Privacy Policy
Last updated: March 2026 · Applies to: didudo App & Website
1. Data Controller
The data controller responsible under the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Gurwinder Singh
Waldstr. 148
63263 Neu-Isenburg
Germany
Email: hello@didudoapp.com
2. General Information
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection regulations and this Privacy Policy.
Personal data is any information that can be used to identify you personally. This Privacy Policy explains what data we collect and how we use it — for both our website and the didudo iOS app.
3. Data Processing on Our Website
3.1 Server Log Files
When you visit our website, your browser automatically transmits data to our web server. This data is stored in server log files:
- IP address (anonymised)
- Date and time of the request
- Page / URL accessed
- Browser type and version
- Operating system
- Referring URL (previously visited page)
This data is not merged with other data sources and is automatically deleted after a maximum of 14 days.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and functional website).
3.2 Local Preferences (localStorage)
The website stores your display preferences (e.g. dark/light mode) locally in your browser using localStorage. This data does not leave your browser and is not transmitted to us.
3.3 Google Analytics
Notice: We use Google Analytics (GA4) on this website to analyse usage and improve the site. Analytics cookies are only activated after you choose to accept analytics in the privacy banner. Your choice is stored locally in your browser and can be changed at any time with the Privacy settings button. The didudo app itself does not send task data to Google Analytics.
3.4 Contact by Email
If you contact us by email, the transmitted data (name, email address, message content) will be stored for the purpose of processing your enquiry. Data will not be shared with third parties without your consent and will be deleted once the enquiry has been resolved.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in processing enquiries).
4. Data Processing in the didudo App
4.1 Privacy by Design
didudo is built so that your data stays on your device. All tasks, routines and goals are stored locally using SwiftData. AI features (Smart Assistant, speech recognition) are processed entirely on your device — no cloud upload required.
4.2 Local Data Storage
The following data is stored locally on your iPhone/iPad:
- Tasks, routines, goals and time blocks
- Categories, tags and priorities
- App settings and preferences
- Photos attached to tasks
This data only leaves your device if you enable iCloud Sync (see 4.3).
4.3 iCloud Sync (optional)
If you enable iCloud Sync, your tasks and routines are synchronised across your Apple devices via Apple's CloudKit. Data is stored in your personal iCloud account and is not accessible to us.
- Responsible for iCloud processing: Apple Inc.
- Apple's Privacy Policy: apple.com/privacy
Legal basis: Art. 6(1)(b) GDPR (performance of contract / optional feature at your request).
4.4 In-App Purchases & Subscriptions
All purchases and subscriptions are handled entirely through Apple's App Store. We do not receive any payment or credit card data. Apple processes all transaction data in accordance with its own Privacy Policy.
- Available subscriptions: didudo Premium (monthly / yearly)
- Free trial: 7 days
- Management and cancellation: Settings → Apple ID → Subscriptions
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
5. App Permissions in Detail
didudo requests the following permissions. All permissions are optional — the app works without them. You can revoke any permission at any time in iOS Settings.
| Permission | Purpose | Processing | Legal Basis |
|---|---|---|---|
| Location (always & in use) |
Location-based reminders; automatic routine adjustment based on your commute | On-device only; no transmission | Art. 6(1)(b) |
| Camera | Scanning notes, documents or photos to automatically create tasks | On-device only | Art. 6(1)(b) |
| Microphone | Hands-free task creation by voice | On-device; no cloud upload | Art. 6(1)(b) |
| Speech Recognition | Converting voice to text for tasks | On-device (Apple Foundation Models) | Art. 6(1)(b) |
| Photos (read & write) |
Attaching photos to tasks; saving task-related images | Local on-device | Art. 6(1)(b) |
| Calendar | Syncing tasks with Apple Calendar to avoid scheduling conflicts | Local; optionally iCloud | Art. 6(1)(b) |
| Reminders | Importing existing reminders as tasks | Local on-device | Art. 6(1)(b) |
| Notifications | Reminders for tasks, routines and time-sensitive events | Local; no external servers | Art. 6(1)(b) |
6. Sharing Data with Third Parties
We do not share your personal data with third parties, except where:
- you have given explicit consent,
- sharing is necessary for the performance of a contract (e.g. Apple App Store for purchases),
- we are legally obliged to do so.
Third parties involved in the operation of the app:
- Apple Inc. — App Store, CloudKit, Foundation Models, StoreKit (Privacy: apple.com/privacy)
We currently use no third-party tools for analytics, advertising or tracking.
7. Data Retention
- App data (local): Until you uninstall the app or manually delete it
- iCloud data: Until you uninstall the app or delete your iCloud account with Apple
- Server log files (website): Maximum 14 days
- Email correspondence: Until the enquiry is resolved, max. 3 years
Data subject to statutory retention obligations (e.g. invoices) is retained for up to 10 years in accordance with applicable law.
8. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
- Access (Art. 15 GDPR): You can request information about the personal data we hold about you.
- Rectification (Art. 16 GDPR): You can request correction of inaccurate data.
- Erasure (Art. 17 GDPR): You can request deletion of your data, unless statutory retention obligations apply.
- Restriction (Art. 18 GDPR): You can request restriction of processing.
- Data Portability (Art. 20 GDPR): You can receive your data in a machine-readable format.
- Objection (Art. 21 GDPR): You can object to processing based on legitimate interests.
- Withdrawal (Art. 7(3) GDPR): Any consent given can be withdrawn at any time with future effect.
To exercise your rights, contact us at: hello@didudoapp.com
Revoking App Permissions
App permissions (location, camera, etc.) can be revoked at any time in iOS Settings under Settings → Privacy & Security or directly under Settings → didudo.
9. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for Hesse, Germany is:
The Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
Postfach 3163
65021 Wiesbaden, Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: datenschutz.hessen.de
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in legislation or our services. The current version is always available on this page. We will notify you of material changes via the app.
Version: March 2026