dooMOdooMO
← Back to dooMO
Policies · Privacy

Privacy policy

This Privacy Policy explains how dooMO collects, uses, stores, and shares information when you use the dooMO iOS app, web portal, and related services.

v1.0 · 2026-06-19Effective: June 19, 2026
Jump to section
§ 1

Who We Are

dooMO is provided by Tributary Studios LLC, a Minnesota limited liability company with the contact information listed in Section 18 ("Tributary," "we," "us").

dooMO is a business product intended for use by organizations and their authorized adult staff. It is not a student-facing product.

§ 2

Scope and Roles

This Policy covers information collected through: the dooMO iOS app; the dooMO web portal at doomotasks.com; dooMO APIs; billing, support, and operational channels related to dooMO.

This Policy does not cover third-party websites or services that dooMO links to but does not control.

For most customer content submitted to dooMO — including tasks, comments, photos, image attachments, building data, member rosters, invitations, and related metadata — the customer organization is the controller, business, educational agency, or equivalent data owner. Tributary processes that information on the customer's behalf.

For account-level information, billing metadata, support communications, security logs, diagnostics, and business operations, Tributary may act as an independent controller or business where applicable law recognizes those roles.

§ 3

Definitions

"Customer Data" means content and information submitted to dooMO by a customer organization or its authorized users, including task descriptions, comments, photos and image attachments, building data, member rosters, invitations, notification settings, and related metadata.

"Personal Data" means information that identifies or can reasonably be linked to an individual.

"Student Data" means Personal Data relating to a student that is submitted to dooMO by or for a K-12 school or district.

"Education Records" has the meaning given under the Family Educational Rights and Privacy Act and its implementing regulations.

"Security Incident" means a confirmed unauthorized access to or disclosure of Customer Data, Personal Data, Student Data, or Education Records in Tributary's possession or control.

§ 4

Information We Collect

Information you or your organization provide. We collect information provided by users or customer organizations, including:

  • account details, such as first name, last name, email address, role, default building or location, profile photo, avatar settings, legal-acceptance timestamps, and notification preferences;
  • authentication information managed through Firebase Authentication, including email/password authentication and supported federated sign-in providers such as Google Sign-In and Sign in with Apple;
  • organization information, such as organization name, slug, buildings, addresses, member rosters, roles, access settings, invitations, plan tier, and billing contact email;
  • task information, such as title, description, location within a building, building, priority, status, requester, assignees, due dates, timestamps, and completion metadata;
  • comments on tasks;
  • photos and image attachments uploaded with tasks, including related metadata such as file name, size, type, dimensions, timestamps, caption, uploader, and storage path;
  • support communications and attachments you send to us.

dooMO does not store plaintext passwords.

Information collected automatically. We collect or generate operational information needed to run, secure, and support dooMO, including:

  • device and app information, such as platform, app version, user agent, and release information;
  • server request logs, such as request ID, method, path, status, duration, and authenticated user ID when available;
  • diagnostic events submitted by the app or web portal, such as platform, severity, category, safe error message, error code, screen or path, request ID, API method/path/status, release, user agent, capped stack trace, and limited primitive context;
  • push notification identifiers, such as FCM tokens and Apple push tokens;
  • crash diagnostics from Firebase Crashlytics for the iOS app;
  • audit logs and rate-limit counters used for security and abuse prevention.

Our diagnostic-event endpoint is designed not to collect task descriptions, comments, or photo data.

Infrastructure providers may also process limited operational metadata, such as IP address, timestamps, request metadata, and logs, as part of hosting, security, delivery, and diagnostics.

Billing information. Billing is processed through Stripe. Stripe may provide us with billing contact information, customer identifiers, subscription identifiers, invoice identifiers, subscription status, billing period information, payment status, and related billing metadata. Payment card numbers and bank details are entered directly into Stripe-hosted pages and do not pass through dooMO servers.

§ 5

K-12 Customers and Student Data

dooMO is designed for use by authorized adult staff, including administrators, building admins, custodians, and requesters. Students should not be invited as users.

We do not ask for student records or student directory information as part of normal product setup. However, because dooMO includes free-text fields, comments, photos, locations, and image attachments, adult staff may incidentally include Student Data in task content.

