This Privacy Policy explains how Odoki Ltd (“Odoki”, “we”, “us”, “our”) collects, uses, stores and shares personal data when you use our website at https://odoki.com and our mobile app “Odoki Method” (together, the “Services”).
If you have any questions, or you would like to exercise your rights, please contact us at [email protected].
Who we are
- Controller: Odoki Ltd (registered in the United Kingdom)
- Contact email: [email protected]
What information we collect
Depending on how you use the Services, we may collect the following:
Account and profile information
- Email address (required)
- Name (if you choose to provide it)
- Optional password (if you choose to set one). We also support passwordless login via email “magic links”.
Chatbot conversations
If you use chatbot features in the Services, we store the content of your conversations (including messages you send and the responses you receive).
Guide session notes
If you participate in sessions with guides, guides may record free‑text notes about the session for their own use.
- These notes are intended to be visible only to the relevant guide.
- Our administrators do not access these notes in the normal course of business, although (as with most hosted systems) privileged system access could technically allow access for troubleshooting, security, or legal purposes.
Automatically collected information
When you use the Services, we may automatically collect:
- Technical and usage information (for example: device type, browser type, pages/screens viewed, and approximate usage timestamps)
- IP address and related log data may be processed as part of operating and securing the Services
Cookies and similar technologies
We use:
- Cookies or similar technologies that are strictly necessary for login/session functionality
- Google Analytics to understand how the Services are used
We do not use marketing cookies.
Special category and sensitive information
We do not ask you to provide special category data (such as health data). However, because our Services may feel similar to spiritual guidance and involve personal reflection, you may choose to share sensitive information in chatbot conversations or session contexts.
If you choose to share sensitive information, you do so at your discretion.
How we use your information
We use personal data to:
- Provide, maintain, and improve the Services
- Create and manage your account and authenticate you (including via magic links)
- Store and display your chatbot conversations
- Enable guide sessions and store guide notes (accessible only to the relevant guide)
- Monitor, protect, and secure the Services (including detecting abuse, preventing fraud, and troubleshooting)
- Communicate with you about the Services (for example, account and login emails)
Legal bases for processing (UK GDPR)
Where UK GDPR applies, we process personal data under the following legal bases:
- Contract: to provide the Services you request (for example, creating your account and providing access to features)
- Legitimate interests: to operate, secure, and improve the Services, and to prevent misuse
- Consent: where required (for example, for analytics cookies depending on your configuration and applicable law)
Who we share information with
We do not sell your personal data.
We may share personal data with:
- DigitalOcean (hosting): your data is stored on servers located in the United Kingdom
- Google Cloud Storage (backups): backups may be stored in Google Cloud Storage
- Google Analytics: to measure and understand usage of the Services
- Google (Gmail API): to send account and login-related emails
We may also disclose information if required to comply with law or to protect our rights, users, and the Services.
Payments
Donations/payments can be made when you are logged in using a Stripe payment button. Payment details are processed by Stripe and are not stored by us within the Services.
Data retention
We currently do not have fixed retention periods for all categories of data.
In general, we retain personal data for as long as necessary to:
- Provide the Services to you
- Maintain the security and integrity of the Services
- Comply with legal obligations
If you would like us to delete your account or specific data, please contact [email protected].
Your choices and rights
Depending on where you live, you may have rights such as:
- Access to your personal data
- Correction of inaccurate data
- Deletion of your data
- Objection to or restriction of certain processing
- Data portability
To exercise your rights, contact [email protected]. We may need to verify your identity before completing your request.
Children
The Services are not directed to children and we do not knowingly collect personal data from children.
If you believe a child has provided us personal data, please contact [email protected].
Security
We take reasonable measures to protect personal data.
- Data in transit is protected using TLS.
- Backups stored in Google Cloud Storage are encrypted by Google.
No system can be guaranteed 100% secure, and you use the Services at your own risk.
International users
We are based in the United Kingdom and store primary data on UK-hosted infrastructure. If you access the Services from outside the UK, your information may be processed in the UK and in other locations used by our service providers.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page with an updated effective date.
Contact
For privacy or security questions, or to request deletion of your data, contact: