Privacy Policy for dopelist

Last Updated: May 6, 2025

DOPELIST SOCIETY, S.L. ("dopelist," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"), our WhatsApp bot (the "Bot"), our website dopelist.com (the "Site"), and any related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

We are DOPELIST SOCIETY, S.L., with registered office at SANT ELIES, 41 BARCELONA, Spain. We are the data controller for the personal data collected through the Services. You can contact us at hello@dopelist.com.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Services includes:

Personal Data You Provide to Us:

• Account Information: When you register for an account, we collect your phone number and may also collect your name, email address, username, and profile picture.
• User Content: We collect the information you save to dopelist, which can include text, links, images (and the data within them), voice notes, locations, and any other data you choose to input (e.g., information about places, movies, books, products, notes, people). This may include personal and sensitive information, depending on what you choose to save.
• Communications: If you contact us directly (e.g., via email for support), we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
• Information via WhatsApp Bot: When you interact with our Bot on WhatsApp, we collect the content of your messages, including any User Content you provide. Your interactions with WhatsApp are also governed by WhatsApp's Privacy Policy.

Data Collected Automatically:

• Usage Data: We automatically collect certain information when you access and use the Services, such as your IP address, device type, operating system version, browser type, access times, pages viewed, features used, the referring URL, and general usage analytics.
• Device Information: We may collect information about the mobile device you use to access our App, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
• Location Data: We may collect precise location data from your mobile device if you grant us permission to do so. We use this information, for example, to help identify places you save (e.g., from screenshots, links, or notes) and to enhance the AI enrichment process. You can disable location services through your device settings, but this may limit certain functionalities.
• Information from Cookies and Similar Technologies: We and our service providers use cookies, web beacons, and similar tracking technologies to collect information about your interaction with our Site and App, such as your Browse activities, preferences, and to help us analyze and improve our Services. For more details, see Section 8 ("Cookies and Tracking Technologies").

Information from Third Parties:

• Third-Party APIs: When we enrich your User Content using AI and other data enrichment APIs (e.g., OpenAI, Google Gemini, various other APIs for books, restaurants, etc.), we may receive information from these services that relates to your User Content (e.g., a book's author, a restaurant's address and photos).

2. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide, operate, maintain, and improve our Services.
• Create and manage your account and personalize your experience.
• Process your User Content, including using AI to enrich, categorize, and organize it into lists (e.g., if you save a restaurant, it may be automatically added to a "Restaurants" list).
• Respond to your comments, questions, and requests, and provide customer service and support.
• Communicate with you about the Services, including sending you technical notices, updates, security alerts, and administrative messages (via in-app notification, SMS, WhatsApp, or email).
• Monitor and analyze trends, usage, and activities in connection with our Services to improve them.
• Detect, investigate, and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
• Comply with legal obligations.
• For any other purpose for which the information was collected, with your consent where necessary.
• Future Uses:
  • If we introduce Paid Services, to process payments.
  • If we introduce advertising, to display relevant ads (this will be subject to your choices and consents where required).

3. Legal Basis for Processing Personal Data (for EEA/UK Users)

If you are from the European Economic Area (EEA) or the UK, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

• Performance of a Contract: We process your personal data to provide and maintain the Services you request, as set out in our Terms of Service (e.g., creating your account, processing your User Content, providing AI enrichment). This is based on Art. 6(1)(b) GDPR.
• Legitimate Interests: We process your personal data for our legitimate interests, such as to improve our Services, for analytics, for security purposes, and to communicate with you about administrative matters, provided that such processing shall not outweigh your rights and freedoms (Art. 6(1)(f) GDPR).
• Consent: We will obtain your consent for certain processing activities, such as collecting precise location data (unless essential for a service you requested), sending direct marketing communications (if applicable in the future), or using certain types of cookies (Art. 6(1)(a) GDPR). You can withdraw your consent at any time.
• Legal Obligation: We may process your personal data if necessary to comply with a legal obligation (Art. 6(1)(c) GDPR).

