Privacy Policy

Last updated: March 9, 2026

Donno ("donno.ai", "we", "us", or "our") operates the donno.ai website and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your email address and any profile information you provide. If you sign up via a third-party OAuth provider (e.g., Google, GitHub), we receive your name, email, and profile picture from that provider.

Connected Account Credentials

To provision infrastructure on your behalf, we temporarily store OAuth tokens and API keys for services you connect (GitHub, Supabase, Vercel, Stripe, Resend). These credentials are:

  • Encrypted at rest using AES-256-GCM encryption
  • Used only during the provisioning process
  • Revocable by you at any time through the connected service
  • Never shared with third parties

Project Configuration Data

We store the project configuration you provide through our wizard (project name, description, stack choices, pricing tiers) to execute provisioning and display project status in your dashboard.

Usage Data

We automatically collect standard usage data including IP address, browser type, pages visited, and timestamps. This data is used to improve our service and diagnose technical issues.

2. How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Provision infrastructure in your connected accounts
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password resets)
  • Respond to support requests
  • Improve and optimize our service

3. How We Share Your Information

We do not sell your personal information. We share data only with:

  • Service providers: Supabase (database/auth), Stripe (payments), Vercel (hosting), and Resend (email) as necessary to operate our service
  • Your connected services: We send API requests to services you explicitly connect (GitHub, Supabase, Vercel, Stripe, Resend) to provision your infrastructure
  • Legal requirements: If required by law, court order, or governmental authority

4. Data Security

We implement industry-standard security measures including encrypted credential storage (AES-256-GCM), HTTPS for all communications, and row-level security on our database. However, no method of electronic transmission or storage is 100% secure.

5. Data Retention

We retain your account data for as long as your account is active. Project data and provisioning logs are retained indefinitely for your reference. You can request deletion of your account and all associated data by contacting us.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke connected account access at any time
  • Export your project data

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. If you enable analytics (PostHog or Plausible) in your provisioned projects, those services have their own cookie policies.

8. Children's Privacy

Our service is not directed to individuals under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@donno.ai.