Introduction
Cedar Dynamics ("we," "us," or "our") built Douglas as a family AI assistant that helps households stay organized through calendar management and messaging. This Privacy Policy explains how we collect, use, and protect your information when you use Douglas. We are committed to protecting your privacy and being transparent about our data practices.
Information We Collect
Douglas collects and processes the following types of information to provide its services:
- •Account Information: Your name, email address, and profile photo from Google Sign-In, used to create and authenticate your account.
- •Google Calendar Data: We access your Google Calendar events (read-only) and calendars created by Douglas to display and manage your schedule. Calendar data is accessed using OAuth 2.0 tokens that you explicitly grant.
- •WhatsApp Phone Number: If you enable WhatsApp messaging, you provide your phone number so Douglas can send and receive messages on your behalf.
- •Messages: Messages you send to and receive from Douglas via WhatsApp or the in-app chat are processed to generate AI responses. Message history is stored to maintain conversation context.
- •Household & Settings Data: Family member names, preferences, timezone, and configuration you set within the app.
How We Use Your Information
- •Provide the Service: Process your messages, manage calendar events, and deliver AI-powered responses and daily summaries.
- •Calendar Integration: Read your Google Calendar to provide schedule summaries, answer scheduling questions, and create events in Douglas-managed calendars.
- •WhatsApp Messaging: Send you proactive messages (daily summaries, reminders) and respond to your questions via WhatsApp.
- •Personalization: Remember your preferences, family context, and conversation history to provide relevant, personalized responses.
Google API Services Usage Disclosure
Douglas's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Douglas requests the following Google OAuth scopes:
- •calendar.readonly — To read your calendar events and display your schedule, generate daily summaries, and answer scheduling questions.
- •calendar.app.created — To create and manage calendars and events that Douglas creates on your behalf (e.g., shared family calendars).
Limited Use Compliance
- ✓We only use Google data to provide and improve the features you explicitly use
- ✓We do not transfer Google data to third parties except as necessary to provide the service (AI processing)
- ✓We do not use Google data for advertising or sell it to data brokers
- ✓We do not use Google data to build user profiles for advertising
Data Storage & Security
Your data is stored on secure servers hosted by Railway (our cloud infrastructure provider). We implement the following security measures:
- ✓All data transmitted over HTTPS/TLS encryption
- ✓OAuth 2.0 tokens are stored securely and refreshed automatically
- ✓API authentication via unique user credentials
- ✓WhatsApp webhook requests verified via HMAC-SHA256 signature
- ✓iOS Keychain used for secure credential storage on-device
Third-Party Services
Douglas uses the following third-party services to deliver its functionality:
Google Calendar API
Used to read your calendar events and create events in app-managed calendars. Access is granted via OAuth 2.0 and can be revoked at any time through your Google Account settings.
Meta WhatsApp Business API
Used to send and receive messages between you and Douglas. Messages are processed through Meta's WhatsApp Business Cloud API. Please refer to WhatsApp's Privacy Policy for information on how Meta handles message data.
xAI (AI Processing)
Your messages and relevant context (calendar events, family information) are sent to xAI's Grok API to generate intelligent responses. We send only the information necessary to produce a helpful response.
Apple StoreKit
In-app purchases are processed by Apple through StoreKit. We do not have access to your payment information. Please refer to Apple's Privacy Policy for details.
Device Permissions
Calendar Access
Used to display and edit calendar events natively on your device. This is separate from the Google Calendar API integration and only used for the in-app calendar editor.
Contacts Access
Used solely to save Douglas as a contact on your device so you can easily recognize messages from your assistant on WhatsApp. No contact data is uploaded or shared.
Data Retention
We retain your data for as long as your account is active. Specifically:
- •Account data is retained until you delete your account.
- •Message history is retained to provide conversation context and can be deleted by you at any time.
- •OAuth tokens are retained until you revoke access or delete your account.
- •Calendar data is accessed in real-time and not permanently cached on our servers.
Your Rights (GDPR & CCPA)
You have the following rights regarding your data:
- ✓Access: Request a copy of the data we hold about you
- ✓Deletion: Request deletion of your account and all associated data
- ✓Revoke Access: Disconnect Google Calendar or WhatsApp at any time
- ✓We do not sell your personal information
- ✓We do not use your data for targeted advertising
To exercise any of these rights, see our Data Deletion page or contact us at team@cedardynamics.com.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. We encourage you to review this policy periodically. If we make significant changes to how we handle your data, we will notify you through the app.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us: