Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how Doveth (“we,” “us,” or “our”) collects, uses, stores, shares, and protects your personal information when you access or use the Doveth platform and all related services (collectively, the “Service”). Doveth is a UDYAM-registered enterprise operating under the laws of India, serving users globally through doveth.com.

By creating an account, accessing the Service, or otherwise providing your information to Doveth, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must not use the Service. This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Platform.

We are committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy applies to all Users, Verified Users, visitors, and any other persons who interact with the Service in any capacity.

2. Information We Collect

Account Registration Data

When you create an account, we collect your full name, email address, password (stored in securely hashed form and never in plain text), date of birth, gender, city, and country. Your email address is used as a primary account identifier and may not be changeable after registration.

Profile Data

Information you choose to provide to build your profile, including biography, profile photo, additional photos, profession, education level, lifestyle interests, personal values, and stated connection preferences. Optional extended profile fields may include lifestyle routines, communication style reflections, relationship philosophy, boundaries and privacy preferences, and other descriptive information voluntarily submitted by you.

Q&A and Community Content Data

Questions, answers, votes, bookmarks, and comments you submit on the Platform. Category and tag selections associated with your posts. Whether you chose to post anonymously. Reputation scores calculated based on your community engagement, such as upvotes received and answers accepted by other users.

Communication Data

Messages you send or receive through the Platform, including text, images, videos, audio messages, and document files. We also collect related metadata such as timestamps, delivery status, and interaction history.

Connection and Safety Data

Information relating to connection requests (sent, received, accepted, or declined), your Circle (accepted connections), blocks, and reports submitted by or about you. We may maintain internal safety or trust indicators to support moderation, fraud prevention, and platform integrity.

Usage and Technical Data

Information collected automatically, including IP address, browser type and version, device type, operating system, referring URLs, pages viewed, features used, login timestamps, and general usage patterns for security, analytics, and service improvement purposes.

3. How We Collect Information

Directly from you: When you register an account, complete your profile, upload photos, send messages, submit reports, provide feedback, or otherwise interact with the Service. All information you voluntarily provide during your use of the Platform is collected directly from you.

Automatically: When you access or use the Service, we automatically collect certain technical and usage information through server logs, cookies, and similar technologies. This includes your IP address, browser information, device characteristics, and general usage patterns.

From third-party services: We may use third-party analytics and infrastructure services to operate the Platform. These services may provide us with aggregated usage data and technical diagnostics.

4. Lawful Basis for Processing (GDPR)

For Users located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a lawful basis for processing personal data, we process your information on the following legal bases:

Performance of a Contract: Processing necessary to provide the Service to you, including account management, Q&A platform features, messaging functionality, profile display, connection management, and delivery of core Platform features pursuant to our Terms of Service.

Legitimate Interests: Processing necessary for our legitimate business interests, including platform safety, fraud prevention, abuse detection and prevention, internal analytics and service improvement, trust scoring, and content moderation. We balance these interests against your rights and freedoms and do not process your data where our interests are overridden by your rights.

Consent: Where we rely on your consent for specific processing activities, such as optional marketing communications or certain optional profile features. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

Legal Obligation: Processing necessary to comply with our legal obligations, including tax record retention, responding to lawful requests from law enforcement or regulatory authorities, and compliance with applicable data protection laws.

Indian Data Protection Law: For Users in India, your personal data is processed in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act), as applicable. You have the right to withdraw consent, request correction of inaccurate data, and request erasure of your personal data, subject to the provisions of applicable law.

5. How We Use Your Information

We use the information we collect for the following purposes: (a) operating, maintaining, and providing the Service; (b) creating, authenticating, and managing your account; (c) displaying your questions, answers, and profile to other users and public visitors; (d) enabling connection requests and private messaging between mutual Circle connections; and (e) sending service-related notifications, including connection requests, message alerts, security alerts, and moderation updates.

We also use your information for: (f) maintaining platform integrity and internal safety monitoring; (g) content moderation, abuse prevention, and fraud detection; (h) responding to support inquiries and service requests; (i) improving, developing, and enhancing Platform features; (j) analyzing usage trends, engagement metrics, and performance; (k) complying with legal obligations and enforcing our Terms; and (l) protecting the rights, safety, and property of Doveth, our users, and the public.

We process profile, discovery, and interaction data to enable Verified Users to discover and communicate with one another. This processing supports the functionality of the Platform and does not constitute a guarantee of compatibility, mutual interest, or any specific outcome.

6. Q&A and Community Content Data

Doveth is a free relationship Q&A platform. Questions, answers, votes, and other community content you submit are stored on Doveth’s servers to provide the Q&A service and to make this content publicly accessible for the benefit of all users. Questions and answers are publicly visible by default and may be indexed by search engines.

