Privacy Policy

1. INTRODUCTION, PHILOSOPHY, AND MISSION STATEMENT

Welcome to Dobiko Task — more than just an application, it is a dedicated environment engineered for the digital age's most critical challenge: the reclamation of human focus. We live in a world where "The Attention Economy" treats your time and focus as raw materials to be extracted and sold. Dobiko Task was created to be the antidote to this cycle, providing a secure, independent space where you can disconnect from distractions and reconnect with your goals.

Our Mission: Digital Empowerment

Our mission is to equip you with the tools necessary to master two fundamental pillars of a successful life: intentional habits and ambitious goals. We believe that when a person controls their time and their targets, they achieve true digital and personal independence.

Our Philosophy: Privacy as a Human Right

At the core of Dobiko Task is a radical, uncompromising belief: Your progress belongs only to you. Most modern applications operate on a "Cloud-First" model, which means every habit you track and every goal you set is instantly mirrored on a distant server. Dobiko Task rejects this model entirely. We have built this app on a "Privacy-by-Default" architecture. This means:

• Total Data Sovereignty: Your device is the beginning and the end of your data's journey
• Offline Maturity: Dobiko Task core features are designed to work as a "closed-loop" system that does not depend on our servers
• A Sacred Space for Growth: By keeping your personal reflections and milestones strictly local, we ensure they remain hidden from the prying eyes of the internet

Important Note on Third-Party Services: While Dobiko Task itself does not operate servers, certain third-party services we integrate (Google AdMob for advertising and RevenueCat for subscription management) do communicate with their own servers. These are fully disclosed in Section 6 of this policy.

2. DATA SOVEREIGNTY AND THE LOCAL-FIRST ARCHITECTURE

At Dobiko Task, we define "Data Sovereignty" as your absolute right to own, control, and protect your personal information without interference.

A. Total Data Authority

You are the supreme authority over every habit and goal you enter. Because we do not use cloud accounts or centralized storage, we (the developers) never operate as "Data Controllers" or "Data Processors" of your personal content. By design, we never touch, see, or handle your habits, goals, or journal entries.

App Functionality and Local Processing
Dobiko Task may process your data locally on your device strictly for app functionality, including:

• Calculating habit streaks and completion rates
• Analyzing app usage for the Addiction Control feature
• Scheduling local notification reminders
• Maintaining your personal notes and journal
• Managing your Manual Data Backups (Export/Import)

This processing happens entirely within your device's sandbox and is never uploaded, transmitted, or shared with us.

B. Offline Maturity and Independence

• Zero Background Mirroring: Unlike traditional apps, Dobiko Task's core features are a "closed-loop" system. Your device is the final destination of your personal content.
• Standalone Core Functionality: The app's habit tracking, goal setting, notes, and addiction control features are engineered to be functional without an internet connection. Network connectivity is only required for ads (AdMob) and subscription management (RevenueCat).

C. Technological Isolation and Safety

• Sandbox Protection: Your information is stored within Dobiko Task's protected application sandbox. This specialized storage is inaccessible to other third-party applications installed on your device.
• Developer Inaccessibility: Since we do not maintain central databases, we have no physical or digital "Master Key" to your sensitive information.

3. EXHAUSTIVE BREAKDOWN: WHAT DATA LIVES ON YOUR DEVICE

To ensure total transparency, here is the complete list of data categories that reside exclusively on your device:

