Dovio logo

Dovio

Privacy Policy

Last updated: February 27, 2026

1. Introduction

Dovio (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM platform for managing your sales relationships.

2. Information We Collect

2.1 Account Information

When you register and use our services, we collect:

  • Name and email address (via Google or Microsoft OAuth)
  • Profile picture and basic account information from your OAuth provider
  • Organization information (name, settings, member roles)

2.2 CRM Data

When you use our CRM features, we store:

  • Companies, contacts, and deals you create and manage
  • Notes, tasks, and email tracking data associated with your records
  • All CRM data is associated with your organization and user account
  • All data is encrypted at rest and in transit

2.3 Usage Data

We automatically collect certain information about your device and how you interact with our services:

  • Browser type, version, and operating system
  • IP address and general location data
  • Pages visited, features used, and actions performed
  • Time and date of visits and session duration
  • Error reports and crash diagnostics (via Sentry) to improve service reliability

3. How We Use Your Information

We collect and process your information for the following purposes:

  • To provide, maintain, and improve our services
  • To store and manage your CRM data including companies, contacts, deals, tasks, notes, and email tracking
  • To enable collaboration and data sharing within your organization
  • To send service-related notifications, updates, and security alerts
  • To respond to your support requests, questions, and feedback
  • To detect, prevent, and address security threats, fraud, and technical issues
  • To comply with legal obligations and enforce our terms of service

3.1 Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide and maintain the Service, including storing your CRM data, managing your account, and enabling collaboration within your organization
  • Legitimate Interest (Art. 6(1)(f)): Processing necessary for our legitimate business interests, including improving the Service, ensuring security, preventing fraud, and sending service-related communications
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, regulations, and legal requests
  • Consent (Art. 6(1)(a)): Where we rely on your consent, such as for marketing communications. You may withdraw consent at any time

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with third-party service providers who process data on our behalf. For a complete list, see our Subprocessors page. Key providers include:

  • Neon (PostgreSQL Hosting): All data is stored on Neon's infrastructure with encryption at rest.
  • Sentry (Error Monitoring): Collects error reports and crash diagnostics to help us identify and fix issues. Hosted in the EU (Frankfurt).
  • Resend (Transactional Email): Sends service-related emails such as organization invitations on our behalf.
  • Google & Microsoft (OAuth Authentication): Provides secure sign-in via your existing Google or Microsoft account.

4.2 Within Your Organization

Data you create is shared with other members of your organization according to your organization's role-based access controls.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

  • Encryption at Rest: All data is encrypted using AES-256 encryption in our database
  • Encryption in Transit: All data transmission occurs over HTTPS using TLS 1.3 encryption
  • Access Controls: Strict role-based access controls (owner, admin, member) limit who can view and modify data
  • Database Security: Hosted on Neon PostgreSQL with enterprise-grade security, automated backups, and redundancy
  • Authentication: OAuth 2.0 authentication via Google and Microsoft with secure session management
  • Regular Security Audits: Ongoing security assessments and monitoring

6. Data Retention and Deletion

6.1 Retention Period

We retain your personal information only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. This includes:

  • Active account data is retained while your account remains active
  • CRM data (companies, contacts, deals, tasks, notes) is retained until you delete it or close your account
  • Usage logs and analytics data are retained for up to 90 days

6.2 Account Deletion

When you delete your account or are removed from an organization:

  • Immediate: Account access is immediately revoked
  • Within 30 days: All personal information is permanently and irreversibly deleted, including:
    • Account details and profile information
    • All CRM data associated with your account
    • Session data and authentication tokens
  • Exceptions: We may retain certain anonymized or aggregated data, or data required for legal compliance, dispute resolution, or fraud prevention
  • Backups: Data in automated backups will be deleted as backups expire (within 30 days)

6.3 Manual Deletion

You can manually delete individual records (companies, contacts, deals, tasks, and notes) at any time. Deleted items are permanently removed from our systems and cannot be recovered.

7. Your Rights (GDPR Compliance)

If you are a resident of the European Economic Area (EEA), United Kingdom, or other jurisdiction with applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data
  • Right to Restriction of Processing: Request that we limit how we use your data
  • Right to Data Portability: Request a machine-readable copy of your data to transfer to another service
  • Right to Object: Object to our processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data
  • Right to Lodge a Complaint: File a complaint with your local data protection authority. Our supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY)

To exercise any of these rights, please contact us at admin@dovio.io. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States where our service providers operate. We ensure that such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • Ensuring adequate safeguards are in place to protect your personal information

9. Cookies and Tracking Technologies

We use only essential cookies necessary for the operation of our services:

  • Authentication Cookies: To maintain your login session and verify your identity
  • Preference Cookies: To remember your settings and preferences (e.g., theme, language)

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track your behavior across websites. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using certain features.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us immediately at admin@dovio.io, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the “Last updated” date at the top of this policy
  • For material changes, we will provide prominent notice (e.g., email notification or in-app notification)
  • Continued use of our services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related requests or data protection inquiries, please email admin@dovio.io and include “GDPR Request” in the subject line.