1. Introduction
Dovee AI ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service at dovee.ai or any associated mobile application.
We understand that you share deeply personal information with Dovee — information about your relationships, emotions, and private life. We treat this with the highest level of care and confidentiality.
2. Information We Collect
2a. Information You Provide Directly
- Account information: Name, email address, date of birth, password (hashed)
- Profile information: Relationship status, partner connection, communication preferences, relationship goals, anniversary or wedding dates
- Conversation content: Voice recordings, text inputs, session transcripts, images you upload, and any content you share with Dovee
- Sensitive personal data: Information you choose to share about your emotional state, mental wellbeing, sexual preferences, religious or philosophical beliefs, or other special-category data (processed only with your explicit consent — see Section 4)
- Feedback: Ratings, responses, and voluntary feedback you submit
2b. Information Collected Automatically
- Usage data: Pages visited, features used, session duration, click patterns, voice minutes consumed
- Device information: Device type, operating system, browser type, IP address, device identifiers
- Log data: Access times, error logs, referring URLs
- Cookies and similar technologies: See our Cookie Policy and Section 7 below
2c. Information from Third Parties
- Payment processors: We use Stripe to process payments. Stripe collects billing information directly. We do not store full payment card details.
- Authentication providers: If you sign up via Apple, Google, or another OAuth provider, we receive basic profile information from that provider.
- Analytics providers: Aggregated, anonymized usage analytics
3. How We Use Your Information
We use your information for the following purposes, on the legal bases described below for EU/UK users:
| Purpose | Legal Basis (EU/UK) |
|---|---|
| Provide the Service — process voice and text interactions with Dovee AI, deliver coaching responses, save your sessions | Contractual necessity |
| Personalize your experience — tailor coaching insights based on your history | Contractual necessity |
| Detect crisis indicators (self-harm, domestic violence) and route to human resources | Vital interests; legitimate interests |
| Process sensitive personal data shared in conversations (Art. 9 GDPR special categories) | Explicit consent |
| Detect and prevent fraud, abuse, and security incidents | Legitimate interests; legal obligation |
| Bill subscriptions and process payments | Contractual necessity; legal obligation |
| Send service notifications (account, billing, security) | Contractual necessity |
| Send marketing communications and product updates | Consent (you may withdraw at any time) |
| Improve safety, accuracy, and quality of the Service through aggregated analytics | Legitimate interests |
| Comply with legal obligations and respond to lawful requests | Legal obligation |
4. Sensitive Personal Information & Voice Recordings
Conversations with Dovee may contain sensitive personal information — relationships, mental health, sexual preferences, religious or philosophical beliefs. Under GDPR Article 9, CCPA, and similar laws, this is special category / sensitive personal data.
4a. Explicit Consent
By using Dovee, you provide your explicit consent to our processing of any sensitive personal information you choose to share with the Service for the purpose of providing AI-powered relationship coaching. You may withdraw this consent at any time by deleting your account or contacting hello@dovee.ai. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
4b. Voice Recordings & Biometric Data
How voice flows through Dovee: Your microphone audio is streamed directly from your device to our speech-to-text provider (Deepgram), transcribed to text, and the audio is then discarded. We do not store the raw audio waveform. Only the resulting text transcript is retained, and only for the period stated in Section 8. The audio is never sent to any vector database, never used for biometric identification, and never sold or shared for advertising.
4c. Protections We Apply
- Conversation data is encrypted in transit (TLS) and at rest (AES-256)
- Access to conversation data is strictly limited to authorized personnel under role-based access controls
- Conversation data is never used to serve targeted advertising
- You may request deletion of your conversation history at any time (Section 8)
5. AI Training & Automated Decision-Making
5a. AI Training
Dovee uses third-party large language models (LLMs) — currently OpenAI GPT-4o and Anthropic Claude — and Deepgram's speech recognition models to power its coaching responses. These third-party providers operate under contractual data-processing agreements that prohibit them from training their models on your content.
- We do not use your individual conversations to train third-party LLMs. Our agreements with OpenAI, Anthropic, and Deepgram opt out of model training on customer data.
- We may use aggregated, de-identified conversation patterns to improve our internal prompt design, safety classifiers, and coaching quality. This processing cannot reasonably be linked back to you.
- You may opt out of having any of your data — even de-identified — used for service improvement by emailing hello@dovee.ai.
5b. Automated Decision-Making (GDPR Art. 22)
Dovee uses automated processing to generate personalized coaching responses, surface insights, and recommend actions. These outputs are not legally significant decisions about you (no credit decisions, employment, eligibility, etc.). However, you have the right to request human review of any significant automated output, to contest any automated output, and to express your point of view. Contact hello@dovee.ai.
6. How We Share Your Information
We do not sell your personal data. We share information only in the following limited circumstances:
| Recipient | Purpose |
|---|---|
| Sub-processors (AI, infrastructure) | To process voice, text, and session data — see our full Sub-Processors page |
| Payment processors (Stripe) | To handle subscription billing securely |
| Authentication providers | To verify identity at sign-in (Supabase, Apple, Google) |
| Analytics providers | Anonymized, aggregated usage data only |
| Your partner | Only with your explicit consent — see Section 7 (Couples & Joint Data) |
| Legal authorities | When required by law, court order, or to protect safety |
| Business successors | In the event of a merger, acquisition, or sale of assets (we will notify you) |
All sub-processors are bound by data processing agreements requiring confidentiality, security, and limited-purpose use. The complete current list of sub-processors is published at dovee.ai/subprocessors and updated whenever we add or remove a sub-processor.