• A. Habit Tracker Ecosystem: Habit names, descriptions, custom icons, historical daily/weekly/monthly completion logs, locally generated streak analytics, and personal habit notes.
• B. Goal & Target Architecture: Vision statements, goal titles, detailed descriptions, milestone checkpoints, target deadlines, and locally generated progress calculations.
• C. Personal Thoughts & Notes: Every word of every note or journal entry is saved in a local encrypted database. This content never leaves your device under any circumstances.
• D. Digital Well-being Monitoring: Real-time usage logs of other applications during your Addiction Control sessions, daily usage totals, limit configurations (which apps are blocked, for how long), and deep work focus statistics. All of this data is processed and stored locally.
• E. Manual Backup Files (User-Generated): If you use the Export feature, a backup file containing your habits, goals, and notes is created and stored in a location of your choice on your device. We do not have access to these files.
• F. Personalized Settings & Profile: Theme choices, color preferences, display settings, and your profile photo (if you choose to set one). Your profile photo is stored locally in the app's sandbox.
• G. Age & Profile Preferences: If you optionally enter demographic preferences (such as age group) within the app for personalization purposes, this information is stored exclusively on your device and is never transmitted to us.

4. PASSWORD VAULT AND SECURITY

A. Biometric Authentication (Fingerprint & App Lock)

Dobiko Task offers optional security features such as App Lock and Password Vault Lock using a custom PIN or your device’s native Biometric Authentication (e.g., Fingerprint). Biometric authentication is processed entirely by your device's operating system. We do not collect, store, transmit, or have any access to your biometric data.

B. Password Vault & Local Storage (Zero-Knowledge)

Our Password Vault operates on a strict 'offline-first' and 'zero-knowledge' architecture. All passwords, notes, and habits you save are stored exclusively on your device's local storage in an encrypted format. We do not use cloud servers to sync your data, meaning we cannot view, intercept, or recover your saved passwords.

C. Data Export & Erasure

Users have the option to export their app data (including passwords, if explicitly enabled by the user) for backup purposes. These export files are generated locally. It is solely the user's responsibility to store these backup files securely. Additionally, if you forget your App Lock PIN, the app provides a 'Reset & Wipe All Data' option. Users can choose whether to preserve or erase their passwords during this reset. Once erased, the data is permanently deleted from the device and cannot be recovered.

5. END-TO-END ENCRYPTION (E2EE)

A. Data Security and End-to-End Encryption

We prioritize the highest level of security and confidentiality for your sensitive information. Dobiko Task employs state-of-the-art End-to-End Encryption utilizing Advanced Encryption Standard (AES) algorithms to secure your private notes, passwords, and other highly sensitive inputs.

B. Local Key Storage

The cryptographic keys required to encrypt and decrypt your data are generated and stored securely and exclusively on your local device. We do not transmit your encryption keys to our servers, nor do we retain any copies of them.

C. Zero-Knowledge Architecture

Because the encryption and decryption processes happen entirely on your device, we operate on a strict "zero-knowledge" basis. This means that the developers of Dobiko Task have absolutely no access to your plaintext data. We cannot read, retrieve, intercept, share, or sell your encrypted information under any circumstances. You retain full ownership and sovereignty over your data.

6. PASSWORD MANAGER & AUTOFILL SERVICE

Dobiko Task includes a built-in Password Manager that integrates with Android's native Autofill Framework (Android 8.0+) to automatically fill your credentials into other applications on your device.

A. What We Store

When you save a password manually or allow Dobiko Task to save credentials from another app, we store the following information locally on your device only: the app/website title, username or email address, and password. Nothing is sent to any server.

B. How We Protect Your Passwords

All passwords stored within Dobiko Task are protected using End-to-End Encryption (AES-256). The encryption key is generated uniquely for your device and stored in Android's secure hardware-backed Keystore. We, the developers, have zero access to your stored credentials at any time.

C. Autofill Data Flow — 100% Local

When the Autofill Service is active, Dobiko Task detects which application you are currently using and checks whether a matching credential exists in your local encrypted vault. This process happens entirely on your device. No credential data, app usage information, or autofill activity is ever transmitted to our servers or to any third party.

