Privacy Policy

Doforu is a desktop application that runs entirely on your local machine. We operate on a BYOK (Bring Your Own Key) model — you provide your own API key from an AI provider (OpenAI, Anthropic, Google, etc.), and all AI requests go directly from your computer to the provider. Doforu does not intermediate, proxy, or log your AI API calls. This architecture means your prompts, code, and files stay on your device unless you explicitly choose otherwise.

When you use Doforu, we may collect the following types of information:

• Account Information — Email address and password provided during registration.
• Usage Data — Anonymous feature usage frequency statistics (e.g., feature invocation counts) and error reports to help us improve the product. No prompts, code, or AI interactions are logged or transmitted. You can disable this at any time in Doforu's settings.
• Payment Information — Securely processed through Creem.io; we do not store full credit card details.

Due to Doforu's local-first architecture, we do not collect:

• Your prompts or instructions — processed entirely on your local machine
• AI model responses — sent directly from the AI provider to your computer
• Your API keys — stored locally on your device
• Your files or code — read/written on your local file system only
• Your browsing history — Doforu does not track your web activity

We use the collected information to:

• Provide, maintain, and improve Doforu services
• Process transactions and send service notifications
• Analyze usage trends to optimize product experience
• Send product updates and marketing communications (opt-out via the unsubscribe link in our emails or by contacting us at any time)

We retain your personal data for the following periods:

• Account information — retained for 90 days after you delete your account, then permanently deleted
• Payment records — retained for 7 years in accordance with tax regulations
• Anonymous usage statistics — retained for up to 36 months for product improvement analysis
• Error reports — retained for up to 90 days for debugging and remediation

After the retention period expires, we securely delete or anonymize your data.

Under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal grounds:

• Performance of a contract (Art. 6(1)(b) GDPR) — To provide the Doforu services you requested, manage your account, and process transactions.
• Legitimate interests (Art. 6(1)(f) GDPR) — To enforce license limits, prevent unauthorized use, and ensure the security and stability of our services.
• Legitimate interests (Art. 6(1)(f) GDPR) — To collect anonymous feature usage statistics to improve product quality and user experience. You can disable this at any time in Doforu's settings.
• Legal obligation (Art. 6(1)(c) GDPR) — To retain payment records as required by tax and financial regulations.

We implement industry-standard security measures to protect your data, including transport encryption (TLS) and encryption at rest. Please note that no method of internet transmission is 100% secure.

Your account information is stored on servers provided by our cloud infrastructure partners, which may be located in the United States and other countries. When we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards to ensure your data receives an equivalent level of protection.

Your AI API requests are sent directly from your computer to the AI provider of your choice and are not processed or stored by Doforu's infrastructure. These transfers are governed by the respective AI provider's privacy policy and data transfer mechanisms.

We share your information with trusted third-party service providers who help us operate and secure our services. These providers are contractually obligated to process your data only as necessary to perform services on our behalf, including:

• Vercel, Inc. — website hosting and server infrastructure (vercel.com)
• Creem.io — subscription and payment processing, acting as our Merchant of Record

We do not sell your personal information to third parties. For a current list of our subprocessors, please contact us at privacy@doforu.ai.

Our website (doforu.ai) uses cookies and similar technologies to enhance your browsing experience and enable essential functions:

• Authentication cookies — to keep you signed in to your account
• Analytics cookies — to understand how visitors use our website (anonymized)

The Doforu desktop application itself does not use cookies. You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

We do not use cookies for advertising or tracking purposes.

Under applicable privacy laws, you have the right to:

• Access, correct, or delete your personal data
• Restrict or object to data processing
• Data portability
• Withdraw consent (where applicable)

To exercise these rights, contact us at: privacy@doforu.ai

If you are a California resident, under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), you have the following rights:

• Right to Know — the categories of personal information we collect, the sources, the purposes, and the third parties we share it with
• Right to Delete — request deletion of your personal information (subject to certain statutory exceptions)
• Right to Opt-Out — opt out of the "sale" or "sharing" of personal information (we do not sell personal information)
• Right to Correct — request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information — restrict the use and disclosure of sensitive personal information
• Right to Non-Discrimination — not be discriminated against for exercising your privacy rights

To exercise your CCPA/CPRA rights, contact us at privacy@doforu.ai with the subject line "CCPA Request". We will respond to your request within 45 days.

We may update this Privacy Policy from time to time. Material changes involving new data processing purposes will be communicated via email or in-app notice, and we will seek your explicit consent where required by applicable law. For non-material changes, continued use of Doforu constitutes acceptance of the updated policy.

General support: support@doforu.ai

Privacy inquiries: privacy@doforu.ai

EU GDPR Representative
Pursuant to Article 27 of the GDPR, we have appointed an authorized representative within the European Economic Area (EEA). EEA users may contact our representative regarding privacy-related matters. To request the representative's contact information, please email privacy@doforu.ai with the subject line "GDPR Representative Request".

Enterprise / Organization Customers
If your organization requires a Data Processing Agreement (DPA), a Subprocessors List, or other compliance documentation for procurement or security review, please contact us at privacy@doforu.ai. We are happy to provide the necessary documentation upon request.