DOYADOYAEOL Directory

Privacy

Privacy Policy

DOYA helps families, caregivers, and professionals navigate end-of-life care. We take privacy seriously — especially because the moments around this app are tender. This policy explains what we collect, why, and what control you have.

Last updated · May 18, 2026

1. Who we are

DOYA — EOL Directory ("DOYA", "we", "our", "us") publishes the DOYA mobile application ("App") on Google Play and the Apple App Store, and operates the website at doya-website.netlify.app. DOYA is based in Atlanta, Georgia, United States.

If you have any question about this policy, email support@doya.directory.

2. What we collect

Information you give us

  • Account details — When you create an account, we collect your email address and a password (stored as a hash via Firebase Authentication). You may optionally provide a display name.
  • Profile content — Anything you choose to save: favorite businesses, articles, wishlist items, cart items.
  • Reviews and ratings — Public content you post about businesses or products is visible to other users.
  • Support requests — Messages you send to us by email.

Information collected automatically

  • Approximate location — If you grant location permission, we use your coarse location to surface professionals near you. We never store your continuous location history.
  • Device & diagnostic data — Crash reports, app version, OS version, and basic device model, collected via Firebase Crashlytics and Google Play services for stability.

Payments

Purchases in the Shop are processed by Stripe. DOYA never sees or stores your full card number, CVV, or bank details. Stripe holds that data under its own privacy policy. We retain only an order record (item, price, timestamp, last 4 of the card) so we can email you a receipt and handle support.

3. How we use information

  • To run the App — show you the directory, save your wishlist, etc.
  • To process and fulfill purchases in the Shop.
  • To improve the App and fix crashes.
  • To reply to you when you contact support.
  • To comply with legal obligations (tax records, fraud prevention).

We do not sell your personal data. We do not use your data to train AI models. We do not run third-party advertising in the App.

4. Who we share information with

We share limited information only with the processors that make the App work:

  • Google Firebase (Authentication, Firestore, Storage, Crashlytics) — stores your account, content, and crash data on our behalf. Firebase privacy.
  • Stripe — payment processing. Stripe privacy.
  • Netlify — hosting of this website. Netlify privacy.
  • Google Play / Apple App Store — distribute the App and run in-app updates and crash diagnostics.

We may also disclose information if required by a valid legal request, to protect rights and safety, or in connection with a merger or sale of the business — in which case you will be notified.

5. How long we keep information

  • Account data — until you delete your account.
  • Order and payment records — 7 years (for tax compliance).
  • Crash logs — up to 90 days.
  • Support emails — up to 2 years.

6. Your rights and choices

You can, at any time:

  • Access a copy of your data — email support@doya.directory.
  • Correct account details from the in-app Profile screen.
  • Delete your account and associated data — see the Account Deletion page.
  • Withdraw location permission from your device settings at any time without losing access to the App.
  • Opt out of analytics by disabling personalized usage diagnostics in your Android or iOS device settings.

If you live in the EU/UK, you have rights under the GDPR including data portability and the right to lodge a complaint with your local supervisory authority. If you live in California, you have rights under the CCPA including the right to know and the right to delete. We honor these for everyone.

7. Children

DOYA is intended for users 18 years and older. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us and we will delete it.

8. Security

Data is transmitted over HTTPS/TLS and stored encrypted at rest by our cloud providers. Access to production systems is restricted to a small number of authorized personnel. No system is perfectly secure — if we ever experience a breach affecting your data, we will notify you within 72 hours of discovery, as required by law.

9. International transfers

Our processors operate globally. Where data is transferred out of your country (for example, EU → US), we rely on Standard Contractual Clauses or the equivalent legal mechanism for that jurisdiction.

10. Changes to this policy

We will post any material changes here and update the "Last updated" date above. If a change materially expands what we collect, we will notify active users in the App and by email before it takes effect.

11. Contact

Questions, concerns, or rights requests: support@doya.directory
DOYA · Atlanta, Georgia, USA