D. What We DO NOT Do

• Upload your passwords to any external server
• Share your credentials with any third party including advertisers
• Use your saved passwords for any purpose other than filling them back into the apps you choose
• Log, track, or monitor which apps you use with autofill

7. DEVICE PERMISSIONS — FULL DISCLOSURE

Dobiko Task requests the following Android permissions. Each permission is used strictly for the stated purpose:

A. Usage Access Permission (android.permission.PACKAGE_USAGE_STATS)

Purpose: This permission allows Dobiko Task to query Android's UsageStatsManager to determine how long each application has been used during a given day. This data is used exclusively to:

• Display your screen time statistics per app
• Track how long you have used an app with an active time limit
• Trigger the block overlay when a configured time limit has been reached

Data Handling: This usage data is processed in real-time, on your device only. It is never uploaded to any server.

B. Accessibility Service (android.permission.BIND_ACCESSIBILITY_SERVICE)

Purpose: This permission allows Dobiko Task Accessibility Service to perform core digital wellness and focus features. This is used exclusively to:

• App Guard (App Blocker): Detect when a restricted app transitions to the foreground and display the focus block overlay screen.
• Screen Dimmer (True Extra Dim): Draw a system-wide dark overlay using the accessibility overlay window layer to reduce your screen brightness below the device's physical minimum limit.

Data Handling: The Accessibility Service does NOT collect, record, or transmit any of the following: Keystrokes or text typed on your keyboard, passwords or secure credentials, screen content/photos, or personal communications. The service runs completely locally on your device.

B1. Full Accessibility Service Disclosure (Google Play Policy Compliance)

To comply with Google Play Developer Policies and ensure maximum transparency, we disclose the following regarding our use of this API:

• Purpose of Use: The Accessibility Service is used strictly to detect the package name of the application currently active on your screen. This allows Dobiko Task to enforce the usage limits you have configured and block distracting applications automatically.
• Strict No-Data-Collection Policy: We DO NOT use the Accessibility Service API to collect, record, log, or transmit any of your personal data.
• No Screen Reading or Keylogging: We DO NOT use the service to read your screen content, monitor your typing history (keylogging), intercept your private messages, or observe your interactions with other apps beyond detecting the active app's package name for blocking purposes.
• 100% Local Processing: All monitoring and blocking actions executed via the Accessibility Service happen entirely offline and locally on your device. No data related to your app usage behavior is ever sent to our servers or shared with any third parties.

C. System Alert Window (android.permission.SYSTEM_ALERT_WINDOW)

Purpose: Used to display the block screen overlay over restricted apps when their time limit is reached. Also used to display the optional night-mode dimmer overlay. This permission operates entirely on your device.

D. Foreground Service (android.permission.FOREGROUND_SERVICE)

Purpose: Dobiko Task runs a persistent Foreground Service in the background to accurately monitor app usage in real time. This service is essential to ensure that time limits are enforced correctly.

E. Query All Packages (android.permission.QUERY_ALL_PACKAGES)

Purpose: This permission allows Dobiko Task to retrieve the full list of applications installed on your device so you can browse and select which apps to block. The list is read and displayed within the app only.

F. Post Notifications (android.permission.POST_NOTIFICATIONS)

Purpose: Used for displaying the persistent Foreground Service notification and sending you optional scheduled habit reminder notifications. Content is generated locally.

G. Read/Write External Storage & Media

Purpose: Used to allow you to select a custom profile photo and to let you save or import your manual backup file (.Dobiko Task) to your device storage.

6. CHILDREN'S PRIVACY AND SAFETY PROTOCOLS

Dobiko Task is committed to providing a safe environment for users of all ages.

• No Personal Data Collection: We do not request or collect names, emails, phone numbers, or location data. There is no account creation.
• Structural Safety: No cloud storage means no technical avenue for a child to accidentally leak private information.
• No Social Interaction: Dobiko Task is a solo productivity tool. There are no chat rooms or social features.
• Third-Party Advertising: Google AdMob may collect device identifiers. We configure ad requests to comply with COPPA and GDPR-K.

