Effective January 1, 2025

This Privacy Policy ("Policy") describes how Doable LLC ("Doable," "we," "our," or "us") collects, uses, and discloses your personal information when you use our website (doable.net), mobile application, and any related services (collectively, the "Services"). This Policy is incorporated into and subject to our Terms of Use.

By accessing or using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please do not use the Services.

This Policy applies to all users of the Services, including account holders, visitors, and those who schedule meetings via the Services (collectively, "Users" or "you").

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including but not limited to the California Consumer Privacy Act (CCPA) and other U.S. state privacy laws, the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and other international privacy regulations. This Policy is designed to be binding in all jurisdictions where we operate, to the extent required by local laws.

Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked to a particular individual or household ("Personal Information" or "Personal Data"). The types of Personal Information we may collect include:

• Account Information: When you create an account, we collect your name, email address, password, and any other information you provide during registration.
• Scheduling Information: Details related to appointments and meetings, such as dates, times, participant names, email addresses, and any notes or attachments you provide.
• Contact Information: Phone numbers if provided for SMS notifications.
• Usage Data: Information about how you interact with the Services, including IP address, browser type, device information, pages visited, and timestamps.
• Payment Information: Billing details, such as credit card information, processed through third-party payment processors (we do not store full payment card details).
• Communications: Any messages, feedback, or inquiries you send to us.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activities and preferences.

We collect this information directly from you when you provide it, automatically as you use the Services, or from third parties (e.g., calendar integrations with your consent).

How We Use Your Information

We use the Personal Information we collect for the following purposes:

• To provide and maintain the Services, including facilitating scheduling, sending notifications, and managing accounts.
• To process payments and manage subscriptions.
• To communicate with you, including sending transactional emails, reminders, and updates about the Services.
• To improve and personalize the Services based on usage data.
• To comply with legal obligations and enforce our Terms of Use.
• For security and fraud prevention.
• With your consent, for marketing purposes, such as sending promotional emails (you may opt-out at any time).

We process your Personal Data based on legal grounds such as your consent, the performance of a contract, legitimate interests, or legal obligations, as required under applicable laws like the GDPR.

We do not use your Personal Information for purposes beyond those described in this Policy without your consent.

Sharing Your Information

We may share your Personal Information with:

• Service Providers: Third parties that assist us in operating the Services, such as payment processors, email services, and analytics providers. These providers are contractually obligated to protect your information and act as data processors under GDPR where applicable.
• Business Partners: With your consent, we may share information for integrated services (e.g., calendar syncing).
• Legal Requirements: If required by law, subpoena, or to protect our rights, property, or safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your Personal Information to third parties. However, under the CCPA, certain disclosures may be considered a "sale" – please see the CCPA section below for details. For GDPR purposes, we ensure any sharing complies with data protection requirements.

Data Security

We implement reasonable security measures to protect your Personal Information from unauthorized access, use, or disclosure. However, no method of transmission over the Internet or electronic storage is 100% secure, so we cannot guarantee absolute security.

Your Rights and Choices

You have certain rights regarding your Personal Information, including:

• Access: Request details about the Personal Information we hold about you.
• Correction: Update inaccurate information.
• Deletion: Request deletion of your Personal Information (subject to legal exceptions).
• Opt-Out: Opt-out of marketing communications or certain data sharing.
• Non-Discrimination: We will not discriminate against you for exercising these rights.

To exercise these rights, contact us at support@doable.net. We may require verification of your identity.

For CCPA Rights (California Residents): You have the right to know, delete, and opt-out of the sale of your Personal Information. We do not sell Personal Information, but if this changes, we will update this Policy and provide opt-out options.

Residents of other states may have similar rights under applicable laws (e.g., Virginia's CDPA, Colorado's CPA). We will comply with such laws as they apply.

For International Users (e.g., GDPR Rights for EU/EEA Residents): You have rights to access, rectify, erase, restrict processing, data portability, and object to processing. We process data under lawful bases such as consent or legitimate interests. If you withdraw consent, it won't affect prior processing. Contact us or your local data protection authority for complaints.

Similar rights apply under other international laws, such as PIPEDA in Canada.

Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect Personal Information from children under 18. If we become aware of such collection, we will delete it.

International Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. For transfers from the EU/EEA, UK, or other regions with strict data export rules, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other mechanisms to ensure compliance with laws like the GDPR.

If you are located outside the United States, please be aware that your Personal Data will be transferred to the U.S., which may have different data protection standards.

Changes to This Policy

We may update this Policy from time to time. We will notify you of significant changes by posting the new Policy on our website with a revised effective date. Your continued use of the Services after changes constitutes acceptance.

Contact Us

If you have questions about this Policy, contact us at support@doable.net.