PRIVACY POLICY
Last Updated: May 2026
This policy describes how DoaCam collects, uses, and protects your data, in compliance with the EU General Data Protection Regulation (GDPR) and the EU AI Act (Regulation 2024/1689).
1. Data Controller
The data controller for DoaCam is the DoaCam Team. For any privacy-related inquiries, use the Contact form in this application.
2. What Data We Process
2.1. Data Processed Locally (Your Browser)
The following data is stored exclusively in your browser's LocalStorage / IndexedDB and never sent to our servers:
- UI preferences (microphone, camera, speaker settings).
- Avatar and voice configuration.
- System prompt customization.
- Memory preferences and saved facts.
- Age confirmation status (timestamp only — no date of birth is collected).
- A randomly generated, pseudonymous user identifier (
doa_user_id) used to route your session to our backend. It is not linked to your identity and you can reset it at any time via Factory Reset.
2.2. Memory Feature
The "Local Memory" feature is part of the core companion experience and is enabled by default:
- The AI may save key facts about you (preferences, name, context) to your browser's IndexedDB.
- This data is sent to Google Gemini during active sessions to provide personalized responses.
- We process this data on the basis of our legitimate interest in providing the continuous companion experience the service is designed for (GDPR Art. 6.1.f). You can disable it at any time from Settings > Memory & Privacy > "Enable Local Memory" — this acts as an objection and stops all memory processing.
- You can also delete all stored memories at any time from the same settings panel, or perform a Factory Reset to wipe all data.
2.3. Data Sent to Google Gemini
During an active voice session, the following data is transmitted to Google's servers for AI processing:
- Audio from your microphone (real-time voice stream).
- Camera or screen images (if you enable video/screen sharing).
- Text messages (if you use the keyboard input).
- Memory context (only if the Memory feature is enabled).
DoaCam currently uses the Google AI Studio API (free tier). Under this tier, your interactions may be used by Google to improve their AI models, per Google's API Terms of Service. We have no control over Google's data processing under this tier.
2.4. Data We Do NOT Collect
- We do not require an account: no registration, no password, no date of birth, no real name.
- We do not use fingerprinting or sell data to third parties.
- The only case in which we receive your email address is if you voluntarily provide it through the Contact form (see Section 2.6).
2.5. Operational Logs (Demo Phase)
DoaCam is currently in a demo / beta phase. To debug issues, audit quality, and improve the product, our backend writes operational logs to Google Cloud Logging. These logs include:
- Conversation transcriptions (your speech-to-text input and the AI's responses), associated with your pseudonymous user identifier — not with your real identity.
- Technical session events (connection, errors, tool usage).
- Client error reports (error message and stack trace) sent automatically when the app encounters a failure.
Logs are retained for a maximum of 30 days and then deleted automatically. They are used exclusively for debugging, quality auditing, and product improvement, on the basis of our legitimate interest in operating and improving a beta service (GDPR Art. 6.1.f). They are never sold or shared with third parties beyond Google Cloud, which acts as our hosting infrastructure provider.
2.6. Contact Form
If you use the Contact form, your email address and message are processed by Formspree (Formspree, Inc., USA), which acts as our form-processing provider, and are used solely to respond to your inquiry. See Formspree's Privacy Policy.
2.7. Website Analytics
We use Google Analytics 4 (GA4) to understand how users interact with our website (e.g., page views, session duration, and general geographic region). This helps us improve the platform.
- GA4 collects anonymous, aggregated data. It does not track your conversations with the AI, your microphone, or your camera input.
- Google Analytics may set cookies in your browser to distinguish unique users.
- You can opt-out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.
3. AI Transparency (EU AI Act)
In accordance with EU AI Act Article 50 (Transparency obligations):
- AI Disclosure: A persistent banner informs you that you are interacting with an AI system during active sessions.
- Periodic Reminders: Hourly notifications remind you that the avatar is AI-generated.
- System Identification: DoaCam uses Google Gemini 3.1 Flash Live (a multimodal large language model with native audio capabilities) for real-time conversation, and Google Gemini 3.1 Flash Lite for background memory analysis.
- Limitations: The AI may produce inaccurate, biased, or fabricated information. It cannot access real-time data unless explicitly using web search, and it has no persistent awareness between sessions beyond the opt-in Memory feature.
- Synthetic Content: All avatar visuals, voice, and expressions are AI-generated. No real human is depicted or involved in the conversation.
4. Legal Basis for Processing
Under GDPR Article 6, we process your data based on:
- Consent (Art. 6.1.a): For audio/video processing. You provide consent by initiating a session — starting a call is an affirmative action that activates your microphone (and camera, only if you enable it).
- Legitimate Interest (Art. 6.1.f): For the Memory feature (providing the continuous companion experience, with an opt-out in Settings), for operational logs during the demo phase (debugging, auditing, and product improvement), and for storing UI preferences locally to provide a functional experience.
5. Your Rights (GDPR)
As a user in the EU, you have the right to:
- Access: View what data is stored (Settings > Memory & Privacy).
- Deletion: Clear all memories (Settings > Memory & Privacy > WIPE) or all data (Settings > Danger Zone > Factory Reset).
- Withdraw Consent: Disable the Memory feature at any time.
- Portability: Your data is stored in your browser's local storage and can be exported.
- Object: You may stop using the service at any time. No account deletion is needed as no account exists.
Since your profile data is stored locally in your browser, you have direct control over it — no account or request to us is needed for the rights above. For data we hold server-side (operational logs, Section 2.5), you may request access or deletion through the Contact form; logs are in any case deleted automatically after 30 days.
6. Age Restriction
DoaCam requires users to be at least 18 years old. By starting a call you confirm that you meet this requirement, as stated next to the Call button. We store only a confirmation timestamp locally — no date of birth or identity document is collected or processed.
7. Data Retention
- Local data: Persists until you clear it manually or perform a Factory Reset.
- Server-side sessions: Live session state is held in RAM only and destroyed on disconnect.
- Operational logs: Conversation transcriptions and technical events are retained in Google Cloud Logging for up to 30 days during the demo phase (see Section 2.5), then deleted automatically.
- Google Gemini: Session data is handled per Google's data retention policies.
8. International Data Transfers
Audio and video data is transmitted to Google's servers (located in the US and EU) during active sessions. Because DoaCam currently uses the Google AI Studio API free tier, this processing is governed by Google's Gemini API Terms of Service rather than a dedicated data processing agreement, and Google may use the data as described in those terms (see Section 2.3). Operational logs are stored in Google Cloud (us-central1) under Google Cloud's data processing terms.
9. Changes to This Policy
We may update this policy to reflect changes in the service or legal requirements. Material changes will be communicated through the application.