Privacy Policy

Last Updated: February 10, 2026

1. Introduction

theDOING.ai ("we," "our," or "us") is committed to protecting the privacy and security of personal information we process in connection with our Customer Relationship Management (CRM) platform. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information in compliance with applicable US federal and state privacy laws.

2. Information We Collect

We collect and process the following categories of personal information:

• Contact Information: Names, email addresses, phone numbers, mailing addresses
• Business Information: Company names, job titles, professional details
• Financial Information: Net worth ranges, investible assets (as provided by users for lead qualification purposes)
• Communication Records: Email correspondence, call logs, notes, and meeting records
• Account Data: Usernames, hashed passwords, login history
• Usage Data: IP addresses, browser information, activity logs

3. How We Use Information

We process personal information for the following legitimate business purposes:

• Managing customer and lead relationships
• Sending business communications and email campaigns (in compliance with CAN-SPAM)
• Scheduling appointments and tracking interactions
• Generating reports and analytics
• Maintaining platform security and preventing fraud
• Complying with legal obligations

4. CAN-SPAM Act Compliance

Our email campaign features comply with the CAN-SPAM Act (15 U.S.C. §7701 et seq.):

• All bulk emails include accurate sender identification
• Subject lines are not deceptive or misleading
• Every email includes a clear unsubscribe mechanism
• Unsubscribe requests are honored within 10 business days
• Emails include the sender's physical postal address
• Bounced emails are tracked and removed from future campaigns
• Recipients marked as "Do Not Contact" are excluded from all future emails

5. Data Sharing & Third Parties

We do not sell personal information. We may share data with:

• Service Providers: Cloud hosting (Fly.io), email delivery services, under strict data processing agreements
• Legal Requirements: When required by law, subpoena, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. California Consumer Privacy Act (CCPA) / CPRA

If you are a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected
• Right to Delete: You may request deletion of your personal information, subject to legal exceptions
• Right to Opt-Out: You may opt out of the sale or sharing of your personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: You may request correction of inaccurate personal information

To exercise these rights, contact us at the address below. We will verify your identity and respond within 45 days.

7. Data Security

We implement industry-standard security measures including:

• Encryption of data at rest and in transit (TLS/SSL)
• Password hashing using PBKDF2-SHA256
• CSRF protection on all forms and API endpoints
• Rate limiting to prevent brute force attacks
• Session management with automatic timeout
• Comprehensive audit logging of data access and modifications
• Regular database backups
• Role-based access controls

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, or as required by law. Lead data is retained until deleted by the user. Login attempt records are retained for security purposes for 90 days. Email campaign records are retained for CAN-SPAM compliance for a minimum of 3 years.

9. Telephone Consumer Protection Act (TCPA)

Our platform supports call logging and management. Users of this platform are responsible for ensuring their calling practices comply with the TCPA, including maintaining Do Not Call lists and obtaining proper consent before making telemarketing calls.

10. Children's Privacy

Our platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last Updated" date and, where appropriate, providing additional notice.

12. Contact Us

For privacy inquiries, data access requests, or to exercise your rights, please contact us through the platform's administrative settings or email the system administrator.