Doogo logo
Home

Privacy Policy

How we collect and use your information

Effective date: June 11, 2026

Introduction & Who We Are

Doogo Research, Inc. ("Doogo," "we," "our," or "us") operates Doogo, a service for discovering local events and forming community in real life in DC, Maryland, and Virginia, available as "Doogo Social" in the Apple App Store and on Google Play, and the website at www.doogo.app (together, the "Service"). Doogo Research, Inc. is a Delaware corporation with its principal place of business at 2451 Crystal Dr, 6th Floor, Arlington, VA 22202, United States, and is the controller responsible for your personal information.

This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and the choices and rights you have. You are asked to accept this Policy when you create an account, and we may ask you to accept updated Terms and Privacy Policy versions after material changes. If you have questions, contact us at [email protected].

Scope & Eligibility

The Service is intended only for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete that account and its associated data. Please do not use the Service if you are under 18.

Information We Collect

Account & Identity

  • Email address, password (stored only as an Argon2id hash — we never keep your plaintext password), display name, and username (your username forms part of your public profile address).
  • Date of birth, which we collect once to confirm you meet the 18+ requirement.
  • Phone number, if you choose to provide one. This is optional; we use it only as profile contact information and do not send you SMS text messages.
  • If you connect your Google Calendar — a fully optional integration you choose to enable — we use Google's OAuth with an app-created-calendar permission to create and manage only the dedicated Doogo calendar used for the integration. We store encrypted access and refresh tokens, the dedicated calendar's identifier, and the calendar entries we sync to that calendar; we do not receive your Google email or profile for this feature. You can disconnect it at any time. If you connected under an older, broader calendar permission, we require you to reconnect before calendar sync continues.
  • Consent records showing your acceptance of our Terms and this Privacy Policy, including timestamps, versions, and the IP address and device/user-agent recorded at the time of acceptance.

Profile & Social Graph

  • Optional profile details: first/last name, gender, a short bio, an avatar image, your interests, and a default/home location.
  • Your social connections: friends, follows, and pending friend/follow requests.
  • Your privacy settings controlling who can see each part of your profile.

User-Generated Content

  • Event comments ("Mingle") and any images you attach, your reactions (attending / interested / not interested), and content you choose to report.
  • Messages. Direct messages you send and receive, including text, images, and shared events.
  • Beta feedback. If you submit beta feedback, we collect the message text, private attachments you choose to include, attachment metadata, app and route context, diagnostic device metadata, analytics device IDs, notification device IDs, and private GitHub triage records created by admins. During admin triage, admins may open a private GitHub issue URL containing feedback text and diagnostic metadata/device IDs so they can create a private engineering issue. Opening that URL sends those fields outside Doogo to GitHub and may place them in browser history or proxy logs before the issue is submitted. The URL does not include attachment files, signed URLs, or R2 object keys.

Usage & Behavioral

  • How you interact with the Service: events you view, open, bookmark, or mark as attending; feed impressions and how long cards are shown; video watch progress; your searches — the search keyword is stored only as a one-way (SHA-256) hash, never as raw text, though we also record the length of your query and the filters you apply (such as location and date); and comment, reaction, and share activity.
  • For visitors to our landing pages: page views, section visibility, button clicks, and form interactions, tied to a random per-visit session identifier that is not linked to your real identity unless you later register from the same browser.

Device & Technical

  • IP address, browser/user-agent and device information (model, operating system, app version, language, time zone), and screen/viewport size.
  • Authentication cookies and tokens, the IP address and device details of each sign-in session, and a device fingerprint used to manage your sessions and detect suspicious sign-ins.
  • Security and audit logs. We keep a log of important account and security events — such as sign-ins, registration, password resets, profile changes, data exports, and account deletion — including the action, the full IP address, and the user-agent. We use these records to operate the Service securely, detect and investigate abuse, and meet our legal obligations.
  • On mobile: a push-notification token and a randomly generated analytics identifier.

Location

  • With your permission, your device or browser's location to show you nearby events. We ask for this only when you use a "near me" feature, and you can decline or turn it off at any time in your device or browser settings.
  • An approximate location (country, region, city, and approximate coordinates and postal code) derived from your IP address — see Analytics & Tracking.
  • The default/home location you enter for distance-based recommendations.
  • For waitlist sign-ups: the area or ZIP code you submit, together with your full IP address, an IP-derived approximate location (including approximate coordinates and postal code), your browser/user-agent, the referring page, and any campaign (UTM) parameters in the link you arrived from.

Data Minimization & Sensitive Information

We collect only the information reasonably necessary to provide and improve the Service. We do not require special categories of "sensitive" personal information to use the Service, and we do not sell it or use it for targeted advertising. The one potentially sensitive category we may process is precise location — and only your device or browser geolocation, only with your permission, and only to show you nearby events. You can turn it off at any time in your device or browser settings.

