Privacy Policy
(Version 1.0 — Effective from 2025-12-01)
1. Introduction
This Privacy Policy explains how DoDone AB, a company incorporated in Sweden, processes personal data when providing the Minyu software-as-a-service platform to business customers. It applies only to data we collect about our customers and their authorized users. Customer data stored within individual Minyu tenants is governed by our Data Processing Agreement.
2. Personal Data We Collect
We collect and process only the data necessary to provide and support the Service, including:
- Account information: name, email address, and login credentials (via Firebase authentication).
- Billing information: company name, VAT number, payment details, and invoices (processed through Stripe).
- Service data: configuration details, access logs, and support correspondence.
- Technical data: IP address, browser type, and usage timestamps for security and troubleshooting.
3. Use of Cookies
We use cookies only where necessary to operate this website and to provide the Minyu service.
On the public website (dodone.tech), we use:
- Essential cookies — required for the website to function. These cannot be disabled.
- Analytics cookies (optional) — used to collect anonymized, aggregated statistics about website traffic.
These cookies are loaded only if the visitor provides consent via the cookie banner.
The Minyu application itself uses only essential, technical cookies required for authentication and secure operation.
No analytics or advertising cookies are used within the Minyu application.
Visitors may withdraw or change their cookie consent at any time using their browser settings.
4. Purpose and Legal Basis
We process personal data only for lawful purposes, based on the following legal grounds:
- Contract performance: to create and maintain customer accounts and subscriptions.
- Legitimate interest: to ensure security, prevent misuse, and maintain service reliability.
- Legal obligation: to comply with accounting and tax regulations.
We do not process personal data for marketing or profiling.
5. Data Sharing and Sub-processors
Personal data may be shared only with sub-processors necessary to operate the Service:
| Recipient | Purpose | Location | Legal Entity |
|---|---|---|---|
| Google Cloud Platform (GCP) | Hosting and database infrastructure | Sweden | Google Cloud EMEA Limited |
| Firebase (Google LLC) | Authentication and identity management | EEA / US (with SCCs) | Google LLC |
| Stripe Payments Europe Ltd. | Payment processing and billing | Ireland | Stripe Payments Europe Ltd. |
| Google LLC (SMTP) | Transactional email delivery | EEA / US (with SCCs) | Google LLC |
All processing follows the GDPR and the EU Standard Contractual Clauses where applicable.
6. Retention
We retain personal data for as long as your organization maintains an active subscription. After termination, data is deleted or anonymized within 30 days, except where longer retention is required by law (for example, accounting records must be retained for seven years under Swedish law).
7. Data Subject Rights
Individuals whose data we process have the following rights under the GDPR:
- Access to their personal data.
- Rectification of inaccurate information.
- Erasure of data where legally permitted.
- Restriction or objection to processing.
- Data portability for information provided under contract.
- Complaint to a supervisory authority (in Sweden: Integritetsskyddsmyndigheten, IMY).
Requests may be sent to privacy@dodone.tech.
8. Security
We apply industry-standard security controls, including:
- Encryption in transit and at rest.
- Tenant isolation and role-based access control.
- Regular backups and secure deletion procedures.
- Monitoring for unauthorized access attempts.
9. Contact
For questions or privacy-related concerns, contact:
DoDone AB Email: Website: https://dodone.tech
10. Changes to this Policy
We may update this Privacy Policy from time to time to reflect operational or legal changes. Significant updates will be communicated via email or in-app notice.