Local Storage

All session data, diary entries, XP, and settings are stored locally on your device using an SQLite database. This data is not transmitted to any server unless you opt in to account synchronization.

4.2 Server Synchronization (Future Feature)

When account synchronization becomes available, your session data, diary entries, and XP will be synced to our servers to enable data backup, device transfer, and ranking features. Synchronization is opt-in — you must create an account to enable it. Data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted on our servers.

5. Third-Party Services

5.1 Google AdMob

We use Google AdMob to display advertisements in the free version of the App. AdMob may collect and process data including device identifiers, IP address, and ad interaction data to serve personalized or non-personalized ads. You can opt out of personalized advertising through your device settings (iOS: Settings > Privacy & Security > Tracking; Android: Settings > Google > Ads) or via the in-app consent dialog where applicable.

Google's privacy policy: https://policies.google.com/privacy

5.2 Apple App Store / Google Play

Subscription purchases are processed by Apple (App Store) or Google (Google Play). We do not collect or store your payment or credit card information. Payment processing is governed by the respective platform's privacy policy.

5.3 Authentication Providers

If you use Sign in with Apple or Sign in with Google, the respective provider shares limited profile information (name, email) with us. We use this information solely for account creation and management. Please review each provider's privacy policy for details on their data practices.

5.4 Analytics and Crash Reporting

We may use analytics and crash reporting services (e.g., Firebase Analytics, Firebase Crashlytics) to understand app usage patterns and diagnose issues. These services collect anonymized data. For details, see the Firebase Privacy Information.

6. How We Use Your Data

Core Functionality — To track your focus sessions, calculate XP/levels/streaks, and display your progress.
Personalization — To remember your timer settings, language preference, and display preferences.
Ranking (Future Feature) — If you opt in, your XP and focus time may appear on leaderboards visible to other users. Your display name is configurable; anonymous display is the default.
Product Improvement — Anonymized usage analytics help us understand which features are used and improve the App.
Advertising — To display ads via Google AdMob in the free version of the App.
Subscription Management — To verify your subscription status and unlock premium features (ad removal, speech-to-text diary, app blocking).
Communication — To send push notifications you have opted in to (session alerts, nightly reminders).

7. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Advertising Partners — Device identifiers and ad interaction data with Google AdMob, as described in Section 5.1.
Ranking Leaderboards — If you opt in, your configurable display name and XP/focus time scores are visible to other users.
Service Providers — We may share data with service providers who assist in operating the App (e.g., cloud hosting, analytics), under contractual obligations to protect your data.
Legal Requirements — If required by applicable law, regulation, legal process, or governmental request.
Business Transfer — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

8. Data Retention

Local Data — Stored on your device until you delete the App or clear its data.
Server Data — If you create an account, your data is retained for the lifetime of your account. Upon account deletion, your personal data will be deleted within 30 days, except where retention is required by law.
Advertising Data — Governed by Google's data retention policies.
Analytics Data — Aggregated analytics data that cannot identify you may be retained indefinitely.

9. Children's Privacy

The App is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children below these age thresholds. If you believe we have inadvertently collected such data, please contact us immediately and we will promptly delete it.

10. Do Not Track Disclosure

Some web browsers transmit "Do Not Track" (DNT) signals. As the App is primarily a mobile application, it does not currently respond to DNT browser signals. However, you can control ad tracking and personalization through your device settings as described in Section 5.1.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

11.1 General Rights

Access — Request a copy of the personal data we hold about you.
Deletion — Request deletion of your account and associated data.
Correction — Request correction of inaccurate or incomplete data.
Portability — Request your data in a structured, commonly used, machine-readable format.
Opt-out of Tracking — Disable ad personalization via your device settings.
Withdrawal of Consent — Where processing is based on consent, withdraw your consent at any time.

11.2 Additional Rights under GDPR (EEA/UK/Switzerland)

Restriction of Processing — Request that we limit the processing of your data.
Object to Processing — Object to processing based on legitimate interests.
Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

11.3 Additional Rights under APPI (Japan)

Disclosure of Purpose of Use — Request disclosure of the purpose for which your personal data is used.
Disclosure of Retained Personal Data — Request disclosure of retained personal data we hold about you.
Correction, Addition, or Deletion — Request correction, addition, or deletion of inaccurate retained personal data.
Suspension of Use or Erasure — Request suspension of use or erasure of your personal data if it is being handled in violation of the APPI.

11.4 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale or sharing of your personal information. We do not sell your personal information. To exercise your California privacy rights, contact us at doneoapp@gmail.com.

To exercise any of these rights, contact us at doneoapp@gmail.com. We will respond within 30 days (or as required by applicable law).

12. Security

We implement commercially reasonable technical and organizational measures to protect your data, including on-device encryption for local storage and TLS encryption for data in transit. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

13. International Data Transfers

If you use the App outside of Japan, your data may be transferred to and processed in Japan or other countries where our service providers operate. Such transfers are carried out in compliance with applicable data protection laws, including through appropriate safeguards such as standard contractual clauses where required. By using the App, you acknowledge and consent to such transfers.

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law (within 72 hours under GDPR where feasible).

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or on our website, and where required by law, by obtaining your consent. The "Last updated" date at the top indicates the most recent revision. Continued use of the App after the effective date of the revised policy constitutes your acceptance of the changes.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Masayuki Yamada
Email: doneoapp@gmail.com