Customer is responsible for:

  • training staff not to include unnecessary student personally identifiable information;
  • limiting task content to information needed for the facility or maintenance purpose;
  • reviewing and redacting inappropriate or unnecessary student information;
  • configuring role and building access;
  • responding to parent, student, eligible-student, employee, and data-subject requests about Customer Data.

On request from an authorized school-district representative, Tributary will reasonably assist with access, export, deletion, or redaction of incidentally submitted Student Data using available product tools and support processes.

For school-district customers, when Tributary processes personally identifiable information from Education Records, Tributary intends to do so as a "school official" performing an institutional service for which the district would otherwise use employees, subject to the district's direct control over the use and maintenance of that information.

We do not sell Student Data. We do not use Student Data for targeted advertising, cross-context behavioral advertising, unrelated behavioral profiling, or training machine-learning models.

§ 6

How We Use Information

We use information to:

  • create and manage user accounts;
  • manage organizations, memberships, invitations, buildings, and roles;
  • route, display, update, and export tasks, comments, photos, and image attachments;
  • provide role-based and building-scoped access;
  • send operational email, including invitations, password resets, notifications, billing messages, and support messages;
  • send push notifications to devices when users have enabled them;
  • process subscriptions and billing through Stripe;
  • maintain, secure, debug, and support dooMO;
  • detect abuse, enforce rate limits, investigate incidents, and enforce our Terms;
  • review operational diagnostics and aggregate product metrics to maintain and improve the Service;
  • comply with legal, tax, accounting, security, and lawful request obligations.

We do not use Customer Data, Student Data, or Education Records for advertising, targeted advertising, cross-context behavioral advertising, data brokerage, or unrelated behavioral profiling.

We do not train machine-learning models on Customer Data, Student Data, or Education Records unless a signed customer agreement expressly permits it.

§ 8

How Information Is Shared

  • Within your organization. Information visible in dooMO is shared within the customer organization based on user role, building access, and organization settings. Administrators can see and manage more information than custodians or requesters.
  • Service providers and sub-processors. We use service providers and sub-processors to operate, secure, bill, host, support, and deliver dooMO. See Section 9 and the Sub-processors page.
  • Legal and safety. We may disclose information if we believe in good faith that disclosure is required by law, subpoena, court order, lawful request, or legal process, or is necessary to protect the rights, property, security, or safety of Tributary, customers, users, or others. Where legally permitted, we will seek to provide notice to the affected customer before disclosing Customer Data in response to legal process. We may contest overbroad or inappropriate requests where permitted.
  • Business transfers. If Tributary is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction. The recipient must protect Customer Data consistently with applicable agreements and law.
  • With consent or instruction. We may share information with consent, at the customer's instruction, or as otherwise described in an applicable agreement.
  • No sale or targeted advertising. We do not sell Personal Data, Customer Data, Student Data, or Education Records. We do not share Personal Data, Customer Data, Student Data, or Education Records for cross-context behavioral advertising.
§ 9

Sub-processors

Tributary uses the service providers below to operate, secure, support, and bill dooMO:

  • Google Cloud / Firebase — authentication, Firestore database, Cloud Storage, Cloud Functions, Firebase Cloud Messaging, and Firebase Crashlytics;
  • Vercel — web hosting, build delivery, and edge network for the web portal;
  • Stripe — checkout, subscription billing, invoices, payment method updates, and customer portal;
  • Resend — transactional email delivery;
  • Apple Push Notification service — push notification delivery to the iOS app;
  • Google Sign-In — optional authentication for users who choose Google sign-in;
  • Sign in with Apple — optional authentication for users who choose Apple sign-in.

A current subprocessor list is maintained on the Subprocessors page.

For K-12 customers with an applicable DPA or order form, Tributary will provide at least 30 days' advance notice of a new material subprocessor where practical, unless an urgent security, continuity, or legal need requires a shorter period.

If Customer reasonably objects to a new material subprocessor, Customer may notify Tributary during the notice period. The parties will work in good faith to resolve the objection. If the objection cannot be resolved, Customer may terminate the affected paid Service and receive a pro-rata refund of prepaid unused fees for the terminated portion, unless the applicable order form states otherwise.

§ 10

Data Retention, Export, Deletion, and Backups

We retain information for as long as reasonably needed to provide dooMO, comply with legal and accounting obligations, resolve disputes, maintain security, enforce agreements, and support customer-requested export or deletion workflows.

