Privacy Policy

1. Notice

Whenever we collect information that could personally identify you, we explicitly request your provision and permission. Examples include the cookie consent banner and the payment-data request when you sign up.

2. Your consent

You may grant or withhold permission for us to process your information at any time. Non-essential data (marketing cookies, company name) can be declined without affecting your access. Without essential data (essential cookies, email, payment info) some features will be unavailable. By accepting this Policy you consent to the processing described herein.

3. Usage

3.1 Data we collect

• Personal identifiers: name, email, phone, billing data.
• Anonymous usage analytics via optional cookies.
• Google account data when you sign in with Google.

Partner policies: YouTube ToS, Google Privacy, Google API User Data Policy, TikTok ToS.

3.2 Google API Limited Use Disclosure

SPACEFOX UNIPESSOAL LDA uses Google APIs when you sign in with Google and when you allow us to post to your YouTube channel. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.3 YouTube API Services

The application uses YouTube API Services to upload videos, search YouTube, and manage YouTube content.

Data we access: channel ID and name, video metadata (titles, descriptions, tags, thumbnails), upload status and IDs, public search results.

How we use it: upload to your channel, display upload status, search for references. We do not store YouTube authentication tokens beyond the active session and we do not share your YouTube data with third parties.

Revoking access: at any time via Google security settings. Upon revocation we detect within 24 hours, tokens are invalidated immediately, and all YouTube-related data (channel info, video IDs, metadata) is deleted within 7 days. You receive an email confirmation when deletion is complete.

3.4 AI and user consent

We do not share your personal data with third-party AI applications without your knowledge. When you use AI features, the explicitly-selected content is forwarded to partner models (see §3.5 and product sections below) only to generate the requested output. We do not train foundation AI models on your content without explicit consent.

3.5 Storage and sub-processors

Personal data is stored on encrypted servers (TLS in-transit, AES-256 at-rest), retained for as long as needed for the purposes of this Policy or by law. Principal sub-processors:

• Anthropic, Google (Gemini), OpenAI, xAI, Runway, Kling, Luma, ByteDance, MiniMax, Vidu, Wan, Replicate — AI models for chat, image, video.
• ElevenLabs, Grok TTS — voice and dubbing.
• AWS (S3, CloudFront), Hetzner — storage, CDN, hosting.
• Stripe — EUR/USD payments.
• Apple StoreKit — iOS in-app purchases.
• T-Bank — RUB payments (Russian audience only).
• PostHog — anonymous product analytics (opt-out).
• Meta, TikTok, Google Firebase, AppsFlyer/Adjust — iOS attribution and analytics (see §10).

Some sub-processors operate outside the EEA. We rely on Standard Contractual Clauses approved by the European Commission.

3.6 Sharing of Google User Data

We do not share Google user data with third parties unless necessary to provide the Service, comply with law, or protect our rights. Sub-processors that process Google user data on our behalf do so under confidentiality agreements and applicable data-protection law.

3.7 Other purposes (how we use your data)

• Access to features.
• Payment processing: subscriptions, one-off purchases, credits.
• Service updates: transactional emails; marketing only with opt-in.
• Customer support and communication: answering inquiries, status of orders, incident response.
• Compliance with the Google API User Data Policy, including Limited Use.
• Anonymous usage analysis to improve the platform.
• Legal requests: we may disclose PII in response to a federal court order, judge, or law-enforcement request — without prior notice where the law forbids it.

Anonymized usage data may be shared with marketing agencies in fully anonymized form to enhance our services. Minimum necessary data may be shared with operational partners (e.g., payment processors). Outside these categories, no external party will have access to your personal information without your explicit consent.

4. Retention and deletion

We retain your information as long as necessary to provide the Service. After your request — account deletion, subscription expiry, or explicit deletion request — personally identifiable information is deleted.

Deletion procedures

• Account deletion: contact support@doitong.com. Processed within 14 days.
• YouTube data: revoke access via Google security settings → deletion within 7 days.
• Authorized Google API data (YouTube, Drive): deleted within 7 days of revocation.
• Generated content: videos, images and other artifacts are deleted with your account unless you explicitly downloaded them locally.

You receive an email confirmation when deletion is complete. Billing records are retained for 10 years (Portuguese tax law). Information may be retained longer where required by law or court order.

5. Your rights

5.1 GDPR rights

• Right of access: obtain a copy of personal data we have processed.
• Right to rectification: correct inaccurate data.
• Right to erasure: request deletion of part or all of your data.
• Right to restriction of processing: ask us to stop processing if data is incorrect, unlawfully processed, or no longer needed.
• Right to data portability: receive your data in a machine-readable format and transfer it to another controller.

To exercise any right, contact the email in §12.

5.2 Right to object

Under GDPR, you have the right to object to processing of your personal data for direct marketing. Upon objection, we are obliged to immediately cease such processing. To object, write to the email in §12.

Complaints can be filed with the Portuguese Data Protection Authority CNPD (cnpd.pt) or your national DPA.