If you choose to post anonymously, your identity is hidden from other users, but Doveth retains the association between your account and your anonymous content for moderation and legal compliance purposes. Reputation scores are calculated based on your community engagement (upvotes received, answers accepted) and are visible on your profile.

Doveth does not collect any payment information. There are no fees, subscriptions, or charges associated with using the Platform. No credit card, debit card, or financial information is required or collected at any point.

7. Chat and Message Data

Chat messages, including text, images, video, audio, and document files, are stored on Doveth’s servers to provide the messaging service and to ensure platform safety. Messages may be reviewed, monitored, or analyzed for the purposes of detecting and preventing violations of our Terms of Service, including harassment, fraud, spam, and illegal activity.

Message delivery statuses (sent, delivered, read) are tracked as part of the messaging feature to provide you with delivery confirmations. Messages that have been deleted by a user (soft-deleted) may be retained temporarily for moderation purposes. All message data associated with your account is permanently removed when your account data is hard-deleted following the applicable retention period described in Section 11.

8. Ratings, Reflections, and Trust Scores

Doveth maintains an internal trust and rating system. Verified Users may rate other Verified Users on a numerical scale. These ratings are strictly internal and are used exclusively for trust monitoring, platform quality assessment, and moderation purposes. Ratings are never displayed publicly, and you cannot view your own rating or the ratings of any other Verified User through the Platform.

Rating data is stored as part of your account information and may be used to inform moderation decisions. Rating data is deleted when your account data is permanently deleted following the applicable retention period.

9. Anonymous Reflections ("Reflect" Feature)

The Platform allows Verified Users to submit anonymous reflections (feedback) about other Verified Users they have interacted with, via the "Reflect" feature. Reflections are intended to provide constructive, respectful, and honest feedback to help improve the quality of the network. While reflections are designed to be anonymous to the recipient, Doveth may retain identifying information (such as user ID, IP address, or account metadata) for moderation, abuse prevention, and legal compliance purposes.

Reflections are subject to moderation and may be reviewed by Doveth staff to detect and prevent abuse, harassment, or violations of our Terms of Service. Doveth reserves the right to remove, redact, or take action on any reflection that violates our policies or applicable law. In the event of a valid legal request, court order, or if required to protect the safety of any person, Doveth may disclose the identity of the author of a reflection to law enforcement or other authorities, as required by law in any applicable jurisdiction.

By using the Reflect feature, you agree to submit only respectful, lawful, and truthful feedback. You acknowledge that anonymity is not absolute and may be lifted in cases of abuse, legal obligation, or safety concerns. Doveth is not responsible for the content of reflections submitted by users, and all users are solely responsible for their own submissions.

10. Data Sharing and Disclosure

We never sell your personal data. Doveth does not sell, rent, trade, or otherwise commercially transfer your personal information to third parties for their marketing or advertising purposes.

We may share your information with the following categories of recipients, solely for the purposes described in this Privacy Policy: (a) Hosting and infrastructure providers — as necessary to operate and maintain the Service; (b) Law enforcement and governmental authorities — when required by a valid court order, subpoena, or legal process under Indian law or applicable foreign law, or where we reasonably believe disclosure is necessary to protect the safety of any person or to prevent imminent harm; (c) Legal proceedings — to defend against legal claims, enforce our Terms of Service, or protect the rights and property of Doveth; (d) Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, in which case you will be notified via email or prominent in-app notice before your information is transferred and subject to a different privacy policy.

Your profile information (name, age, city, bio, photos, and other profile details) may be visible to other Verified Users on the Platform. Content you submit, including chat messages, ratings, reports, and reflections, may be reviewed or disclosed to comply with legal obligations, protect the safety of users, or respond to valid requests from authorities in any jurisdiction.

11. Cookies and Tracking Technologies

Doveth uses cookies and similar technologies for the following purposes: (a) Essential cookies — required for authentication, session management, and security. These cookies are strictly necessary for the Service to function and cannot be disabled; (b) Functional cookies — used to remember your preferences, such as theme settings and notification preferences; (c) Analytics cookies — used to understand usage patterns, Platform performance, and to improve the Service.

Doveth does not use third-party advertising cookies or tracking pixels. We do not serve advertisements on the Platform, and we do not share your information with advertising networks. You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

12. Data Retention Schedule

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The following retention periods apply:

Active accounts: Your data is retained for the duration of your active account. Deleted accounts (soft-delete): Upon account deletion, your data is retained for three (3) months to allow for potential account recovery. During this period, your profile is invisible to other Verified Users. Hard-deleted accounts: After the three-month retention period, all personal data associated with your account is permanently and irreversibly deleted from Doveth’s systems.

