Privacy policy

v2.1.0

October 18, 2025

Last updated: 2025-10-18

At CatDoes, one of our main priorities is the privacy of our visitors. This Privacy Policy explains what information we collect and how we use it. If you have questions, contact us at [email protected].

This Privacy Policy applies only to our online activities and is valid for visitors to our websites located at https://catdoes.com and all of its subdomains (e.g., https://app.catdoes.com) (collectively, the “Sites”). This policy does not apply to any information collected offline or via channels other than the Sites.

Consent

  • By using the Sites, you hereby consent to our Privacy Policy and agree to its terms.

  • In regions where required (e.g., EEA/UK), we obtain your consent for non-essential cookies and similar technologies via our cookie banner (powered by CookieYes).

Information We Collect

  • Information you provide: When you contact us or register for an account, we may collect your name, company name, email address, address, and any other information you choose to provide (e.g., support messages and attachments).

  • Technical and usage data: When you use our Sites, we may collect device and usage information such as IP address, browser type, operating system, language, referring/exit URLs, pages viewed, links clicked, session duration, and other diagnostic data.

  • Analytics and crash reporting (PostHog): With your consent (where required), we collect product analytics and crash diagnostics to understand how the Sites are used and to improve performance and reliability.

  • Session replay (PostHog): With your consent (where required), we may record sessions to help us debug issues and improve UX. Session replays can include mouse movements, clicks, scrolls, viewport size, and snapshots of page content. We configure our tools to avoid capturing sensitive input values and use masking where appropriate (e.g., we avoid collecting input values and mark sensitive elements to be excluded).

  • Authentication data (Supabase): If you sign up or sign in, our authentication provider processes data needed to authenticate and keep your account secure (e.g., essential cookies or browser storage tokens).

  • Minimal preference data: We may store non-personal site preferences locally in your browser (e.g., UI state like sidebar open/closed).

How We Use Your Information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain the Sites.

  • Improve, personalize, and expand the Sites and develop new features

  • Understand and analyze how you use the Sites (aggregate analytics)

  • Debug issues, monitor performance, and prevent fraud and abuse

  • Communicate with you (support, updates, and—where permitted—marketing)

  • Send you emails

  • Comply with legal obligations and enforce our terms

Log Files

We use standard log files (as part of hosting and security analytics). The information may include IP addresses, browser type, ISP, date/time stamps, and referring/exit pages. We use this information to analyze trends, administer the Sites, and ensure security.

Cookies and Similar Technologies

We design our services to minimize tracking and give you meaningful control.

  • Consent Management (CookieYes)

    • We use CookieYes to display the cookie banner, block non-essential cookies until consent, and remember your choices.

    • CookieYes may set essential cookies/local storage entries to store your consent and category preferences. Typical cookie names include: cookieyes-consent, cookieyesID, cky-consent, cky-active-check, cookieyes-necessary, cookieyes-functional, cookieyes-analytics, cookieyes-advertisement, cookieyes-other (durations typically up to 1 year). Actual names/retention may vary as CookieYes updates its service.

  • Analytics, Crash Reporting, and Session Replay (PostHog)

    • We use PostHog to understand product usage, capture crash/exception data, and (if enabled) session replay to help us debug issues and improve UX.

    • When enabled by your consent, PostHog sets a first-party cookie named ph_<project_api_key>_posthog to assign a unique identifier and maintain session continuity. No third‑party cookies are used, and we do not use analytics for cross-site tracking or advertising.

    • If you decline analytics cookies via the banner (or where required by law), we prevent PostHog cookies and disable session replay. In some cases we may operate cookieless analytics (reduced fidelity, no replay) to respect your choice.

    • We configure PostHog to avoid collecting sensitive input values by default and to apply masking where appropriate.

  • Authentication (Supabase)

    • If you create an account or sign in, our authentication provider (Supabase) may set essential cookies and/or use browser storage to keep you signed in securely and prevent fraud. These are required for core functionality.

  • Site Preferences (local storage)

    • We store certain preferences in your browser—such as UI state (e.g., whether the sidebar is open)—using local storage or similar technologies.

Your choices

  • Cookie banner: Use the Cookie banner that's shown when the Site loads to accept or reject cookies.

  • Browser controls: Most browsers let you block or delete cookies and clear local storage.

  • Global Privacy Control (GPC): We honor the Global Privacy Control signal where applicable. If your browser sends a GPC signal, we treat it as a valid opt‑out for non‑essential cookies (e.g., analytics/replay) and for “sale”/“sharing” under applicable laws.

Advertising

We do not display third-party advertisements and we do not use ad networks or ad-tech (e.g., interest-based advertising, retargeting pixels). We also do not sell or share personal information for cross-context behavioral advertising.

Service Providers (Processors)

We use service providers to help us operate the Sites and deliver features. These include:

  • CookieYes (consent management and cookie banner)

  • PostHog (product analytics, session replay, crash reporting)

  • Supabase (authentication)

  • Cloudflare and/or Framer (infrastructure and privacy‑friendly site analytics)

  • These providers process data on our behalf under appropriate data protection agreements.

International Data Transfers

Our service providers may process data in the EU, the UK, and/or the United States. Where personal data is transferred internationally, we rely on appropriate safeguards (e.g., Standard Contractual Clauses or equivalent).

Data Retention

  • Account and support records: retained as long as your account is active or as needed to provide services and meet legal obligations.

  • Analytics events: retained for a limited period appropriate for analysis and troubleshooting (e.g., up to 12 months); we may retain aggregated, non‑identifiable statistics longer.

  • Session replays: retained for a shorter window appropriate for debugging (e.g., 30–90 days).

We will update this Privacy Policy if our retention periods materially change.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, California consumers have the right to:

  • Know the categories and specific pieces of personal data a business has collected about them.

  • Delete personal information (subject to exceptions)

  • Correct inaccurate information

  • Opt out of sale or sharing of personal information (we do not sell personal information; we also do not “share” for cross‑context behavioral advertising)

  • Limit the use and disclosure of sensitive personal information (we do not use sensitive personal information to infer characteristics)

Response time: We will respond to verifiable consumer requests within 45 days of receipt (with a possible 45‑day extension, if reasonably necessary). To exercise your rights, contact us at [email protected] or use the “Cookie Settings” and/or “Do Not Sell or Share My Personal Information” options where available. We honor Global Privacy Control signals as a valid opt‑out request.

GDPR Data Protection Rights

If you are in the EEA/UK, you have the right to:

  • Access: Request copies of your personal data

  • Rectification: Request corrections to inaccurate or incomplete data

  • Erasure: Request deletion of your personal data (subject to conditions)

  • Restrict processing: Request we limit processing (subject to conditions)

  • Object: Object to processing (e.g., direct marketing or certain analytics)

  • Data portability: Request a copy of your data in a commonly used format

We will respond within one month. Where our processing relies on consent (e.g., non‑essential cookies/analytics/replay in the EEA/UK), you can withdraw consent at any time via “Cookie Settings.”

Children’s Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their children’s online activity.

CatDoes does not knowingly collect any personally identifiable information from children under the age of 13. If you believe your child provided such information on our website, please contact us immediately and we will use our best efforts to promptly remove that information from our records.

Contact: [email protected]