Privacy Policy
Last updated: April 3, 2026
The short version: Your data stays on your machine. We don't sell it, share it, or look at it. Doug works for you, not for advertisers.
1. What We Collect
When you create an account, we collect:
- Name — so Doug knows what to call you
- Email — for login, password resets, and important updates
- Password — stored as a one-way hash, we can't read it
- Plan type — so we know which features to unlock
That's it. No phone numbers, no addresses, no social security numbers, no tracking cookies following you around the internet.
2. What We Don't Collect
- Your conversations with Doug
- Your documents, notes, or files
- Your browsing history
- Your location
- Anything from your camera or microphone
- Your contacts, calendar, or emails
Doug's AI runs on your machine. When you talk to Doug, that conversation stays between you and your computer. It never touches our servers.
2b. No AI Training on Your Data
We do not use your conversations, documents, files, or any other data to train, fine-tune, or improve AI models. Your data is never fed into any machine learning pipeline. Doug's AI runs locally on your hardware using open-source models. Your information is yours alone.
3. How We Use What We Collect
- Authentication — logging you in
- Service delivery — knowing your plan so Doug works correctly
- Communication — password resets, security alerts, major updates
- Support — if you contact us, we use your info to help you
We do not use your information for advertising. We do not sell your information to anyone. Ever.
4. Payment Information
Payments are processed through Stripe. We never see or store your full credit card number. Stripe handles all payment security. Their privacy policy applies to payment data.
5. Where Your Data Lives
- Your machine: All Doug data — conversations, files, AI models, tools — stays on your hardware.
- Our server: Only account info (name, email, hashed password, plan type, learning progress).
- Nowhere else.
6. Who Sees Your Data
Nobody outside of Doug OS operations. We don't share data with third parties except:
- Stripe — for payment processing
- Law enforcement — only if legally required with a valid court order
7. Data Retention
Your account data stays active as long as your subscription is active. If you cancel:
- You can export your data anytime before deletion
- We delete your account data within 30 days
- Data on your machine is yours — we can't touch it
8. Security
- Passwords hashed with bcrypt (12 rounds)
- JWT tokens with expiration
- Rate limiting on all auth endpoints
- HTTPS in production
- No data stored in plain text
9. Your Rights
You can:
- Access all data we have on you
- Update or correct your information
- Delete your account entirely
- Export your data
- Opt out of non-essential emails
10. Children
Doug OS is not designed for children under 13. We don't knowingly collect data from minors.
11. Changes
If we change this policy, we'll email you and update this page. No surprise changes.
12. Contact
Privacy questions? Contact support or email us directly.