Privacy Policy

Table of Contents

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Retention
Data Sharing
Your Rights
Children's Privacy
DobrOS is NOT a medical service
Security
Cookies & Analytics
Changes to This Policy
Contact Us

Human Summary (TL;DR)

Hi! This is a short summary for easy orientation. The full text below is legally binding.

We care about your privacy. Your data (journal entries, moods) are stored securely.
We only collect what is strictly necessary for the app to function properly.
We never sell your data to third parties and we do not use it for advertising.
In the Czech Republic you may use the app independently from age 15; in countries where local law requires a higher age, that higher age applies.
We do not replace professional psychological or medical care. If you are not feeling well, please seek a professional.

Who We Are

DobrOS is a mental wellbeing application currently operated by Ing. Alexander Frič (OSVČ — Czech sole trader, IČO: 05939470), based in Praha, Czech Republic ("DobrOS", "we", "us", "our"). If the operator of the application changes in the future, we will inform you in advance within the application.

Data Controller:
Ing. Alexander Frič (OSVČ)
IČO: 05939470
Praha, Czech Republic
Email: privacy@dobros.cloud

As the data controller, we are responsible for deciding how and why your personal data is processed. If you have any questions about this Privacy Policy or our data practices, please contact us at the email above.

The supervisory authority for data protection in the Czech Republic is the Úřad pro ochranu osobních údajů (ÚOOÚ), which you may contact at www.uoou.cz if you have concerns about how we handle your data.

Data We Collect

We collect only the data that is necessary to provide and improve the DobrOS service. Here is a complete breakdown:

2.1 Account Data

Data	Source	Purpose
Name	Google / Apple Sign-In	Personalizing your experience
Email address	Google / Apple Sign-In	Account identification, communication
User ID	Generated at registration	Account management
Registration date	System	Account management

2.2 Wellbeing & App Data

Data	Source	Purpose
Habits (names, frequencies, completion)	You enter it	Habit tracking, streak calculation
Journal entries	You write it	Reflective journaling feature
Mood logs	You submit it	Mood tracking, insights
Mind game scores	App generated	Brain Profile calculation
Deep Work sessions	App generated	Productivity tracking
OKR / Goal data	You enter it	Goal management
Course progress	App generated	Learning feature
XP, levels, badges	App generated	Gamification, motivation

2.3 Technical Data

Data	Source	Purpose
Device type and OS version	Your device	App compatibility, bug fixing
App version	App	Version management
Crash logs and error reports	Firebase Crashlytics	Stability improvements
App usage events	Firebase Analytics	Feature improvement, understanding usage patterns
Push notification tokens	Firebase Messaging	Sending notifications you've enabled

What we do NOT collect: We do not collect your location, contacts, microphone input, camera input, or any biometric data in the current version of DobrOS. Any future collection of biometric or health data will require your separate, explicit consent and will be covered by an updated Privacy Policy.

2.4 Special Categories (GDPR Art. 9)

Mood entries and journal text can reveal information about your mental state. We therefore treat them as special category data under Article 9 GDPR. The basic legal basis under Article 6 GDPR is performance of contract (providing the app features); we process this special category of data only on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you give at sign-up and can withdraw at any time.

Under Czech Act No. 110/2019 Coll., § 7, the digital age of consent in the Czech Republic is 15 years. Users aged 15-17 in the Czech Republic can therefore provide their own explicit consent to the processing of special-category data. In countries where local law requires a higher age for independent consent, that higher age applies. For users below the applicable age threshold, parental consent under Art. 8 and Art. 9 GDPR is required.

How We Use Your Data

We use your data only for the purposes described below. We never sell your data to third parties. We do not use your data for advertising targeting.

Providing the service: Storing your habits, journal entries, mood data, and progress so you can access them across devices and over time.
Personalizing your experience: Calculating your Brain/Mind Profile, streaks, XP, and badges based on your activity.
Improving the app: Analyzing aggregated, anonymized usage data to understand which features are used most and where users encounter problems.
Sending notifications: Reminders and check-ins that you have explicitly enabled in the app settings.
Ensuring security: Detecting and preventing fraudulent activity, abuse, and technical failures.
Customer support: Responding to your requests, questions, and feedback.
Legal compliance: Meeting our obligations under applicable law.

Legal Basis for Processing

Under GDPR, we must have a valid legal basis for each type of data processing. Here is ours:

Processing Activity	Legal Basis
Creating and maintaining your account	Performance of a contract (Art. 6(1)(b))
Storing your habits, journal, mood, and app data	Performance of a contract (Art. 6(1)(b))
Mood entries and journal text (special category)	Performance of contract (Art. 6(1)(b)) + explicit consent (Art. 9(2)(a)) — consent withdrawable anytime in settings
Sending push notifications you have enabled	Consent (Art. 6(1)(a)) — withdrawable anytime in settings
Analytics and app improvement	Legitimate interests (Art. 6(1)(f)) — we balance this against your rights
Crash reporting and security	Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

Note on consent: Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. Withdrawing consent may affect certain app features.

Data Retention

We keep your data for as long as your account is active or as long as necessary to provide the service. Here are the specific retention periods:

Data Type	Retention Period
Account data and app content (habits, journals, etc.)	Until you delete your account
Analytics and usage events	14 months (Firebase default, then automatically deleted)
Crash logs	90 days
Support correspondence	3 years from last contact
Financial records (if applicable)	10 years (Czech accounting law requirement)
Data after account deletion	Deleted within 30 days of account deletion request

When you delete your account, all personal data is permanently deleted from our systems within 30 days, except for data we are required to retain by law (such as financial records).

