Last modified November 23, 2022 with an effective date of November 23, 2022
This privacy policy ("Policy") informs you of practices when handling your Information through the Services (both as defined below). In this Policy, "Doist", "we" or "us" refers to Doist Inc., a company registered in Delaware with its registered address located at 251 Little Falls Drive, Wilmington, DE 19808. We are the data controller under the applicable privacy laws.
For the purpose of this Policy, "Information"means any information relating to an identified or identifiable individual. This includes Information you provide or generated when you use: (a) our apps, including Todoist and Twist (each an "App"and collectively the "Apps"); and (b) doist.com and any other dedicated Doist websites, such as todoist.com and twist.com which link to this policy ("Website"and together with the "Apps"the "Services"). When you use the Services, you accept and understand we collect, process, use and store your Information as described in this Policy. If you do not agree with this Policy, you must not use any of the Services. If you change your mind in the future, you must stop using the Services and you may exercise your rights in relation to your Information as set out in this Policy.
1. Information we collect
We will collect and use the following Information about you:
-
Information you provide to us
- Registration information : for example, when you create an account on the Website, you will be asked to provide your name, job title, email, phone number, VAT ID and a password. For Todoist Pro, Todoist Business, or Twist Unlimited customers, which are paid Services, we also collect your billing address, transaction information, tax identification number, Stripe identification number, mobile phone number and invoice address ("Payment Information").
- Information collected via voluntary activities: for example, when you communicate with us via email, or participate in surveys, we ask you to provide your email address and any Information you choose to provide to allow us to assist you.The Information we collect from you varies depending on the survey, but we typically ask you questions about your interests and habits, your opinion about different products and services and what you‘d like to be offered in the future. We also collect your ratings, opinions, preferences, questions, pictures, and responses associated with that survey.
-
Information we automatically collect or is generated about you when use the Services
-
Identifiers, such as your IP address, device ID, and device information (such as model, brand and operating system).
-
Geolocation information, such as your GPS information when you use the location reminder feature of the Services. Where required, we will obtain your consent prior to collecting such information.
-
Cookies: we use cookies and other similar technologies ("Cookies") to enhance your experience when using the Services. For more information about our Cookies policy, see below How We Use Cookies and Similar Technologies section.
-
Information you generate when using the Services: You may provide Information as part of your use of the Services, including any information you provide when sending messages through the Services. Also, if you choose to share and collaborate on a task with your co-workers or friends, we will collect the email address of your co-workers or friends.
Please make sure you have permission from your co-workers or friends before sharing Information referring to your co-workers or friends with us. Additionally, for the use of Twist or Twist Unlimited, please make sure you have all permissions and rights to upload the Information required on Twist.
-
Information regarding your use of the Services , such as app use information, interactions with our team, and transaction records.
-
-
Information received from third parties.
- Information we receive from third party platforms: when you register through a third party account (such as Facebook or Google) or when you connect other apps to our Services (such as Slack and Dropbox), we receive Information which may include your username, email address, and profile picture.
- Information from platforms our Services relies on , such as for transaction information and payment verification.
Children
Our Services are not targeted at children, and we do not knowingly collect Information from children under the age of 13. If you learn that a child has provided us with Information in violation of this Policy, please contact us as indicated below.
2. How we use your personal information
We use your Information to: Provide you with the Services. We will use your Information to perform our contractual obligation towards you to allow you to create an account and use the Services. The Information we process when doing so includes your registration information, information you provide to us when using the Services, identifiers, information you generate when using the Services, and information regarding your use of the Services such as transaction information. We also use your Information when you activate certain features of the Services, such as your Geolocation information when you use the location reminder feature. If you are a user of Todoist Pro, Todoist Business and Twist Unlimited, we will use your Payment Information for payment processing purposes as well as sales tax collection and reporting as required by law.
- Improve and monitor the Services. It is in our legitimate interests to improve our Services for our customers. When doing so, we may collect information we automatically collect or is generated about you when you use the Services, as well as non-personal information about your device such as device manufacturer, model and operating system, and the amount of free space on your device.
- Provide you with support and to respond to your requests or complaints. If you reach out to us for support, we will use your Information to respond to and resolve your queries and complaints and facilitate support (e.g. retrieval of a forgotten password). When doing so, we perform our contractual obligation towards you. The Information we process when doing so includes your registration information, your identifiers, and any other information about you collected via our customer support channels.
- Conduct analytics. It is in our legitimate interests to analyse the use of, and any other interaction or interest in our Services. When doing so we will process information we automatically collect or is generated about you when you use the Services to create anonymised and aggregated data regarding your App usage.
- Send you newsletters about product news, tips and tricks, daily productivity reports that may be of interest to you. We will send you emails with daily reports, opt-in newsletters with product news, and tips and tricks to use our Services. When doing so, we process your registration information. Your consent can be withdrawn at any time by following the unsubscribe mechanism at the bottom of each communication.
- Prevent fraud, defend Doist against legal claims or disputes, enforce our terms and to comply with our legal obligations. It is in our legitimate interest to protect our interests by (1) monitoring the use of the Services to detect fraud or any other user behaviour which prejudices the integrity of our Services, (2) taking steps to remedy aforementioned fraud and behaviour, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will process the Information relevant in such a case, including information you provide us, information we automatically collect about you, and information which is provided to us by third parties.
- Conduct surveys. From time to time, we may ask you to participate in surveys we conduct which are in our legitimate interest because they help us understand our userbase and improve the Services. If you participate, we process your registration information and any other information collected through the survey questions.
3. How we use cookies and similar technologies
Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. They contain information that is transferred to your computer‘s hard drive.
Our Services uses Cookies to collect information about your browsing activities and to distinguish you from other users of our Services. This aids your experience when you use our Services and also allows us to improve the functionality of our Services.
We use the following cookies:
-
Strictly necessary cookies: Some cookies are strictly necessary to make our Services available to you; for example, to perform your login functionality and for user authentication and security. We cannot provide you with the Services without this type of cookies.
-
Functional cookies : These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
-
Analytical or performance cookies. We also use cookies for analytics purposes in order to operate, maintain, and improve our Services. We use third party analytics providers, including Google Analytics and Mixpanel, to help us understand how users engage with the Services. Google Analytics uses first-party cookies to track user interactions which helps show how users use our Services. This information is used to compile reports and to help us improve our Services. The reports disclose Website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our Website by going to https://tools.google.com/dlpage/gaoptout or via Google‘s Ads settings.
You can block cookies by setting your internet browser to block some or all cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to use our Services.
Except for essential cookies, all cookies will expire after maximum 2 years.
We share your Information with selected third parties, including:
-
Other users who will see your profile information and any other information you choose to share with them through the Services.
-
Vendors and service providers we rely on for the provision of the Services , for example:
-
Cloud service providers who we rely on for data storage, including Microsoft Azure and Amazon Web Services who are based in the U.S.;
-
Customer support solution providers , who help us manage and respond to our customer questions and complaints. This includes Zendesk Inc., which is based in the U.S. and which hosts our customer support function; and
-
Analytics providers. We work with a number of analytics, segmentation and mobile measurement service providers who help us understand our userbase. This includes Google LLC, which is based in the U.S. You can learn about Google‘s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
-
Third Parties Service Integrations. When you connect third party apps to the Apps, you authorize us to share designated information and data created and/or uploaded by you to our server with these third party services of your choice on your behalf.
-
Communications platform providers , who help us manage and send newsletters to you in relation to the Services. This includes SendGrid, Mailgun and MailChimp which are based in the U.S.
-
Payment processors , such as Stripe . This payment processor is responsible for the processing of your Information, and may use your Information for their own purposes in accordance with their privacy policies. More information is available at https://stripe.com/gb/privacy for Stripe.
-
Law enforcement agencies, public authorities or other judicial bodies and organisations. We disclose Information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection).
-
Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your Information as part of that transaction.
