Doist Privacy Policy

Last modified May 17, 2023 with an effective date of June 17, 2023

This privacy policy ("Policy") informs you of our practices when handling your Information through the Services (both as defined below). In this Policy, "Doist," "we," "our" or "us" refers to Doist Inc., a company registered in Delaware with its registered address located at 251 Little Falls Drive, Wilmington, DE 19808. When you are using Doist Services in your personal capacity, we are the data controller under the applicable privacy laws, and this Policy applies.

When you are using Doist Services as a member of an organization that is a customer of Doist (for example, when accessing a Todoist for teams workspace that relates to your employer if that employer is a Doist customer), we are a data processor under the applicable privacy laws, and that organization is the data controller. In those circumstances, your organization's privacy policy applies, and you should refer to its privacy policy for information about its privacy practices. For clarity, we are not responsible for the privacy practices of third parties. Please be aware that this Policy does not apply to your activities or any Information that you disclose to your organization, when that organization is the data controller.

For the purpose of this Policy, "Information" means any information relating to an identified or identifiable individual. This includes information you provide or generated when you use: (a) our apps, including Todoist and Twist (each an "App" and collectively the "Apps"); and (b) doist.com and any other dedicated Doist websites, such as todoist.com and twist.com which link to this policy ("Website" and together with the "Apps" the "Services"). When you use the Services, you accept and understand we collect, process, use and store your Information as described in this Policy. If you do not agree with this Policy, you must not use any of the Services. If you change your mind in the future, you must stop using the Services and you may exercise your rights in relation to your Information as set out in this Policy.

1. Information we collect

We will collect and use the following Information about you:

  • Information you provide to us

    • Registration information: for example, when you create an account on the Website, you will be asked to provide your name, job title, email, VAT ID and a password. For paid services, including Todoist's Pro and Business plans, or Twist Unlimited, we also collect your billing address, transaction information, tax identification number, Stripe identification number, and invoice address ("Payment Information").

    • Information collected via voluntary activities: for example, when you communicate with us via email, or participate in surveys, we ask you to provide your email address and any Information you choose to provide to allow us to assist you. The Information we collect from you varies depending on the survey, but we typically ask you questions about your interests and habits, your opinion about different products and services and what you'd like to be offered in the future. We also collect your ratings, opinions, preferences, questions, pictures, and responses associated with that survey.

    • Careers. If you decide to apply for a job with us, you may submit your contact information and your resume online. We will collect the Information you choose to provide us as part of your job application, such as your contact information, current employment information, and other information you choose to submit with your application and on your resume. We are using a third-party platform, Workable, to help us store and process the job applications that we receive.

  • Information we automatically collect or is generated about you when you use the Services

    • Identifiers, such as your IP address, device ID, and device information (such as model, brand and operating system).

    • Geolocation information, such as your GPS information when you use the location reminder feature of the Services. Where required, we will obtain your consent prior to collecting such Information.

    • Cookies: we use cookies and other similar technologies ("Cookies") to enhance your experience when using the Services. For more information about our Cookies policy, see below How We Use Cookies and Similar Technologies section.

    • Information you generate when using the Services: You may provide Information as part of your use of the Services, including any Information you provide when sending messages through the Services. Also, if you choose to share and collaborate on a task with your co-workers or friends, we will collect the email address of your co-workers or friends.

      Please make sure you have permission from your co-workers or friends before sharing Information referring to your co-workers or friends with us. Additionally, for the use of Twist or Twist Unlimited, please make sure you have all permissions and rights to upload the Information required on Twist.

  • Information regarding your use of the Services, such as app use information, interactions with our team, and transaction records.

  • Information received from third parties.

    • Information we receive from third party platforms: when you register through a third party account (such as Facebook or Google) or when you connect other apps to our Services (such as Slack and Dropbox), we receive Information which may include your username, email address, and profile picture.

    • Information from platforms our Services relies on, such as for transaction information and payment verification.

Children

Our Services are not targeted at children, and we do not knowingly collect Information from children under the age of 13. If you learn that a child has provided us with Information in violation of this Policy, please contact us as indicated below.

2. How we use your personal Information

We use your Information to: Provide you with the Services. We will use your Information to perform our contractual obligation towards you to allow you to create an account and use the Services. The Information we process when doing so includes your registration information, Information you provide to us when using the Services, identifiers, Information you generate when using the Services, and Information regarding your use of the Services such as transaction information. We also use your Information when you activate certain features of the Services, such as your Geolocation information when you use the location reminder feature. If you are a user of Todoist's paid plans or Twist Unlimited, we will use your Payment Information for payment processing purposes as well as sales tax collection and reporting as required by law.

