Privacy Policy

Last Updated: March 22, 2026

At Doudou (“Doudou,” “we,” “us,” or “our”), we are committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share personal information in connection with our platform, our websites, and any related services we provide (collectively, the “Services”). It covers personal data you submit to us, data processed through our platform for your internal business or personal purposes, and other information we collect in the course of operating our business.

By accessing or using Doudou’s Services, you agree to the terms of this Privacy Policy.

Information We Collect

For the purposes of this Privacy Policy:

“Personal Data” means information about an identifiable individual, including information that can reasonably be used on its own or in combination with other information to identify or contact you. This may include your name, email address, account credentials, and any other non-public information associated with such identifiers.

“Anonymous Data” means information that does not identify an individual and cannot reasonably be used to identify an individual. Anonymous Data is not associated with or linked to your Personal Data.

We collect, use, and disclose Personal Data only for purposes that a reasonable person would consider appropriate in the circumstances, as described below. If Anonymous Data is combined with Personal Data in a way that could identify you, we will treat that information as Personal Data.

Doudou collects various types of information to operate, secure, maintain, and improve our platform and Services. We collect information directly from users, automatically through use of the Services, and from authorized third-party integrations.

Account Data

When you create or manage a Doudou account, we collect information such as your name, email address, login credentials (including securely hashed passwords), and basic profile identifiers that may come from connected third-party services. We also collect workspace-related details such as team names, member roles, and account structure.

We collect and use this information to create and administer accounts, authenticate users, associate individuals with the correct workspace, personalize the user experience, and maintain the security and integrity of the Services.

Client and Firm-Uploaded Documents

Firms and their clients may upload documents, records, and other content to the Doudou platform. This may include any information necessary to use the platform’s features, such as files used for organization, search, reconciliation, automation, workflow management, or export.

We use this information to operate and deliver the Services, maintain workspace permissions and access controls, organize and process files, and provide support where needed. If access to uploaded content is required for troubleshooting, we will only do so with appropriate authorization. We may also analyze usage patterns and system performance using aggregated, de-identified, or pseudonymized data to improve reliability, functionality, and security.

Communication Data

When you contact us or interact with Doudou through support channels or feedback tools, we may collect information such as support emails, chat transcripts, submitted forms, and feedback from surveys or events.

We use this information to respond to inquiries, provide customer support, troubleshoot issues, improve our Services, maintain records of communications, and enhance product quality and user experience.

Technical Data

We automatically collect certain technical information when you use the Services. This may include device and browser details, IP address, authentication status, session data, feature usage logs, timestamps, and performance diagnostics. We also use cookies and similar technologies to support platform functionality, maintain security, remember session preferences, and improve performance.

Where required by law, we obtain consent before using non-essential cookies. You may manage cookie preferences through your browser settings, although disabling certain cookies may affect how the Services function.

Social Media

Doudou maintains a presence on third-party social media platforms. When you interact with our official accounts, such as by following, commenting, messaging, or engaging with posts, we may receive information that you choose to provide, including your name, handle, and public communications. These platforms may also provide us with aggregated analytics or engagement insights.

We use this information to communicate with users, respond to inquiries, monitor and improve our brand presence, analyze engagement trends, share updates, and support marketing and outreach efforts. Your interactions on those platforms remain governed by the privacy policies and terms of the respective social media providers.



How We Use Information

In general, Personal Data you submit to Doudou is used either to provide the Services you request, respond to your inquiries, or improve the functionality, security, and performance of our platform. We use your information in the following ways:

  • Create, secure, authenticate, and administer user accounts and workspace access controls

  • Process uploaded files, operate authorized third-party integrations, and maintain the functionality and reliability of the Services

  • Provide customer support, troubleshoot issues, and communicate regarding account matters, service updates, billing, and operational notices

  • Process payments and maintain subscription, financial, and related business records

  • Analyze usage patterns and system performance to improve feature accuracy, reliability, and overall user experience

  • Conduct internal research and product development, including creating de-identified or pseudonymized data to refine functionality and innovation

  • Protect the security and integrity of the Services, including detecting, preventing, and investigating fraud, unauthorized access, abuse, or other harmful activity

  • Comply with applicable Canadian laws and regulatory requirements, maintain required tax and business records, enforce our Terms of Service, and protect our legal rights


Creation of Anonymous Data

We may create Anonymous Data records from Personal Data by removing identifiers such as name, email address, and other directly identifying information. We use this Anonymous Data to analyze usage trends, improve platform functionality, enhance user experience, and support internal research and development. Anonymous Data does not identify individual users.

No Sale of Personal Information

Doudou does not sell, rent, or trade your Personal Data. We do not use your information for targeted advertising, cross-context behavioral advertising, or third-party marketing purposes.



Disclosure of Information

We may disclose your personal information in the following circumstances, and as otherwise described in this Privacy Policy.

