Dovio logo

Dovio

Privacy Policy

Last updated: April 2, 2026

1. Introduction

Dovio (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM platform for managing your sales relationships.

2. Information We Collect

2.1 Account Information

When you register and use our services, we collect:

  • Name and email address (via Google or Microsoft OAuth)
  • Profile picture and basic account information from your OAuth provider
  • Organization information (name, settings, member roles)

2.2 CRM Data

When you use our CRM features, we store:

  • Companies, contacts, and deals you create and manage
  • Notes, tasks, and email tracking data associated with your records
  • Contracts and e-signature data, including signing status and audit logs
  • Meeting recordings, transcripts, and AI-generated summaries (when connected via Fathom)
  • All CRM data is associated with your organization and user account
  • All data is encrypted at rest and in transit

2.3 Usage Data

We automatically collect certain information about your device and how you interact with our services:

  • Browser type, version, and operating system
  • IP address and general location data
  • Pages visited, features used, and actions performed
  • Time and date of visits and session duration
  • Error reports and crash diagnostics (via Sentry) to improve service reliability

3. How We Use Your Information

We collect and process your information for the following purposes:

  • To provide, maintain, and improve our services
  • To store and manage your CRM data including companies, contacts, deals, tasks, notes, and email tracking
  • To enable collaboration and data sharing within your organization
  • To send service-related notifications, updates, and security alerts
  • To respond to your support requests, questions, and feedback
  • To detect, prevent, and address security threats, fraud, and technical issues
  • To comply with legal obligations and enforce our terms of service

3.1 Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide and maintain the Service, including storing your CRM data, managing your account, and enabling collaboration within your organization
  • Legitimate Interest (Art. 6(1)(f)): Processing necessary for our legitimate business interests, including improving the Service, ensuring security, preventing fraud, and sending service-related communications
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, regulations, and legal requests
  • Consent (Art. 6(1)(a)): Where we rely on your consent, such as for marketing communications. You may withdraw consent at any time

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with third-party service providers who process data on our behalf. For a complete list, see our Subprocessors page. Key providers include:

  • Neon (PostgreSQL Hosting):All data is stored on Neon's infrastructure with encryption at rest.
  • Sentry (Error Monitoring): Collects error reports and crash diagnostics to help us identify and fix issues. Hosted in the EU (Frankfurt).
  • Resend (Transactional Email): Sends service-related emails such as organization invitations on our behalf.
  • Google & Microsoft (OAuth Authentication): Provides secure sign-in via your existing Google or Microsoft account.
  • PostHog (Product Analytics): Collects usage events and session recordings (with your consent) to help us improve the product. Hosted in the EU (Frankfurt).
  • Fathom (Meeting Integration): Processes meeting recordings, transcripts, and AI-generated summaries when you connect your Fathom account.
  • DocuSeal (E-Signatures): Processes contract documents and submitter information for electronic signing. Hosted in the EU (Ireland).

4.2 Within Your Organization

Data you create is shared with other members of your organization according to your organization's role-based access controls.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

  • Encryption at Rest: All data is encrypted using AES-256 encryption in our database
  • Encryption in Transit: All data transmission occurs over HTTPS using TLS 1.3 encryption
  • Access Controls: Strict role-based access controls (owner, admin, member) limit who can view and modify data
  • Database Security: Hosted on Neon PostgreSQL with enterprise-grade security, automated backups, and redundancy
  • Authentication: OAuth 2.0 authentication via Google and Microsoft with secure session management
  • Regular Security Audits: Ongoing security assessments and monitoring

6. Data Retention and Deletion

6.1 Retention Period

We retain your personal information only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. This includes:

  • Active account data is retained while your account remains active
  • CRM data (companies, contacts, deals, tasks, notes) is retained until you delete it or close your account
  • Usage logs and analytics data are retained for up to 90 days

6.2 Account Deletion

When you delete your account or are removed from an organization:

  • Immediate: Account access is immediately revoked
  • Within 30 days: All personal information is permanently and irreversibly deleted, including:
    • Account details and profile information
    • All CRM data associated with your account
    • Session data and authentication tokens
  • Exceptions: We may retain certain anonymized or aggregated data, or data required for legal compliance, dispute resolution, or fraud prevention
  • Backups: Data in automated backups will be deleted as backups expire (within 30 days)

6.3 Manual Deletion

You can manually delete individual records (companies, contacts, deals, tasks, and notes) at any time. Deleted items are permanently removed from our systems and cannot be recovered.

7. Your Rights (GDPR Compliance)

If you are a resident of the European Economic Area (EEA), United Kingdom, or other jurisdiction with applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data
  • Right to Restriction of Processing: Request that we limit how we use your data
  • Right to Data Portability: Request a machine-readable copy of your data to transfer to another service
  • Right to Object: Object to our processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data
  • Right to Lodge a Complaint: File a complaint with your local data protection authority. Our supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY)

To exercise any of these rights, please contact us at support@dovio.io. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States where our service providers operate. We ensure that such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • Ensuring adequate safeguards are in place to protect your personal information

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our services. You can manage your cookie preferences at any time using our cookie consent banner.

Categories of Cookies

  • Strictly Necessary: Authentication cookies to maintain your login session, and preference cookies for settings like theme and sidebar state. These cannot be disabled.
  • Performance & Analytics: Error monitoring (Sentry) and product analytics (PostHog) to help us diagnose issues and improve the product. On public pages, these require your consent. For logged-in users, product analytics are covered by our Terms of Service; session replay still requires consent.
  • Cookieless Analytics: We use Vercel Analytics and Vercel Speed Insights to collect anonymous, aggregated page view and performance data. These services do not use cookies, do not store IP addresses, and cannot identify individual users.

You can change your cookie preferences at any time by clicking the cookie settings link in the footer or by adjusting your browser settings. Disabling strictly necessary cookies may prevent you from using certain features.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us immediately at support@dovio.io, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the “Last updated” date at the top of this policy
  • For material changes, we will provide prominent notice (e.g., email notification or in-app notification)
  • Continued use of our services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related requests or data protection inquiries, please email support@dovio.io and include “GDPR Request” in the subject line.