  • Improve and monitor the Services. It is in our legitimate interests to improve our Services for our customers. When doing so, we may collect Information we automatically collect or is generated about you when you use the Services, as well as non-personal Information about your device such as device manufacturer, model and operating system, and the amount of free space on your device.

  • Provide you with support and to respond to your requests or complaints. If you reach out to us for support, we will use your Information to respond to and resolve your queries and complaints and facilitate support (e.g. retrieval of a forgotten password). When doing so, we perform our contractual obligation towards you. The Information we process when doing so includes your registration information, your identifiers, and any other information about you collected via our customer support channels.

  • Conduct analytics. It is in our legitimate interests to analyse the use of, and any other interaction or interest in our Services. When doing so we will process Information we automatically collect or is generated about you when you use the Services to create anonymised and aggregated data regarding your App usage.

  • Process your job application. It is in our legitimate interest to process the Information that you choose to submit when you apply for a job with us.

  • Send you newsletters about product news, tips and tricks, daily productivity reports that may be of interest to you. We will send you emails with daily reports, newsletters with product news, and tips and tricks to use our Services. When doing so, we process your registration information. Your consent can be withdrawn at any time by following the unsubscribe mechanism at the bottom of each communication, or by visiting todoist.com/unsubscribe or twist.com/unsubscribe, as applicable.

  • Prevent fraud, defend Doist against legal claims or disputes, enforce our terms and to comply with our legal obligations. It is in our legitimate interest to protect our interests by (1) monitoring the use of the Services to detect fraud or any other user behaviour which prejudices the integrity of our Services, (2) taking steps to remedy aforementioned fraud and behaviour, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will process the Information relevant in such a case, including Information you provide us, Information we automatically collect about you, and Information which is provided to us by third parties.

  • Conduct surveys and Interviews. From time to time, we may ask you to participate in surveys and Interviews we conduct which are in our legitimate interest because they help us understand our userbase and improve the Services. If you participate, we process your registration information and any other Information collected through the survey questions.

3. How we use cookies and similar technologies

Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. They contain information that is transferred to your computer's hard drive.

Our Services uses Cookies to collect information about your browsing activities and to distinguish you from other users of our Services. This aids your experience when you use our Services and also allows us to improve the functionality of our Services.

We use the following cookies:

  • Strictly necessary cookies: Some cookies are strictly necessary to make our Services available to you; for example, to perform your login functionality and for user authentication and security. We cannot provide you with the Services without this type of cookies.

  • Functional cookies: These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

  • Analytical and advertising cookies. We also use cookies for analytics purposes and advertising in order to operate, maintain, and improve our Services. We use third party analytics providers, including Google Analytics, to help us understand how users engage with the Services. Google Analytics uses first-party cookies to track user interactions which helps show how users use our Services. This information is used to compile reports and to help us improve our Services. The reports disclose Website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our Website by going to https://tools.google.com/dlpage/gaoptout or via Google's Ads settings.

    We use the following analytical and advertising cookies:

    CookiePurposeRetention
    Google AnalyticsAnalyzing website traffic and user behavior90 days
    DatadogMonitoring web performance and user experienceSession based
    StripeHandling payments and pricing/upgrade pageSession based
    ZendeskLoading images and providing support on Help CenterSession based
    YouTubeDisplaying videos on Help Center pagesVaries
    CloudinaryLoading and optimizing imagesSession based
    SprigUser behaviour and in-app surveySession based

You can block cookies by setting your internet browser to block some or all cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to use our Services.

Except for essential cookies, all cookies will expire after maximum 2 years.

4. Who we share your personal Information with

We share your Information with selected third parties, including:

  • Other users who will see your profile information and any other information you choose to share with them through the Services.

  • Vendors and service providers we rely on for the provision of the Services, for example:

  • Cloud service providers who we rely on for data storage, including Microsoft Azure and Amazon Web Services who are based in the U.S.; OpenAI, and Google Cloud.

  • Customer support solution providers, who help us manage and respond to our customer questions and complaints. This includes Zendesk Inc., which is based in the U.S. and which hosts our customer support function; and

  • Analytics providers. We work with a number of analytics, segmentation and mobile measurement service providers who help us understand our userbase. This includes Google LLC, which is based in the U.S. You can learn about Google's practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

  • Third Parties Service Integrations. When you connect third party apps to the Apps, you authorize us to share designated Information and data created and/or uploaded by you to our server with these third party services of your choice on your behalf.

  • Communications platform providers, who help us manage and send newsletters to you in relation to the Services. This includes SendGrid, Mailgun and MailChimp which are based in the U.S.

  • Payment processors, such as Stripe . This payment processor is responsible for the processing of your Information, and may use your Information for their own purposes in accordance with their privacy policies. More information is available at https://stripe.com/gb/privacy for Stripe.

  • Law enforcement agencies, public authorities or other judicial bodies and organisations. We disclose Information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection).

  • Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your Information as part of that transaction.

Although we have in place security measures to maintain the privacy and integrity of your Information, the transmission of Information via the internet is not completely secure. We may also take extra steps to protect your Information and minimise the Information we process. For example, when we store your Information, we use AES 256 encryption, and when we send or receive your Information, it is encrypted with TLS 1.1 or above. Additionally, we are not responsible for how third-party integration services may collect, use or share the Information you send from the Apps. Please review the privacy policy of such third-party integration partners before connecting those services to the Apps.

If you join a Todoist for teams workspace relating to organization that is a customer of Doist (for example, when joining a Todoist for teams workspace that relates to your employer if that employer is a Doist customer), we share Information about you with the organization and other users who belong to that organization. For example, we share your name and other basic account information. Your organization is the data controller of Information in its workspace; please see your organization's privacy policy for information about its privacy practices.

5. Where we store your Information

Your Information will be processed by our employees and service providers in the U.S. If you choose to use our Services from the European Economic Area ("EEA"), the United Kingdom ("UK") or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Information outside of those regions to the U.S. for storage and processing. We may transfer Information from the EEA or the UK to the U.S. and other third countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses, or otherwise in accordance with applicable data protection laws. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Services. You can contact us as detailed below if you want more information about our data transfer practices.

6. How long we store your Information

Your Information is kept for as long as necessary to achieve the purposes set out above. When we process Information for our own purposes, we determine the retention period taking into account various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on the Services we provide to you if we delete some Information from or about you, and mandatory retention periods provided by law and the statute of limitations. Generally, we also delete your Information following a valid erasure request (see below Your Rights: Erasure section). Some Information we collect will be stored for longer where we have an overriding legitimate interest to retain such Information (for example, Information on suspicious behaviour of certain users of our Services and transaction records).

When deleting Information, we will take measures to make the Information irrecoverable or irreproducible, and electronic files which contain Information will be deleted permanently.

7. Your rights

If you are based in the EEA or the UK, you have certain rights in relation to your Information. You will find more information below on when which rights can apply. To exercise your rights, please contact us at https://todoist.com/contact. Before fulfilling your request, we may ask you to provide reasonable Information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain Information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

Please note that payment information and integrations are not available via our API. In the case you want to obtain this information, please contact customer service at https://todoist.com/contact or https://twist.com/contact, (depending on which Doist Service product you are using). The right to access is not absolute. For example, we cannot reveal trade secrets, or give you Information about other individuals.

  • Erasure. You have the right to delete your account and erase your Information and upon deleting your account, all your Information will be removed from our production systems. Usually, only an encrypted copy of your Information will remain on our backup archives for 90 days, although we reserve the right to retain some of your Information where there are valid grounds for us to do so under data protection laws. For example, for the defence of legal claims, respect freedom of expression, or where we have an overriding legitimate interest to do so.

    Note that where the Information is held by a third party data controller, such as a payment processor, we will use reasonable steps to inform them of your request, but we recommend you contact them directly in accordance with their own privacy policies to ensure your personal data is erased.

  • Objection. You may have the right to object to our processing of you Information. This is the case where we process such Information on the basis of our legitimate interests (see above under How we use your personal information section), or where the Information is used for direct marketing purposes. You may exercise this right as follows:

  • To stop receiving marketing newsletters: You may withdraw your consent through the unsubscribe mechanism at the bottom of each communication.

  • To stop our cookies being placed for either advertising or analytics purposes: please change your device or browser settings.

  • To object to all other processing based on our legitimate interests, please contact us at https://todoist.com/contact. Please note that we may have an overriding legitimate interest to keep processing your Information, but we will let you know where this is the case.

Other rights

You also have the following rights:

  • Portability. You have the right to receive a copy of Information we process on the basis of consent or contract in a structured, commonly used and machine-readable format, or to request that such Information is transferred to a third party.

  • Correction. You have the right to correct any Information held about you that is inaccurate.

  • Restriction. You have a right in certain circumstances to stop us processing Information other than for storage purposes.

  • You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work or where an incident took place.

8. Contact & complaints

We welcome questions, comments and requests regarding this Policy. For additional details and frequently asked questions about our policies, please read our Security, Privacy and GDPR FAQs.

If you wish to make a complaint about how we process your Information, please contact us at https://todoist.com/contact and we will endeavour to deal with your complaint as soon as possible. You can also send an email to us at privacy@doist.com. Alternatively, if you are based in the EEA or the UK, you can send an email to our EU representative, DataRep at doist@datarep.com or by filling out this form.

9. Changes

If we make any material changes to this Policy, we will post the updated Policy here and notify our users through the Services and/or newsletters. Please check this page frequently to see any updates or changes to this Policy.