7. Couples & Joint Data
Dovee is built for couples, but each partner has a private space. We treat each partner's personal data with strict separation:
- Private by default: Your conversations, desires, and reflections are visible only to you. Your partner cannot read your sessions or see your private notes without your explicit, granular consent.
- Shared insights are opt-in: Some features (such as Pulse comparisons or shared insights) require explicit opt-in from both partners. We will never share content from one partner to the other without consent.
- Mentions of your partner: If you mention your partner in your private conversations with Dovee, that content remains private to you. Dovee will not relay it to your partner unless you choose to share via an explicit feature.
- Disclosure approach for desires: The Desires feature lets you mark how (or whether) Dovee may surface a desire to your partner — direct, subtle, or secret. We honor your chosen disclosure setting at all times.
- Account deletion: If you delete your account, your private content is deleted. Aggregated couple-level metrics (such as Pulse scores) that depend on both partners may be retained in your partner's account but are not linked back to you personally.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Conversation transcripts (text) | 12 months (or until you delete them) |
| Voice recordings (raw audio) | Not retained — discarded after speech-to-text conversion (typically within seconds) |
| Voice transcriptions | 12 months (or until you delete them) — same as text transcripts |
| Image uploads | 30 days after upload, then automatically deleted |
| Usage/analytics data | 24 months (anonymized after 90 days) |
| Payment records | 7 years (legal requirement for tax and accounting) |
| Backup copies | Up to 90 days after deletion of primary data |
You may request earlier deletion of your data at any time (Section 9). Some data may be retained longer where required by law or to defend legal claims.
9. Cookies
We use a small number of cookies and similar technologies. For full details, see our Cookie Policy.
- Strictly necessary: Authentication, session management, security — always on, no consent required
- Functional: Remember your preferences and settings — opt-in
- Analytics: Aggregated usage measurement — opt-in via cookie banner
We do not use cookies for cross-site behavioral advertising. You may control cookies through our cookie banner (shown on first visit) or via your browser settings.
10. Your Rights and Choices
Depending on your location, you may have the following rights under GDPR (EU/UK), CCPA/CPRA (California), and other laws:
- Right to access: Request a copy of the personal data we hold about you, including categories, sources, purposes, and recipients
- Right to correct: Request correction of inaccurate or incomplete data
- Right to delete (right to be forgotten): Request deletion of your account and personal data
- Right to data portability: Request your data in a structured, commonly used, machine-readable format
- Right to restrict processing: Ask us to limit how we use your data
- Right to object: Object to processing based on legitimate interests, including profiling
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time
- Right to opt out of sale or sharing: California residents may opt out of any sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. See our Do Not Sell or Share My Personal Information notice for the formal opt-out form.
- Right to limit use of sensitive personal information: California residents may direct us to limit use of sensitive personal information to what is necessary to perform the service
- Right to non-discrimination: We will not discriminate against you for exercising any of these rights
- Right to lodge a complaint: EU/UK users may complain to their local data protection authority
- Conversation deletion: Delete individual conversation sessions directly in the app
How to exercise these rights
Email us at hello@dovee.ai with your request. We will verify your identity and respond within 30 days (or 45 days where permitted by law for complex requests). You may also designate an authorized agent to make a request on your behalf — the agent must provide signed written permission and we will verify the request directly with you where required by law.
CCPA metrics (annual disclosure)
In the prior 12 months, Dovee received fewer than 100 CCPA requests. Updated metrics are published annually at dovee.ai/privacy.
11. Children's Privacy
The Service is not directed to children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that a child under 18 has provided personal information, we will delete it immediately and terminate the account. If you believe a minor has used the Service, contact us at hello@dovee.ai. We comply with COPPA and the FTC's guidance on services that exclude minors.
12. International Users & Data Transfers
Dovee AI is operated from the United States. If you are accessing the Service from outside the US — including from the European Union, United Kingdom, Switzerland, or Canada — please be aware that your information may be transferred to, stored, and processed in the United States and other jurisdictions where our sub-processors operate.
Transfer mechanisms (EU/UK/Swiss residents)
For transfers of personal data from the EU, UK, or Switzerland to the United States or other third countries, we rely on the following safeguards:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
- UK International Data Transfer Addendum for transfers from the UK
- EU-U.S. Data Privacy Framework where the recipient is certified
- Supplementary technical and organizational measures including encryption in transit and at rest
You may request a copy of the SCCs we use by contacting hello@dovee.ai.
EU representative
Where required by Article 27 of the GDPR, our EU representative can be contacted at hello@dovee.ai.
13. Security
We implement industry-standard technical and organizational security measures including:
- TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls and least-privilege access
- Regular security reviews and dependency monitoring
- Audit logging of access to sensitive data
- Multi-factor authentication for administrative accounts
No system is 100% secure. In the event of a personal data breach affecting your rights, we will notify the relevant supervisory authorities and affected users without undue delay and within 72 hours where required by law.
14. Notice of Financial Incentive
We do not currently offer any financial incentive (e.g., discounts) in exchange for the collection, sale, or retention of personal information. If we begin offering such incentives, we will update this notice and obtain your opt-in consent as required by CCPA.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on the Service at least 14 days before the change takes effect. For non-material changes (typo corrections, contact updates), we will update the "Last Updated" date at the top of this policy. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
16. Contact Us
Dovee AI — Privacy Team
Email: hello@dovee.ai
EU Representative: hello@dovee.ai
Website: dovee.ai
Social: @doveeaiapp
Related: Cookie Policy · Sub-Processors · Acceptable Use Policy · Terms of Service