Terms of ServicePrivacy PolicyCookie PolicyAcceptable UseDMCAContact

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains how Doable Works LLC (“Doable,” “we,” “us,” or “our”) collects, uses, and protects information when you use the Doable platform at doable.me, dev.doable.me, and related services (the “Service”).

1. Information We Collect

Information you provide

  • Account information: name, email address, password (hashed with Argon2id), and optionally a profile photo
  • OAuth identity: if you sign in with GitHub or Google, we receive your basic profile (name, email, avatar)
  • User Content: projects, prompts, code, files, chat messages, and other content you create or upload
  • Payment information: processed by Stripe; we receive billing metadata but never your full card number
  • Communications: support requests, feedback, and any other messages you send us

Information collected automatically

  • Usage data: pages visited, features used, AI prompts and responses, errors encountered, timestamps
  • Device and connection: IP address, browser type, operating system, device identifiers
  • Cookies and similar: see our Cookie Policy

Information from third parties

  • OAuth providers (GitHub, Google) when you connect those accounts
  • Stripe for billing and subscription status
  • Integration partners that you authorize Doable to connect with on your behalf

2. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To process AI requests by sending prompts and context to AI providers (Anthropic, OpenAI, GitHub Copilot) you have selected
  • To process payments and manage subscriptions
  • To communicate with you about the Service, billing, and support
  • To detect, investigate, and prevent fraud, abuse, and security incidents
  • To improve the Service and develop new features
  • To comply with legal obligations

3. AI Providers and Your Prompts

When you use AI features, your prompts and project context are sent to the AI provider you have configured (Anthropic, OpenAI, or GitHub Copilot). Each provider has its own data-handling practices:

We do not use your prompts or generated code to train our own AI models.

4. Information Sharing

We do not sell your personal information. We share information only:

  • With service providers who help us operate the Service (hosting, payment processing, analytics, error monitoring, email delivery), under contractual confidentiality and security obligations
  • With AI providers as necessary to fulfil your requests
  • With integration partners you explicitly authorize
  • For legal reasons when required by law, subpoena, or to protect rights, property, or safety
  • In a business transfer if Doable Works LLC is acquired, merged, or sells assets, in which case we will provide notice

5. Data Retention

We retain your personal information for as long as your account is active and as needed to provide the Service. After you delete your account, we will delete or anonymize your data within 90 days, except where retention is required by law (e.g., billing records) or for legitimate security purposes (e.g., fraud prevention logs).

6. Security

We use industry-standard security measures, including:

  • Argon2id password hashing
  • JWT-based authentication with short-lived access tokens
  • TLS encryption for data in transit
  • Encryption at rest for sensitive credentials (AES-GCM)
  • Network isolation with services bound to localhost only
  • Rate limiting on authentication endpoints
  • Regular security audits

No system is 100% secure. If you suspect a security issue, please contact security@doable.me.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your information (right to be forgotten)
  • Export your information in a portable format
  • Object to or restrict certain processing
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

To exercise these rights, email privacy@doable.me. We will respond within 30 days.

8. International Transfers

Doable Works LLC is based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. Where required, we use Standard Contractual Clauses or other lawful transfer mechanisms.

9. Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact privacy@doable.me and we will delete it.

10. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know, delete, correct, and opt out of “sales” or “sharing” of personal information. We do not sell personal information. To exercise California rights, email privacy@doable.me.

11. European Economic Area Rights (GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases for processing your information are: (a) performance of our contract with you, (b) your consent (which you may withdraw at any time), (c) our legitimate interests in operating and improving the Service, and (d) compliance with legal obligations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. For material changes, we will notify you by email or through the Service.

13. Contact

Questions or requests about this Privacy Policy? Contact our privacy team at privacy@doable.me.

Doable Works LLC
Email: privacy@doable.me