logo

Do the frog

Privacy Policy

Last updated: November 17, 2025

This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website https://www.dothefrog.com ("Website") and use our mobile application "DoTheFrog" ("App"). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), known in Germany as the Datenschutz-Grundverordnung (DSGVO).

1. Data Controller (Verantwortlicher)

The data controller responsible for the processing of personal data on this website within the meaning of the GDPR is:

Dothefrog
Sabine Häuser
Grabenwiese 19
83623 Dietramszell
Bavaria, Germany
Email: info@dothefrog.com
Phone: +49 160 2884937

2. Data Processing on This Website

We process your personal data for the following purposes and based on the following legal bases:

a) Newsletter and Email Tracking

If you subscribe to our newsletter, we collect your email address to send you regular updates. The legal basis for this is your explicit consent (Art. 6(1)(a) GDPR).

Our newsletter includes "web beacons" or "tracking pixels" and tracked links. This allows us to perform a statistical analysis of our newsletter campaigns. We can see if and when an email was opened and which links in the email were clicked. We use this data to measure the performance of our campaigns and to optimize our newsletter content based on your interests.

The legal basis for this performance tracking is also your explicit consent (Art. 6(1)(a) GDPR), which you must provide separately or as part of your newsletter subscription. You can withdraw your consent at any time by clicking the "unsubscribe" link provided in every newsletter.

b) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for EU users). We use Google Analytics to analyze website usage and improve our services.

Google Analytics uses cookies that are stored on your computer and allow an analysis of your use of the website. This processing, including the setting of cookies, only occurs if you have given us your explicit consent via our cookie consent banner (Art. 6(1)(a) GDPR).

We have activated IP anonymization on this website. This means your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

We have concluded a Data Processing Agreement (DPA) (Auftragsverarbeitungsvertrag, AVV) with Google for the use of Google Analytics, which obligates Google to protect our users' data and not to pass it on to third parties.

3. Data Sharing and Third Parties

We do not share your personal data with third parties, except for the service providers mentioned in this policy (like Google) who process data on our behalf. These providers are bound by Data Processing Agreements (DPAs) and act only on our instructions.

4. Data Retention

We keep your personal data only as long as necessary to fulfill the purposes described above or as required by law.

  • Newsletter Data: We store your email address and tracking data until you withdraw your consent (unsubscribe from the newsletter).
  • Google Analytics Data: We have configured Google Analytics to automatically delete user-level and event-level data after 14 months.

5. International Data Transfers

Data processed by Google Analytics may be transferred to and processed on servers in the United States. The USA is considered a country without an adequate level of data protection by the European Commission. To ensure your data is protected, we and Google rely on the EU Standard Contractual Clauses (SCCs) as the appropriate safeguard for such transfers.

6. Your Rights (Betroffenenrechte)

As a data subject, you have the following rights under the GDPR:

  • Right to Access (Art. 15 GDPR): To request information about the personal data we hold about you.
  • Right to Rectification (Art. 16 GDPR): To request the correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be forgotten") (Art. 17 GDPR): To request the deletion of your personal data.
  • Right to Restriction of Processing (Art. 18 GDPR): To request the restriction of how we process your data.
  • Right to Withdraw Consent (Art. 7(3) GDPR): To withdraw your consent at any time for future processing (e.g., by unsubscribing from our newsletter).
  • Right to Data Portability (Art. 20 GDPR): To request your data in a machine-readable format.
  • Right to Object (Art. 21 GDPR): To object to processing based on legitimate interests (though we primarily use consent).
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to file a complaint with a supervisory authority. The competent authority for us in Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Website: https://www.lda.bayern.de/

7. Cookie Policy

We only use technically essential cookies and those for Google Analytics. Detailed information about the cookies we use and how you can manage your consent is available in our Cookie Policy and through our cookie consent banner.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes. Changes will be posted here with the new "Last updated" date.

9. Privacy in the DoTheFrog Mobile App

This section explains how we process personal data when you use our mobile app "DoTheFrog" ("App").

a) Data we process in the App

When you use the App we may process the following types of data:

  • App content: App content such as todo tasks, braindump tasks and rewards that you save in the App. Data like your todo tasks and braindump tasks are stored on your device. Only your rewards are stored in a secure, encrypted database operated by our service provider Supabase. We use this storage so that your rewards can be saved correctly and restored. Our team may access this encrypted data in Supabase in some cases, for example, when we answer support requests, fix bugs, or analyse how the App is used in order to improve it. We do not sell this content to third parties.
  • Technical information: Technical information such as device model, operating system version, language setting and crash information. This helps us to keep the App secure and stable.
  • Purchase and subscription data: Purchase and subscription data such as which product you bought, the start and status of your subscription and information needed to check if your access to Pro features is active. Payments are processed only by the store provider for example Apple App Store or Google Play Store. We do not receive your credit card or bank details.

b) Purposes and legal bases

We process App data for these purposes:

  • To provide the main functions of the App and manage your purchases and subscriptions: Legal basis Art. 6(1)(b) GDPR performance of a contract
  • To fulfil legal obligations related to billing and accounting: Legal basis Art. 6(1)(c) GDPR
  • To keep the App secure, fix errors and improve stability: for example by evaluating crash data. Legal basis Art. 6(1)(f) GDPR our legitimate interest in a secure and stable App

c) Storage periods for App data

  • App content on your device: remains there until you delete the content or uninstall the App.
  • Purchase and subscription related data: is stored for as long as your subscription is active and for the period required by statutory retention obligations in tax and commercial law.

d) Service providers for the App

We may use technical service providers for example for error reporting, infrastructure or delivery of updates. These providers act as processors under Art. 28 GDPR and may only process data on our documented instructions.

The App does not show third party advertising.

10. Device Information and Support ID

When you install and use the App, we create an entry for your device in our secure and encrypted database hosted by our service provider Supabase.

a) Data stored in the device entry

This entry includes a randomly generated support ID, your platform (for example iOS or Android), your device model, the store used for installation, the date and time of your first App launch, your current Pro status, and your Pro purchase history (for example whether you have purchased Pro before and how often).

The data stored in this device entry does not include your name, email address, or any other direct contact information. It also does not allow us to identify you as a person. All data is stored in encrypted form and is used only in a pseudonymous manner.

b) Purposes and legal basis

We use this device information to:

  • Provide and verify access to Pro features
  • Respond to support requests
  • Understand which devices and platforms we need to support
  • Improve App stability and user experience

The legal basis for this processing is our legitimate interest in providing a secure and stable App (Art. 6(1)(f) GDPR) and, when you purchase Pro, the performance of a contract (Art. 6(1)(b) GDPR).