How We Collect Information

  • Directly from you — when you register, build your profile, post content, message, search, or contact us.
  • Automatically — through your use of the Service (usage, device, cookies, and approximate location).
  • From third parties — from Google when you connect your Google Calendar, and event details from the public event sources we aggregate.

Cookies, Local Storage & Similar Technologies

We use a small number of first-party cookies and browser-storage keys:

  • access_token and refresh_token — secure, HttpOnly cookies (not readable by JavaScript) that keep you signed in.
  • has_session — a non-sensitive, JavaScript-readable cookie indicating whether you have an active session.
  • Browser local storage, including a random pre-signup analytics session identifier (doogo_anon_session_id) with a rolling 30-minute inactivity window and related context, a flag recording whether your analytics session has been linked to your account, and cached public configuration.
  • Our analytics provider (Amplitude) sets its own device/session identifiers in browser storage.

You can clear cookies and local storage in your browser settings; doing so may sign you out or reset preferences. We do not use third-party advertising cookies.

Analytics & Tracking

First-party analytics. We record how visitors and users interact with the Service to operate and improve it. For landing-page analytics we store only a truncated form of your IP address — for IPv4 we zero the last octet (a /24 network) and for IPv6 we keep only the first 64 bits (a /64 network) — after deriving an approximate location (country, region, city, and approximate coordinates and postal code) from the original IP using our IP-geolocation provider (see How We Share Information & Sub-Processors). We do not record street-level location.

Amplitude (product analytics). We use Amplitude on our website, signed-in web product, and mobile app to understand feature usage and key funnels. We send Amplitude random device and session identifiers, your internal account user ID after you sign in, route/screen names, event IDs, platform, authentication state, user-agent, and IP address (so Amplitude can derive approximate geolocation and device information). We do not send Amplitude your password, tokens, email, name, phone number, or free-form profile text. If you register from a browser that previously generated anonymous analytics, we associate those prior events with your new account.

Sentry (mobile error reporting). Our mobile app uses Sentry to capture crashes and errors, including diagnostic data and your internal user ID (not your email or name).

Limit Analytics. If you turn on Limit Analytics in Settings, we limit first-party analytics detail and some mobile product analytics where implemented. It does not disable all product analytics, security/audit logs, operational logs, abuse prevention, legal records, or transactional records that we need to provide, secure, maintain, and administer the Service.

How We Use Your Information

We use your information to:

  • provide, secure, and maintain the Service and your account;
  • personalize your event recommendations (see Personalization);
  • enable the social and messaging features you choose to use;
  • send transactional and, where permitted, marketing messages;
  • keep the Service safe — preventing fraud and abuse, enforcing our policies, and reviewing reported content;
  • analyze and improve the Service; and
  • comply with our legal obligations.

Messaging

If you use messaging, we store the content of your messages (text and images) and shared events so we can deliver them and let you and the recipient access your conversation history. Messages are not end-to-end encrypted; they are stored on our systems and protected by the security measures described below. You can delete a message from your own view, though it may remain visible to the other participant. Images are served through temporary, time-limited links. When you share a link in a message, we may fetch that link to generate a preview. If you report a message, we retain a copy of the reported content so we can review it for safety.

Personalization, Recommendations & Automated Profiling

We use your behavioral signals (such as the events you view, attend, bookmark, or dismiss) to rank and recommend events. We also use these signals — including events you mark as Interested or Attend, those you choose to see fewer of, and your searches — to identify and connect you with other people who share your interests. This personalization is a core function of the Service. Our recommendation engine runs on our own infrastructure. We also compute "interest tags" that describe events; those tags are generated from event text, not from your personal data.

We do not send your account data, direct messages, comments, profile data, or user uploads to any external AI provider. We do, however, use third-party AI providers and self-hosted models to process public event information — for example to summarize and analyze event text and images, generate the interest tags that describe events, and create event imagery. That processing involves only public event content and our own system event data, never your account data or the content you create. We do not make decisions about you that produce legal or similarly significant effects through solely automated means.

Communications & Marketing

Transactional messages (such as email verification, password resets, and security notifications, which may include the IP address and time of the event) are part of the Service and cannot be turned off while you have an account.

Marketing and recommendation messages (announcements, promotions, event recommendations, and reminders) are sent by email and push notification according to your preferences. You can control these in your in-app notification preferences — by category and channel, including digest frequency and quiet hours (by default, 10:00 PM to 7:00 AM) — and you can unsubscribe from marketing email using the link in every such message. As required by the U.S. CAN-SPAM Act, our marketing emails include our postal mailing address.

Push notifications require a device push token delivered through Apple's and Google's push services; you can disable push notifications in your device settings at any time.

How We Share Information & Sub-Processors

We do not sell your personal information. We share it only as described here:

  • With service providers (sub-processors) that process data on our behalf under contract — listed below.
  • For safety and legal reasons — to enforce our Terms, respond to lawful requests, or protect the rights, safety, and property of Doogo, our users, or the public.
  • In a business transfer — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
  • As aggregated or de-identified data that cannot reasonably identify you.