7. THIRD-PARTY SERVICES AND DATA DISCLOSURE

Dobiko Task integrates the following third-party SDKs, which operate under their own independent privacy policies:

• Google Mobile Ads SDK (AdMob): Used to display advertisements. AdMob may collect Android Advertising ID, IP address, device details, and ad interaction logs. Privacy Policy: https://policies.google.com/privacy
• RevenueCat: Used to manage in-app Pro subscriptions. Collects purchase history and subscription status. Does NOT collect personal contact info or payment details. Privacy Policy: https://www.revenuecat.com/privacy

8. DATA RETENTION, SECURITY, AND BACKUPS

• Device-Level Security: We strongly advise enabling your smartphone's native biometric lock or a strong PIN/password.
• The "No Cloud" Restoration Reality: We do not store your data on our servers. You are responsible for maintaining your own backups.
• Manual Export & Import: You can generate a backup file of your local data at any time.
• Encrypted Local Storage: Stored in Android's encrypted application sandbox.

9. DATA DELETION, CLEARANCE, AND PERMANENCY

You can manually delete individual items like habits, notes, and passwords. You can also reset the app entirely using two methods:

• In-App Reset: Using the "Reset & Wipe All Data" option within the App Lock screen will permanently delete all your personal data (habits, goals, passwords, etc.), but will intentionally preserve your App Guard (App Addiction Control) settings.
• System Clear Data: Using your device settings (Settings → Apps → Dobiko Task → Clear Data) or uninstalling the app will permanently delete the entire app sandbox, including all your personal data and App Guard settings.

Once data is deleted through any of these methods, it is gone forever as we have no cloud servers to recover it.

10. REGULATORY COMPLIANCE AND YOUR PRIVACY RIGHTS

We respect GDPR and CCPA. Because Dobiko Task operates on a local-first architecture, you have full and direct control over your information:

• Right to Access & Portability: View or export your data anytime.
• Right to Rectification/Deletion: Edit or delete any data directly within the app.
• Right to Restriction: Disable any permission from device settings.
• Right to Object: Opt out of personalized ads via your device's Google Ad settings.

11. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy. Significant changes will be announced within the app. Continued use constitutes acceptance.

12. BUILD & HEALTH TRACKING FEATURES

Your privacy is our highest priority. This section details how we handle the data and permissions related to the "Build" screen, which includes the Nutrition Tracker, Transformation Gallery, BMI Calculator, and 30-Day Challenge.

12.1 Permissions We Request

To provide you with the best experience, the Build features may request the following permissions on your device:

• Camera Permission: Requested when you use the Transformation Gallery to take live progress photos. We only access the camera when you explicitly tap the button to capture a photo.
• Storage / Photo Library Permission: Requested when you choose to upload an existing photo from your gallery into the Transformation Gallery. We only access the specific photos you select.

12.2 How Your Health & Image Data is Handled

• 100% Local Storage: All the data you input in the Build screen—including your height, weight, BMI, daily nutrition logs (calories & protein), challenge progress, and transformation photos—is stored locally on your device.
• No Cloud Uploads: We do not upload, sync, or transmit your personal health data or photos to any external cloud servers, third-party databases, or developer servers. Your photos remain strictly on your phone.
• No Third-Party Sharing: Since we do not collect this data, we cannot and will not sell, trade, or share your personal health information or images with advertisers or third parties.

12.3 Data Retention and Deletion

• Your data is retained only for as long as you keep the app installed on your device.
• You have full control over your data. You can delete your transformation photos individually at any time, or use the "Reset Build Progress" option in the Profile settings to permanently wipe all your Build data from your device.
• If you uninstall the app without manually backing up your data, all your health tracking and photos will be permanently deleted.

12.4 Third-Party Services (Ads)

For users on the free tier, we use Google AdMob to display banner and video ads within certain parts of the Build screen (such as the BMI calculator). These advertising services may collect non-identifiable usage data to serve relevant ads. However, they do not have access to your personal health inputs or transformation photos.

13. CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at: dobikotask@gmail.com