Payment records: Not applicable — Doveth does not collect or process any payment information. Moderation records: Reports, moderation actions, and related safety data may be retained for the longer of the account retention period or as required for platform safety and legal compliance. Server logs: Technical server logs are retained for ninety (90) days and then automatically purged. Email verification and password reset tokens: These are single-use and are automatically invalidated or purged after use or expiration (password reset tokens expire after one hour).

13. Data Security

We implement a range of technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption of data in transit using TLS/SSL protocols; secure password hashing using industry-standard algorithms (bcrypt); role-based access controls limiting data access to authorized personnel only; authentication middleware and security guards protecting all API endpoints; and regular security assessments and monitoring.

While we take reasonable steps to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data, and you acknowledge and accept this inherent risk when using any online service. In the event of a security incident, we will follow the procedures described in Section 17 (Data Breach Notification).

14. Your Rights Under GDPR (EEA Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and applicable local data protection laws:

Right of Access: You have the right to request a copy of the personal data we hold about you. Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly through Settings. Right to Erasure (“Right to Be Forgotten”): You have the right to request deletion of your personal data. You can initiate account deletion through Settings, which triggers our standard deletion process (3-month soft-delete followed by permanent hard-delete).

Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. Right to Object: You have the right to object to processing of your personal data based on our legitimate interests. Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Doveth does not currently make automated decisions that produce such effects.

Right to Withdraw Consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To exercise any of these rights, please contact us at support@doveth.com with “GDPR Rights Request” in the subject line. We will respond to your request within thirty (30) days. You also have the right to lodge a complaint with your local data protection supervisory authority.

15. Your Rights Under CCPA (California Residents)

If you are a resident of the State of California, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information. Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions permitted by law. Right to Opt-Out of Sale: Doveth does NOT sell your personal information. We have never sold personal information and have no plans to do so. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of personal information we collect: Identifiers (name, email, IP address); community content (questions, answers, votes); internet or other electronic network activity (usage data, browsing history within the Service); geolocation data (city, country); sensory data (photos, videos, audio messages); and inferences drawn from the above categories (internal trust ratings). To exercise your CCPA rights, contact us at support@doveth.com with “CCPA Rights Request” in the subject line. We may ask you to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

16. International Data Transfers

Doveth is based in India and primarily stores and processes data on servers that may be located in India or other countries. If you access the Service from outside India, please be aware that your information may be transferred to, stored, and processed in India or other jurisdictions where our hosting providers operate, where data protection laws may differ from those in your country of residence. By using the Service, you consent to the transfer of your information to India and such other jurisdictions as necessary for the provision of the Service.

For Users in the European Economic Area (EEA) or the United Kingdom, we implement appropriate safeguards for international data transfers in accordance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission where required. For Users in India, your data is processed in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act). If you have questions about international data transfers, please contact us at support@doveth.com.

17. Children’s Privacy

Doveth is not intended for use by anyone under the age of eighteen (18). We do not knowingly collect, solicit, or store personal information from anyone under the age of 18. If we become aware that we have collected personal information from a person under 18, we will take immediate steps to terminate that person’s account and permanently delete all associated data. If you use the Reflect or any other feedback feature, you must comply with all applicable laws and platform rules, and you are solely responsible for your submissions.

If you are a parent or legal guardian and believe that your child under 18 has provided personal information to Doveth, please contact us immediately at support@doveth.com so that we can take appropriate action. We will promptly investigate and, if confirmed, delete the child’s data and terminate the account.

18. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Doveth will notify affected Users without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with applicable data protection laws (including GDPR Article 33 where applicable). For breaches involving Indian users or Indian infrastructure, Doveth will also report the incident to the Indian Computer Emergency Response Team (CERT-In) within six (6) hours as required by the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (as amended).

Breach notifications will be delivered via email to the address associated with your account, and where appropriate, via in-app notification. Notifications will include: the nature of the breach; the categories and approximate number of individuals and data records affected; the likely consequences of the breach; the measures taken or proposed to address the breach and mitigate its effects; and contact information for obtaining further information. We will also notify the relevant supervisory authorities as required by law.

19. Changes to This Policy and Contact Information

Doveth reserves the right to update or modify this Privacy Policy at any time at its sole discretion. For material changes, we may, but are not obligated to, provide notice via email or in-app notification at our discretion. The “Last updated” date at the top of this Privacy Policy will be revised to reflect the date of the most recent changes. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. It is your responsibility to review this Privacy Policy periodically. Use of the Platform, including the Reflect feature and all user-generated content, is subject to all applicable local, national, and international laws. Doveth will comply with valid legal requests from authorities in any jurisdiction and may restrict or remove features to comply with law.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@doveth.com. For privacy-related correspondence, please include “Privacy Policy Inquiry” in the subject line. For GDPR or CCPA rights requests, please use the appropriate subject line as described in Sections 14 and 15 respectively.