The sub-processors that may process your personal data are:

Sub-ProcessorPurposePersonal data involved
RenderCloud hosting, managed database and cacheAll Service data
Cloudflare R2Object storageAvatars, comment and message images
AmplitudeProduct analyticsDevice/session IDs, account user ID, IP, usage events
GoogleOptional Google Calendar sync for the dedicated Doogo-created calendarDedicated calendar ID, encrypted OAuth tokens, and the calendar entries we sync
Resend (and Postmark)Email deliveryRecipient email address and message content
Apple (APNs), Google (FCM), and ExpoPush-notification deliveryPush token, device info, notification content
SentryMobile crash and error reportingDiagnostic data and internal user ID
Grafana Cloud (Loki)Operational logging and metricsLogs that may include user IDs and IP addresses
IPLocateIP geolocation (when configured as our provider) for waitlist sign-ups and landing-page analyticsIP address
OpenStreetMap (Nominatim)Location search and autocompleteLocation text you enter

We require our sub-processors to safeguard your information and to use it only to provide services to us.

Separately, we use third-party AI providers to process public event content (not your personal information). They are not listed above because they do not receive any of your personal data — see Personalization, Recommendations & Automated Profiling.

International Data Transfers

The Service is operated from, and intended for users in, the United States. Your information is stored and processed in the United States.

Data Retention

We keep your account information for as long as your account is active. We retain other categories only as long as needed for the purposes described above or as required by law, including approximately:

  • product and usage analytics: up to 24 months;
  • security and audit logs: kept only as long as needed for security and to meet our legal obligations;
  • pre-signup anonymous landing-page sessions: about 30 days if no account is created;
  • marketing campaign records: about 13 months;
  • audience and segment snapshots: 35 to 90 days;
  • username-change history: a 30-day reservation window;
  • beta feedback records: retained after account deletion for product support, abuse-prevention, and engineering triage. We unlink the live account reference but retain feedback text, private attachments, diagnostic metadata and device IDs, attachment metadata, update history, and private GitHub export audit hashes;
  • reported direct-message snapshots: when a message is reported we keep a snapshot of the reported message together with the sender and reporter details captured at that time. We retain it as long as needed to review and act on the report and to keep a record of our safety actions. If you delete your account we unlink your account from your live data, but this safety snapshot may be retained for these purposes;
  • waitlist and consent records: as long as needed for the purpose they were collected.

When you delete your account, we remove or anonymize your identifying information; your past public contributions may remain but are attributed to a "Deleted user." Some de-identified analytics and records we are required to keep for security, audit, or legal purposes are retained for the periods above.

User data exports include non-binary beta feedback records. They exclude attachment binaries, signed URLs, R2 object keys, generated GitHub issue URLs, and raw GitHub URLs.

Data Security

We protect your information with industry-standard measures, including encryption in transit (TLS) and at rest, hashing of passwords with Argon2id, and encryption of connected-calendar tokens with AES-256-GCM. On mobile, your sign-in credentials are kept in your device's secure storage, and you may enable biometric (Face ID or fingerprint) unlock — your biometric data stays on your device and is never sent to us. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Privacy Rights and Choices

Wherever you live, you can:

  • Access / export — request a copy of your data. We prepare an export and notify you when it is ready to download.
  • Correct — edit your profile and account information in Settings.
  • Delete — delete your account and associated data at any time from Settings (see Data Retention for what deletion means).
  • Manage communications — set your notification preferences and unsubscribe from marketing email.
  • Limit location access — use device or browser settings to deny or revoke precise location permission.
  • Limit Analytics — use Settings to limit first-party analytics detail and some mobile product analytics as described in Analytics & Tracking.
  • Disconnect Google Calendar — remove the optional calendar integration from Settings.

To make a request, use your Settings page or email [email protected]. We may need to verify your identity before we act on a request. We respond to privacy requests within 45 days; where applicable law requires or permits a different response period, we will follow that law.

We do not currently sell personal information, share personal information for targeted advertising, or use personal information for targeted advertising. We also do not show ads. The Do Not Sell or Share setting records a preference we will honor if our practices change and if a privacy law that applies to us treats a new practice as a sale, sharing, or targeted advertising. If a privacy law that applies to us gives you additional rights, we will process your request as that law requires. We will not discriminate against you for exercising your privacy rights.

Children's Privacy

The Service is for adults 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us with personal information, contact [email protected] and we will delete it.

Third-Party Links & Event Sources

Doogo aggregates event listings from public sources and may link to venue, organizer, or ticketing websites. We are not responsible for the content or privacy practices of those third parties; their own policies govern your interactions with them.

Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting a notice in the Service or by email. The "Effective date" at the top reflects when the current version of this Policy takes effect.

Contact Us

For questions or requests about this Policy or your personal information:

Doogo Research, Inc. Attn: Privacy 2451 Crystal Dr, 6th Floor Arlington, VA 22202, United States Email: [email protected]

The governing law for the Service is addressed in our Terms of Service.