Retention, deletion, export, and backup handling may depend on product features, customer configuration, support processes, provider settings, applicable law, and signed agreements.

Active organizations. Account and organization data is generally retained while the organization uses dooMO.

Plan history limits. Some dooMO plans may limit how far back task statistics or exports can look. These plan history limits are query, reporting, or export limits. They are not automatic deletion periods.

Account deletion. If an individual user account is deleted through available product tools, dooMO deletes the Firebase Authentication identity and disables or clears certain active account functions such as devices and notification preferences. Some profile records may be retained in a deleted or tombstoned state, and task/comment authorship references may remain for historical, audit, security, or operational integrity reasons. Account deletion is not a full purge of all historical task content authored by that user.

Organization deletion or purge. Authorized organization owners or administrators may use available product tools or support processes to close, archive, delete, or request purge of organization data where supported. A full organization purge, when available and completed, may remove organization records, memberships, buildings, tickets, comments, invitations, and organization storage media. This is not the same as automatic deletion on subscription cancellation.

Post-termination export request window. For 30 days after termination or organization closure, Customer may request support-assisted export or retrieval of Customer Data where technically feasible and legally permitted. Self-serve exports are currently provided as CSV for task and statistics data; other formats and retrieval of attachments or additional data may be available on a support-assisted basis where technically feasible. The 30-day period is a support request window. It is not a promise that every dataset is automatically retained for exactly 30 days or automatically deleted after 30 days.

Backups. Database and storage backups, if enabled for the applicable environment, are managed through cloud-provider and operational settings. Backup retention is not controlled by ordinary product features and may differ from active database retention. Backups may retain deleted or changed information for a limited period before they are overwritten or expire according to configured provider policies.

Billing and accounting records. Billing records, invoices, tax records, and related accounting records may be retained as required by law and ordinary business needs, commonly up to 7 years. Some billing records are controlled by Stripe rather than dooMO. dooMO stores billing identifiers and billing-status metadata, not full card or bank details.

Logs. Security, access, diagnostic, audit, and operational logs are retained according to operational logging settings, provider settings, legal obligations, and security needs. Our target operational log retention period is up to 12 months, but some provider logs may have different retention settings.

Legal holds and exceptions. We may retain information longer when required by law, legal process, security investigation, dispute resolution, accounting obligations, or agreement enforcement.

§ 11

Rights and Choices

All users. Users may review and update certain account information through the iOS app and web portal. Organization administrators control roles, building access, membership status, and organization-level content.

Customer-controlled content. If a request concerns Customer Data, including task content, comments, photos, building records, rosters, Student Data, or Education Records, the request should be directed to the customer organization first. Tributary will reasonably assist the customer organization with access, correction, export, deletion, or redaction requests using available product tools and support processes.

Tributary-controlled information. For account-level, support, billing metadata, security, or operational information controlled by Tributary, users may contact us at support@doomotasks.com.

California residents. California residents may have rights to know, access, correct, delete, and receive information about certain personal information, and not to receive discriminatory treatment for exercising those rights. We do not sell personal information and do not share it for cross-context behavioral advertising. Because of that, we do not currently offer a sale/share opt-out. Authorized-agent requests must include information reasonably sufficient to verify the request and the agent's authority.

EEA / UK users. If GDPR or UK GDPR applies, users may have rights to access, rectify, erase, restrict, port, or object to certain processing, and to withdraw consent where processing is based on consent. Users may also have the right to lodge a complaint with a local data protection authority.

§ 12

International Data Transfers

dooMO is operated using cloud infrastructure configured for the United States where available, and is intended for customers in the United States. dooMO is not directed to, or offered to, customers or users in the European Economic Area, the United Kingdom, or Switzerland. If that changes, this Policy will be updated to address applicable cross-border transfer requirements before such use.

§ 13

Security and Security Incident Notification

We use commercially reasonable technical and organizational measures designed to protect information, including:

  • TLS encryption in transit;
  • managed-provider encryption at rest;
  • Firebase Authentication;
  • role-based and building-scoped access controls;
  • backend authorization checks;
  • deny-all client storage rules with Cloud Functions-mediated access;
  • time-limited signed URLs for storage access;
  • selected audit logs, diagnostics, and request IDs;
  • rate limiting on selected abuse-prone endpoints;
  • least-privilege operational access.

dooMO does not currently require or manage multi-factor authentication. Users who sign in through Google or Apple may have provider-side account protections depending on their provider settings.