6. Opting out

In addition to the core Service we may offer newsletters, satisfaction surveys and marketing communications. You can opt out at any time: the unsubscribe link in any email or your account settings on doitong.com. Anonymous analytics has a separate toggle inside the extension settings and the iOS app.

7. Security of your information

We employ multiple measures to protect your data:

• Anti-malware scanners and regular security audits.
• TLS 1.2+ for all connections between your device and our servers.
• At-rest encryption (AES-256) for S3 storage and databases.
• Internet standards for email traffic: DKIM, SPF, DMARC.
• Short-lived JWT tokens with refresh-rotation.
• Principle of least privilege for internal staff access.

8. Doitong Copilot Chrome Extension

Doitong Copilot — Chrome extension (ID bpfgjfjghlbdnomlfhcagodajdggdigp), a creative AI side-panel companion. This section describes data practices specific to the extension, in addition to the general terms above.

8.1 Single purpose

Provide an in-browser AI assistant for authenticated users of doitong.com / doitong.ru — chat with AI, image/video/voice generation, and creative actions in the side panel.

8.2 Data collection — what we collect

The Doitong Copilot extension collects the following categories of user data, and only the categories listed below:

• Authentication credentials (email and password): when you sign in or create an account from the extension's side panel, the email and password you type are transmitted over HTTPS (TLS 1.3) to our authentication endpoint at doitong.com/login or /signup. The password is not stored by the extension and is not stored in plaintext on our servers: the server stores only a bcrypt hash and returns a JWT session token in response. For password reset we send your email to issue a reset link; we do not collect security questions or PINs.
• JWT session token and doitong account identifier — stored locally in chrome.storage and sent with each request to our API. The original password is never persisted by the extension.
• Personal communications (chat): messages, attachments and AI responses — local + sync with your doitong account.
• Web page content (only during explicit user actions): when you invoke an agent task ("summarize this page"), the active tab's text and DOM structure is sent to our backend and the AI model.
• Anonymous analytics (optional, opt-out): task metrics, domain names visited (no full URLs), random anonymous identifier.
• Backend technical data: IP, user-agent, server logs.

The extension does not read pages in the background. No page data is captured while the extension is idle.

8.3 Data processing and use — how we process the collected data

We process the data collected in §8.2 only for the purposes listed below. We do not use it for advertising, profiling for unrelated purposes, or training third-party foundation models without your explicit consent.

• Authentication processing. The email and password you submit at sign-in are sent to our backend over TLS 1.3, where the server compares the submitted password against the stored bcrypt hash for that email. On success, the server issues a short-lived JWT and a refresh token. The plaintext password is discarded from server memory immediately after verification.
• Chat processing. When you send a message, the message text (plus any explicitly attached files or selected web-page content) is forwarded by our backend to the AI model you selected (e.g., Anthropic Claude). The model returns a response which is relayed back to the extension and stored as part of your chat history. Your message is processed only to generate the requested response.
• Web page content processing. When you explicitly invoke an agent task on the active tab, the page's text and DOM structure are sent to our backend and forwarded to the AI model only for the duration of that task.
• Analytics processing. If analytics is enabled, anonymous task metrics and visited domain names are aggregated to improve the product. No personally identifiable information is included.
• Operational processing. Backend logs (IP, user-agent) are processed for security monitoring, abuse prevention, and debugging.

8.4 Data storage — where and how we store the data

• Local storage in the browser. The JWT token, account identifier, settings, and recent chat history are stored in chrome.storage on your device. Generated artifacts (images, audio, videos) are also cached locally for fast access (this is why the extension declares unlimitedStorage).
• Server-side storage. Chat history, account metadata, and generated artifacts are stored on our application servers (Hetzner Online GmbH, EU) and AWS S3 / CloudFront for media. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database snapshots are encrypted.
• Authentication storage. Passwords are stored only as bcrypt hashes — never in plaintext. JWT signing keys are stored in a secret manager with restricted access.
• Retention. Chat history is retained while your account is active and you can delete it at any time in extension settings or on doitong.com. Server logs are retained for 30 days. Billing records are retained 10 years (Portuguese tax law). Upon account deletion all personal data is removed within 30 days; YouTube-related tokens are revoked within 24 hours and YouTube data is deleted within 7 days (see §3 and §4 of this policy).

8.5 Data transfer — to whom we transfer the data

We transfer your data only to the sub-processors listed below, only the data each one needs, and only to provide the Service to you. We do not sell your data, do not share it with advertisers, and do not transfer it for any purpose unrelated to providing the Service.

• Anthropic, PBC (USA) — receives your chat messages and explicitly-selected content (page text/DOM during agent tasks) for the sole purpose of generating the AI response. We use Anthropic's enterprise tier with Zero Data Retention. See Anthropic's Privacy Policy.
• PostHog Inc. (USA) — receives anonymous product analytics, only if you have enabled analytics. No personally identifiable information is transferred. See PostHog's policy.
• Amazon Web Services (S3, CloudFront) (USA / EU regions) — stores generated artifacts (images, audio, videos) and serves them via CDN.
• Hetzner Online GmbH (Germany) — hosts our application servers and primary database; receives the data required to operate the Service.
• Stripe (USA / EU) — payment processor for EUR/USD; only billing data, never the contents of your chat.
• T-Bank (Russia) — payment processor for RUB; only billing data for users on the Russian rail.

