← backPrivacy Policy
2DooD — last updated June 17, 2026
2DooD ("we", "our", "the app"), operated by MeloMed Inc., is a productivity todo app. This policy describes what data we collect, how we use it, and the choices you have. We don't sell your data. We don't show you ads. We don't share your data with third parties for their own purposes.
1. What we collect
When you use 2DooD we collect:
·
Your email address (used as your account identifier).
·
Tasks you create in the app: title, due date, status, optional notes.
·
If you connect Google: a long-lived refresh token so we can fetch your data on your behalf.
·
If you sync Google Tasks: titles, due dates, and completion status of your tasks lists you choose to sync.
·
If you sync Google Calendar: event titles, start/end dates, and event IDs from the next ~90 days. We do NOT read event descriptions, attendees, attachments, or location.
·
If you use voice ingest: a temporary audio recording (deleted after transcription).
·
Basic technical logs (timestamps of sync requests) for debugging.
2. How we use it
The data above is used solely to operate the app's features:
·
Email + auth: identify you and keep you signed in.
·
Tasks: display, edit, and sync your todo list across devices.
·
Google Calendar events: surface "suggestions for the day" based on upcoming events (the random todo generator) and build a local entity dictionary that helps the app autocomplete and disambiguate dates ("MMAI Final" → matches your calendar event).
·
Google Tasks: bidirectional sync so changes in either app reflect in the other.
·
Voice audio: transcribed to text immediately and discarded. We do not retain raw audio.
·
Logs: only used to diagnose issues. Not used for marketing, analytics, or profiling.
3. Where we store it
Your data lives in a Supabase Postgres database hosted in the United States. Row-level security ensures your data is only accessible to your authenticated session. Auth tokens (Supabase + Google refresh tokens) are encrypted at rest. The app's backend functions run on Supabase Edge Functions and Vercel serverless functions.
4. Third-party services we use
We use these vendors strictly to operate the app. We do not share your data with them for their own marketing, analytics, or profiling:
·
Supabase — database, authentication, storage. (https://supabase.com/privacy)
·
Vercel — frontend hosting and serverless functions. (https://vercel.com/legal/privacy-policy)
·
Google — Calendar / Tasks API. We only request the minimum scopes needed (read calendar events, read+write tasks). (https://policies.google.com/privacy)
·
Deepgram — voice transcription (only if you use voice ingest). Audio is sent for transcription and not retained on our end. (https://deepgram.com/privacy)
·
OpenAI — structured parsing of voice transcripts (only if you use voice ingest). Per OpenAI's API policy, your data is not used to train their models. (https://openai.com/policies/privacy-policy)
5. Your Google data — limited use
Google's API Services User Data Policy applies to our use of information received from Google APIs. Specifically:
·
We use Google Calendar and Google Tasks data only to provide the app's user-facing features (suggestions, sync, entity matching).
·
We do NOT transfer your Google data to third parties except as needed to provide the service, comply with applicable law, or as part of a merger/acquisition (in which case we would notify you).
·
We do NOT use your Google data for serving advertisements.
·
We do NOT allow humans to read your Google data, except: (a) with your explicit consent for support, (b) for security investigations, (c) to comply with applicable law, or (d) when the data has been aggregated and anonymized for internal operations.
6. Your rights
·
Access: see all your tasks and synced data inside the app at any time.
·
Delete: permanently delete your account and all associated data at any time in the app, from Settings → Delete account (takes effect immediately). You can also email us at candy@melomed.io.
·
Disconnect Google: revoke 2DooD's Google access at any time at https://myaccount.google.com/permissions — this stops new syncs immediately. Existing synced data remains in your 2DooD account until you delete it.
·
Export: contact us at candy@melomed.io for a JSON export of your data.
7. Data retention
We keep your data for as long as your account exists. When you delete your account (Settings → Delete account), we remove your profile and all associated tasks immediately, and purge backups within 30 days.
8. Children
2DooD is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, contact us at candy@melomed.io and we will delete the account.
9. Changes to this policy
If we make material changes we will update the "last updated" date above and notify you in-app. Minor wording or clarification updates may happen without notice.
10. Contact
Questions about privacy or data:
candy@melomed.io