Third Parties You Authorize

When you use the Services, personal information you provide may be shared with third parties you designate, such as your clients, colleagues, advisors, or business partners, solely as directed by you.

Other Authorized Users

We may share your personal information with other users within your organization or workspace where you have enabled access, for the purpose of providing and operating the Services.

Service Providers

We may share personal information with trusted third-party vendors who assist us in operating the Services, including providers of hosting, infrastructure, analytics, customer support, security monitoring, payment processing, and related business functions. These providers are permitted to use your information only to perform services on our behalf.

Business Transactions

Personal information may be disclosed in connection with a merger, acquisition, financing, restructuring, or sale of all or part of our business or assets. If such a transaction occurs, your information may be transferred as part of the business assets, subject to appropriate confidentiality safeguards.

Legal and Safety Disclosures

We may disclose personal information where we believe in good faith that doing so is necessary to:

  • comply with applicable law, regulation, legal process, or governmental request

  • enforce our agreements, policies, or terms

  • protect the rights, property, or safety of Doudou, our users, or others

  • detect, prevent, or investigate fraud, security issues, or unlawful activity

Data Retention

We retain personal information only for as long as necessary to provide the Doudou services, fulfill the purposes described in this Privacy Policy, and comply with applicable legal, tax, accounting, or regulatory obligations.

Retention periods vary depending on the nature of the data and the context in which it was collected, including:

  • Comply with legal or regulatory obligations

  • Resolve disputes or enforce agreements

  • Investigate security incidents, fraud, or misuse

  • Protect the integrity and security of our platform


When personal information is no longer required, we securely delete or anonymize it in accordance with industry-standard security practices.



Your Rights & Choices

At Doudou, we respect your privacy and give you meaningful control over your personal information. Depending on your location and applicable laws, you may have the right to:

  • Access the personal information we hold about you

  • Correct inaccurate or outdated information

  • Delete your personal data from our systems

  • Request data portability, where technically feasible


You can exercise these rights at any time by contacting us at [joshua.zhangczj@gmail.com]
We will respond in accordance with applicable legal requirements.





Third-Party Websites and Services

Our Services may contain links to third-party websites, applications, integrations, or external resources. If you click on a link to a third-party site or service, you will leave our Services and be directed to a platform operated by another entity. That third party may independently collect personal information or other data from you.

We do not control, monitor, or review third-party websites or services and are not responsible for their content, security practices, or privacy practices. This Privacy Policy does not apply to any information collected by third parties after you leave our Services or interact with external links, integrations, or embedded content.

We encourage you to review the privacy policies and terms of use of every third-party website or service you access.

Links to third-party websites or services are provided for your convenience only and do not constitute an endorsement, sponsorship, or recommendation by Doudouof such third parties or their products, services, or content.

Security

At Doudou, we take data security seriously and implement industry-standard safeguards to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Encryption

We encrypt sensitive data both in transit and at rest.

Data transmitted between users and the Doudou platform is protected using industry-standard TLS encryption. Data stored within our infrastructure is encrypted using industry-standard encryption protocols, including AES-256 encryption where applicable.

Access Controls and Multi-Factor Authentication

Access to production systems and sensitive infrastructure is restricted to authorized personnel only。

All Doudou personnel use multi-factor authentication (MFA) for access to internal systems and services, including but not limited to:

  • Email systems

  • Cloud infrastructure

  • Administrative tools

  • Source code repositories


We maintain role-based access controls to limit access to information strictly to those who require it for legitimate business purposes.

File Storage

Files uploaded to the Doudou platform by firms or their clients are securely stored using Supabase infrastructure. Supabase leverages secure cloud infrastructure with industry-standard encryption (including encryption in transit and at rest), strict access controls, continuous monitoring, and role-based authentication mechanisms to protect stored data. Supabase maintains recognized security certifications and compliance standards, including SOC 2 Type II certification, and aligns with industry best practices for data security and privacy.

Software Security and Dependency Management

We limit our use of third-party code libraries and carefully evaluate them prior to adoption. To maintain software security, we implement:

  • Dependency reviews and security assessments

  • Automated vulnerability scanning and monitoring tools

  • Regular updates and patch management practices


These measures help reduce exposure to third-party vulnerabilities and maintain the integrity of the platform.

User Responsibility

While we take appropriate steps to secure your data, no method of electronic transmission or storage is 100% secure. You are responsible for protecting your login credentials, limiting access to your devices, and signing out of your account after use.

Changes

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated version with a revised "Last Updated" at the top of this page. If required by applicable law, we will provide additional notice (such as via email or in-app notification).

Your continued use of the Service after any changes have been posted constitutes your acceptance of those changes. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

Contact

If you have any questions, concerns, or complaints about how we collect, use, or store your personal information, or if you wish to exercise your privacy rights, please contact us at [joshua.zhangczj@gmail.com]