Data Sharing & Third Parties

We do not sell, rent, or share your personal data with third parties for their own marketing purposes. We use the following service providers who process data on our behalf:

Provider	Purpose	Location
Google Firebase	Database, authentication, analytics, crash reporting, notifications	EU (europe-west3, Frankfurt, Germany)
Google LLC	Sign-in via Google	USA (EU Standard Contractual Clauses apply)
Apple Inc.	Sign-in via Apple, iOS platform	USA (EU Standard Contractual Clauses apply)

All data stored on Firebase is kept within the EU (Frankfurt, Germany data center). Where processing occurs outside the EU (e.g., authentication infrastructure), we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

We may also disclose your data if required by law, court order, or to protect the rights, property, or safety of DobrOS, our users, or the public.

Your Rights

Under GDPR, you have the following rights regarding your personal data. You can exercise all of them by contacting us at privacy@dobros.cloud. We will respond within 30 days.

📋 Right of Access

Request a copy of all personal data we hold about you (GDPR Art. 15).

✏️ Right to Rectification

Ask us to correct inaccurate or incomplete data (GDPR Art. 16).

🗑️ Right to Erasure

Ask us to delete your personal data ("right to be forgotten") (GDPR Art. 17).

⏸️ Right to Restriction

Ask us to stop processing your data in certain circumstances (GDPR Art. 18).

📦 Right to Portability

Receive your data in a machine-readable format to transfer elsewhere (GDPR Art. 20).

🚫 Right to Object

Object to processing based on legitimate interests (GDPR Art. 21).

↩️ Right to Withdraw Consent

Withdraw consent for consent-based processing at any time.

⚖️ Right to Complain

Lodge a complaint with the ÚOOÚ at www.uoou.cz.

Account deletion: The fastest way to delete all your data is to use the "Delete Account" feature in the app (Settings → Account → Delete Account) or visit dobros.cloud/delete. All data will be permanently removed within 30 days.

Children's Privacy

In line with Czech Act No. 110/2019 Coll., § 7, the minimum age for independent use of the app in the Czech Republic is 15 years. In countries where local law requires a higher age for independent consent, that higher age applies.

Users aged 18+: can use the app independently.
Users aged 15-17 in the Czech Republic: can use the app independently. We recommend, but do not require, discussing the app with a parent or legal guardian, especially during difficult periods.
Users below 15 in the Czech Republic (or below the applicable local age threshold in another country) may not create an account themselves. The account is created by a parent or legal guardian, who also gives consent to personal-data processing.

If we learn that someone below the applicable age threshold has signed up independently without parental consent, we delete the account without undue delay. If you believe a child has signed up in this way, please contact privacy@dobros.cloud.

DobrOS is NOT a medical service

DobrOS provides wellbeing education, self-reflection tools, and brain training. It is not a medical device, medical advice, diagnosis, therapy, or treatment, and it does not replace professional care by a physician, psychologist, or psychotherapist.

In case of acute psychological distress, suicidal thoughts, or immediate danger to life, please contact a crisis line immediately or call 112.

The data you keep in the app is not a medical record, is not a professional opinion, and cannot be used as medical evidence. If you are experiencing difficult mental states, please consult a physician, psychologist, or a crisis helpline.

Crisis lines (Czech Republic, all free and available 24/7):

Linka bezpečí: 116 111 — nationwide line for children, teenagers, and students up to age 26
First Psychological Help Line: 116 123 — for adults in crisis
For seniors (Život 90): 800 157 157
Emergency line: 112 — for immediate danger to life

Outside the Czech Republic please contact your national crisis helpline or call your local emergency number.

Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, destruction, or alteration.

Encryption in transit: All data transmitted between the app and our servers uses TLS 1.2 or higher.
Encryption at rest: Data stored in Firebase is encrypted at rest by Google.
Access control: Access to personal data is restricted to authorized personnel on a need-to-know basis.
Firebase Security Rules: Server-side rules ensure users can only access their own data.
Authentication: We use Google and Apple's authentication infrastructure — we never store passwords.

Despite these measures, no system is 100% secure. If a personal-data breach occurs, we assess the risk, document the incident, and where required by Art. 33 GDPR notify the Czech Data Protection Authority (ÚOOÚ) normally within 72 hours after becoming aware of it. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay (Art. 34 GDPR).

Cookies & Analytics

The DobrOS mobile app does not use browser cookies. We use Firebase Analytics to collect anonymized, aggregated data about how the app is used. This data does not identify you individually and is used solely for app improvement.

The DobrOS website (dobros.cloud) may use essential cookies required for its operation. We do not use advertising cookies or third-party tracking cookies. If you access DobrOS as a Progressive Web App (PWA), the same principles apply.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you in the app and update the "Last Updated" date at the top of this page.

For material changes that affect how we use your personal data, we will seek your renewed consent where required by law. Continued use of the app after notification of changes constitutes your acceptance of the updated policy, to the extent permitted by law.

We encourage you to review this policy periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Ing. Alexander Frič (sole proprietor / OSVČ)
Company ID (IČO): 05939470
Registered office: Praha, Czech Republic
Data protection contact: privacy@dobros.cloud
Legal questions: legal@dobros.cloud
Website: dobros.cloud

If the operator of the application changes in the future, we will inform you in advance within the application.

We aim to respond to all requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Úřad pro ochranu osobních údajů (ÚOOÚ):

Pplk. Sochora 27
170 00 Prague 7
Czech Republic
www.uoou.cz

Questions about your data?

We're here to help. Reach out anytime — we respond within 30 days.

📧 privacy@dobros.cloud 🗑️ Delete My Account 💬 Support