4. Sharing Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Your Consent or at Your Direction: We will share your information with third parties when we have your consent to do so or when you direct us to (e.g., when you choose to share a list via a link).
• Service Providers: We share information with third-party vendors, consultants, and other service providers who need access to such information to carry out work on our behalf. This includes:
  • Cloud hosting providers (e.g., Google Cloud, Render) for data storage and processing.
  • AI service providers (e.g., OpenAI, Google Gemini) to provide the AI enrichment features.
  • Data enrichment API providers to fetch additional information about items you save.
  • Analytics providers (e.g., Google Analytics) to help us understand usage of our Services.
  • Communication service providers for sending SMS, WhatsApp, or email notifications.
  These providers are authorized to use your personal information only as necessary to provide these services to us and are contractually obligated to protect your information. We have or will have Data Processing Agreements (DPAs) in place with these providers where required by GDPR.
• Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
• Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of dopelist, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
• Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), UK, or Switzerland, this means your personal data may be transferred outside of these regions, including to the United States, where our service providers (like OpenAI, Google) may be located. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For such transfers, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful mechanisms, and we ensure our third-party service providers also have appropriate safeguards in place.

6. Data Retention

We will retain your personal information for as long as your account is active or as needed to provide you the Services. We will also retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you delete your account, we will delete your personal information, except where we are legally required to retain it or for legitimate business purposes (e.g., for backup archives, fraud prevention, or to fulfill our legal obligations) for a limited period. User Content may persist in backups for a reasonable period.

7. Your Data Protection Rights (EEA/UK Users)

If you are a resident of the EEA or UK, you have the following data protection rights:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions (e.g., for direct marketing or processing based on legitimate interests).
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. For Spain, this is the Agencia Española de Protección de Datos (AEPD - www.aepd.es).

To exercise any of these rights, please contact us at hello@dopelist.com. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

What are Cookies? Cookies are small text files placed on your device (computer, mobile phone, tablet) when you visit websites or use apps. They are widely used to make websites and apps work, or work more efficiently, as well as to provide information to the owners of the site/app.

How We Use Cookies: We and our third-party service providers use cookies and similar technologies (e.g., web beacons, pixels) on our Site and potentially within our App for various purposes:

• Strictly Necessary Cookies: These are essential for the Site and App to function (e.g., for user login, security). You cannot opt out of these.
• Performance and Analytics Cookies: These help us understand how you interact with our Services, which features are most popular, and to improve performance (e.g., Google Analytics). These cookies collect information in an aggregated form.
• Functionality/Preference Cookies: These allow us to remember choices you make (e.g., your username, language, or region) and provide enhanced, more personal features.
• Marketing/Advertising Cookies (Future Use): If we implement advertising, these cookies would be used to deliver advertisements more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns.

Your Choices Regarding Cookies:

• Browser Settings: Most web browsers allow you to control cookies through their settings. You can usually find these settings in the "options" or "preferences" menu of your browser.
• Cookie Consent Tool (Website): When you first visit our Site, you may be presented with a cookie banner allowing you to manage your preferences for non-essential cookies.
• Mobile App Settings: For our App, you can control certain tracking technologies through your device settings (e.g., by limiting ad tracking).
• Google Analytics: To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

Do Not Track: Some web browsers may transmit "Do Not Track" signals. We currently do not take action in response to these signals.

A more detailed Cookie Policy may be provided separately on our Site in the future.

9. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. We use encryption at rest and in transit for your data. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or 14 in Spain, if they are solely subject to Spanish jurisdiction for consent). We do not knowingly collect personal information from children under this age. If we become aware that a child under the relevant age has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at hello@dopelist.com.

11. Data Protection Officer (DPO)

DOPELIST SOCIETY, S.L. has not currently appointed a formal Data Protection Officer as it is not mandatory for our current scale of operations. However, for any questions related to data protection or this Privacy Policy, you can contact our designated team at hello@dopelist.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our Site and updating the "Last Updated" date. For material changes, we will also notify you via in-app notification, SMS, or WhatsApp message. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

DOPELIST SOCIETY, S.L.
SANT ELIES, 41
BARCELONA, Spain
Email: hello@dopelist.com