No system is completely secure.

If we confirm a Security Incident affecting Customer Data, Personal Data, Student Data, or Education Records, we will notify the affected customer's organization administrator without undue delay and, where required by contract or law, no later than 72 hours after confirmation.

The notice will describe, to the extent known at the time: the nature of the incident; affected data categories; known or likely impact; mitigation steps; recommended customer actions; follow-up information as it becomes available.

Notice may be delayed if required by law enforcement, legal process, or applicable law.

§ 14

Cookies and Similar Technologies

The dooMO web portal uses a small number of cookies and browser storage items to operate.

Strictly necessary. These may include authentication/session cookies set by Firebase Authentication and hosting or load-balancing cookies set by Vercel. Without these, users may not be able to sign in or use the portal.

Preferences. dooMO may store small preference values in the browser, such as theme choice or task-list filter state. These may be stored locally and may not be transmitted to Tributary.

No advertising cookies. dooMO does not currently use advertising cookies, behavioral advertising pixels, or marketing analytics cookies. If we add analytics, telemetry, or marketing cookies in the future, we will update this Policy and add a consent mechanism where required by law.

§ 15

Children's Privacy

dooMO is not directed to children and does not allow student accounts.

We do not knowingly collect personal information directly from children under 13 in the United States or under 16 in the EEA/UK.

If adult staff submit information about a child in task content, comments, photos, image attachments, or other Customer Data, we process that information on behalf of the customer organization.

If you believe a child's information has been submitted to dooMO, contact the relevant customer organization first. An authorized organization representative may request that Tributary assist with deletion, redaction, or export using available product tools and support processes.

§ 16

Changes to This Policy

We may update this Policy from time to time. When we do, we will post the updated version and revise the effective date.

For material changes, we will give organization administrators at least 30 days' prior notice by email, in-product notice, or both.

Continued use of dooMO after the effective date means the customer organization accepts the updated Policy.

§ 17

Minnesota Public School District Data

For Minnesota public school district customers, data created, collected, received, stored, used, maintained, or disseminated by Tributary in performing the applicable district transaction may be subject to the Minnesota Government Data Practices Act, Minn. Stat. Ch. 13. Tributary will administer such data according to the applicable requirements of Minn. Stat. Ch. 13 as if Tributary were a government entity, solely for purposes of performing the district transaction.

Tributary will use educational data and other nonpublic government data only to provide the specific services contracted for by the district. Tributary will not use such data for any commercial purpose, including marketing or advertising to a student or parent, and will not sell, share, or disseminate such data except as permitted by the applicable district transaction, Minn. Stat. Ch. 13, FERPA, or written district instruction.

If Tributary receives a public data request, parent request, student request, eligible-student request, or other request involving district data, Tributary will refer the request to the district unless the district has instructed Tributary in writing to respond directly. The district remains responsible for data-classification decisions.

Return or destruction of district data. For Minnesota public school district customers, unless renewal of the applicable transaction is reasonably anticipated, Tributary will return or destroy educational data created, received, or maintained pursuant or incidental to the transaction within 90 days after expiration of the transaction. Upon district request, Tributary will return or destroy documents, data, and other information provided by the district in connection with the transaction. This requires a support-assisted process and is not completed by ordinary individual account deletion; it may require organization-level export, organization-level purge, storage cleanup, and confirmation of applicable backup and log handling.

Security breach (Minn. Stat. § 13.055). If educational data or other nonpublic government data is subject to a breach of the security of the data, Tributary will disclose to the district all information known to Tributary that is necessary for the district to fulfill its obligations under Minn. Stat. § 13.055. Tributary will make that disclosure following discovery or notification of the breach and without unreasonable delay, consistent with measures necessary to determine the scope of the breach, restore the reasonable security of the data, and comply with any lawful delay required by law enforcement or applicable law.

§ 18

Contact Us

Tributary Studios LLC
16413 Fanning Ct, Lakeville, MN
Email: support@doomotasks.com
Privacy inquiries: support@doomotasks.com