Where transfers occur outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission. We do not transfer your data to law enforcement except in response to a valid legal request as described in §3.7 of this policy.

8.6 Chrome permissions — justification

Technical note: a small script (refresh.js) is injected on every site as a build-artifact of our toolchain (Vite HMR). In production builds it only attempts to connect to localhost:8081 for development hot-reload; it does not read or transmit page content. It will be stripped from the production bundle in an upcoming release.

8.7 Limited Use (Chrome Web Store)

Our use and transfer of information received from Chrome APIs adheres to the Chrome Web Store Limited Use Policy, including the use restrictions. We do not use this data for advertising, do not sell it, and do not transfer it for any purpose unrelated to providing the Service.

8.8 Extension data deletion

You can delete chat history at any time in extension settings or on doitong.com. When you delete your doitong account, all extension-related data is also deleted within 30 days, including any generated artifacts associated with your account.

9. Cinematic Recorder Chrome Extension

Cinematic Recorder — Chrome extension that provides screen, webcam and microphone recording with AI-powered post-production.

9.1 Data collected

• Screen recording: video capture of the current tab/window/screen — only during active recording initiated by the user.
• Webcam recording: video stream from the camera — only when the camera is enabled.
• Microphone recording: audio — only when the microphone is enabled.
• DOM events: clicks, scrolls, cursor movements — for AI post-production (automatic zooms and effects).
• Authentication data: email and authorization token for cloud upload.

9.2 How extension data is used

• Recordings are uploaded to secure cloud storage and are accessible only to the account owner.
• AI processing (zooms, overlays, editing) is performed on Doitong servers.
• Recordings are not analyzed, viewed or used for any other purpose.
• Background recording is not possible — only when the user explicitly clicks "Start Recording".
• No data is collected when the extension is idle or inactive.

9.3 Permissions justification

• activeTab, tabCapture, desktopCapture: capture contents of the current tab or screen.
• scripting: display the recording control panel and track clicks/cursor for AI effects.
• storage: store user settings and the authorization token locally.
• offscreen: screen recording in a background context without affecting the page.
• webNavigation: maintain recording continuity across page transitions.
• host_permissions (<all_urls>): required to enable recording on any website the user visits.

9.4 Data deletion

Users can delete their recordings at any time through the Service interface. When an account is deleted, all associated recordings are permanently removed from our servers.

10. Mobile Application (iOS App)

The Doitong AI mobile application for iOS provides AI-powered image and video generation on Apple devices.

10.1 Data collected

• Contact information: name and email (via Sign in with Apple or other providers).
• User content: photos, videos, audio uploaded for generation; prompts.
• Identifiers: account ID, IDFA, identifierForVendor.
• Purchase history: via Apple StoreKit (tier, credit pack, timestamp).
• Usage: launches, feature use, screen views, taps; advertising interactions.
• Coarse location: approximate, IP-derived (city/region).
• Diagnostics: crash logs, performance metrics.

10.2 App Tracking Transparency (ATT) and IDFA

In compliance with Apple's ATT framework, our iOS app requests permission before using IDFA to track activity across other companies' apps and websites. You can grant or revoke this in Settings → Privacy & Security → Tracking. If denied, IDFA is not used for cross-app tracking and core functionality continues to work normally.

10.3 Advertising and analytics partners

• Meta (Facebook) Ads — device identifiers, install/purchase/engagement events. Meta Privacy.
• TikTok for Business — device identifiers, install/conversion events. TikTok Privacy.
• Google Firebase Analytics & Crashlytics. Firebase Privacy.
• Mobile Measurement Partners (AppsFlyer, Adjust) — attribution across networks. They act as data processors under our instructions.
• Apple — IAP processing. We never receive or store your payment card information. Apple Privacy.

10.4 Sign in with Apple

The iOS app supports Sign in with Apple. We receive a unique stable user identifier and optionally your name and email (which you may hide via Hide My Email). This is used solely to manage your Doitong account. You can revoke at Settings → Apple ID → Password & Security → Apps Using Apple ID.

10.5 In-app purchases

Purchases are processed by Apple via StoreKit. Apple handles all payment information; we receive only transaction metadata (product identifier, price tier, timestamp, anonymized transaction ID) needed to credit your account. Refunds must be requested through your App Store account.

10.6 Mobile data deletion

You may delete your account and all associated mobile data via support@doitong.com or via the in-app account deletion feature. Personal data is removed within 14 days, except where retention is required by law.

10.7 Apple App Privacy Labels

A structured summary of data collected by the iOS app is available on its App Store product page under "App Privacy" — corresponding to the categories described in this section.

11. Changes to this Policy

SPACEFOX UNIPESSOAL LDA reserves the right to amend this Privacy Policy. Material changes will be notified at least 14 days in advance via email or in-product banner before they take effect. If you do not agree with the modifications, you have the opportunity to withdraw your consent during this notification period.

12. Contact