Although we have in place security measures to maintain the privacy and integrity of your Information, the transmission of Information via the internet is not completely secure. We may also take extra steps to protect your Information and minimise the Information we process. For example, when we store your Information, we use AES 256 encryption, and when we send or receive your Information, it is encrypted with TLS 1.1 or above. Additionally, we are not responsible for how third party integration services may collect, use or share the Information you send from the Apps. Please review the privacy policy of such third party integration partners before connecting those services to the Apps.
5. Where we store your information
Your Information will be processed by our employees and service providers in the U.S. We take steps to ensure all transfers are protected by adequate safeguards, including the standard contractual clauses approved by the European Commission.
6. How long we store your information
Your Information is kept for as long as necessary to achieve the purposes set out above. Generally, it is stored for as long as you are registered and using our Services, and then for up to 6 years from the date you stop using the Services, or promptly following a valid erasure request (see below Your Rights: Erasure section). Some information we collect will be stored for longer where we have an overriding legitimate interest to retain such information (for example, information on suspicious behaviour of certain users of our Services and transaction records).
When deleting Information, we will take measures to make the Information irrecoverable or irreproducible, and electronic files which contain Information will be deleted permanently.
7. Your rights
If you are based in the EEA, you have certain rights in relation to your Information. You will find more information below on when which rights can apply. To exercise your rights, please contact us at https://todoist.com/contact.
-
Access. You have the right to access Information, and to receive an explanation of how we use it and who we share it with. We provide full access to your Information via our API here:
Please note that payment information and integrations are not available via our API. In the case you want to obtain this information, please contact customer service at https://todoist.com/contact or https://twist.com/contact, (depending on which Doist Service product you are using). The right to access is not absolute. For example, we cannot reveal trade secrets, or give you Information about other individuals.
-
Erasure. You have the right to delete your account and erase your Information and upon deleting your account, all your Information will be removed from our production systems. Usually, only an encrypted copy of your Information will remain on our backup archives for 90 days, although we reserve the right to retain some of your Information where there are valid grounds for us to do so under data protection laws. For example, for the defence of legal claims, respect freedom of expression, or where we have an overriding legitimate interest to do so.
Note that where the Information is held by a third party data controller, such as a payment processor, we will use reasonable steps to inform them of your request, but we recommend you contact them directly in accordance with their own privacy policies to ensure your personal data is erased.
-
Objection. You may have the right to object to our processing of you Information. This is the case where we process such Information on the basis of our legitimate interests (see above under How we use your personal information section), or where the Information is used for direct marketing purposes. You may exercise this right as follows:
-
To stop receiving marketing newsletters: You may withdraw your consent through the unsubscribe mechanism at the bottom of each communication.
-
To stop our cookies being placed for either advertising or analytics purposes: please change your device or browser settings.
-
To object to all other processing based on our legitimate interests, please contact us at https://todoist.com/contact. Please note that we may have an overriding legitimate interest to keep processing your Information, but we will let you know where this is the case.
Other rights
You also have the following rights:
- Portability. You have the right to receive a copy of Information we process on the basis of consent or contract in a structured, commonly used and machine-readable format, or to request that such Information is transferred to a third party.
- Correction. You have the right to correct any Information held about you that is inaccurate.
- Restriction. You have a right in certain circumstances to stop us processing Information other than for storage purposes.
We welcome questions, comments and requests regarding this Policy. For additional details and frequently asked questions about our policies, please read our Security, Privacy and GDPR FAQs.
If you wish to make a complaint about how we process your Information, please contact us at https://todoist.com/contact and we will endeavour to deal with your complaint as soon as possible. This is without prejudice to your right to launch a claim with a data protection authority. You can also send an email to us at [email protected]. Alternatively, if you are based in Europe, you can send an email to our EU representative, DataRep at [email protected] or by filling out this form.
9. Changes
If we make any material changes to this Policy, we will post the updated Policy here and notify our users through the Services and/or newsletters. Please check this page frequently to see any updates or changes to this Policy.