Dudum is a quiet product, and this policy tries to be too. It’s short, honest, and meant to be read. Here’s what we collect, why we collect it, and what we don’t do with it.
1. Who we are
Dudum (“Dudum”, “we”, “us”) is a mobile application that lets you write sealed letters to your future self. The app is operated by Star48. If you have questions about this policy, you can contact us at hello@dudum.app.
2. What we collect
We try to collect as little as possible. In practice, that means:
- Your identity. When you sign in with Apple or Google, we receive a verified email address and a unique identifier. That email becomes your delivery address.
- Your letters. Whatever you write: the title, the body, any photos you add, and the delivery date you pick. Stored securely and only accessible to you.
- Purchase records. If you buy Platinum, we receive a confirmation from Apple or Google that the purchase was made under your account. We do not receive or store your payment card details.
- Device and usage data. Basic analytics (which screens get opened, whether onboarding was completed, anonymous crash reports) so we can fix bugs and make the app less annoying. None of this is tied to the content of your letters.
3. What we don’t do
- We don’t read your letters.
- We don’t sell your data, now or later.
- We don’t share your data with advertisers.
- We don’t run ads inside the app.
- We don’t send you marketing emails. The only emails you’ll get from us are letter deliveries and important service notices.
4. How we use what we collect
The data we collect is only used to:
- Deliver your letters on the date you chose.
- Let you sign in and access your account.
- Remember your Platinum purchase so it follows you across devices.
- Diagnose crashes and fix performance issues.
- Comply with the law when we’re required to (for example, a valid legal request).
5. Where your data lives
Your letters and account data are stored with industry-standard cloud providers (including Google Firebase) in encrypted form. Data in transit is protected with TLS. Data at rest is encrypted by our infrastructure providers.
Purchases are handled entirely by Apple’s App Store and Google’s Play Store. We use RevenueCat to reconcile those purchases with your account. Analytics, where applicable, is processed by Amplitude. Crash reporting is processed by Firebase Crashlytics.
6. Children
Dudum isn’t meant for children under 13 (or the equivalent minimum age where you live). We don’t knowingly collect personal data from children. If you believe a child has given us personal data, please contact us and we’ll delete it.
7. Your rights
You can delete your account at any time from the app. Deleting it removes your letters and personal data from our systems, including sealed letters that haven’t been delivered yet. This can’t be undone.
Depending on where you live, you may also have the right to access, correct, export, or restrict the processing of your personal data. To exercise any of these rights, email hello@dudum.app. We’ll respond within the time required by your local law.
8. Data retention
We keep your letters and account data for as long as your account is active. When you delete your account, the associated data is removed from our production systems within 30 days. Backups rotate on a regular schedule, and any remaining copies are gone within 90 days.
If Dudum is ever shut down, we’ll give you at least 90 days of warning and send any sealed letters we’re holding to the email address on file before we delete them from our servers.
9. Changes to this policy
If we make meaningful changes to this policy, we’ll update the date at the top of the page and let you know inside the app before anything takes effect.
10. Contact
Questions about privacy? Write to hello@dudum.app.