Privacy Policy

Last updated: April 16, 2026

1. Who we are

Doyna is operated by Summise SRL, a company registered in Cluj-Napoca, Romania. Contact: [email protected].

2. What data we collect

On this marketing website (doyna.ai):

  • Contact form submissions: name, email, company, team size, deployment preference, and message. Sent via Cloudflare Worker to [email protected] through Resend.
  • localStorage preferences: theme (dark/light) and language (en/ro). No cookies are set for tracking.
  • Cloudflare Analytics: Cloudflare collects anonymized, aggregated traffic data (requests, page views, countries). No individual IPs, emails, or identities are stored or displayed. The “Live from Cloudflare” section on our homepage shows these aggregated numbers.

In the Doyna mobile app (iOS and Android):

  • OAuth identity: when you sign in with Microsoft or Google, we receive your email address, display name, OAuth subject identifier, identity provider, and organization role from the provider. Your provider password is never seen by Doyna — authentication happens entirely on Microsoft's or Google's login page.
  • Mailbox content: on your behalf, Doyna reads message subject, sender, recipients, body, conversation metadata, and attachments from your connected mailbox so you can use them in the app. We do not copy your mailbox into a separate database; we cache only what is needed to render the screens you visit.
  • Calendar events: event title, start/end time, location, conference link, and the email addresses of attendees, so we can show your calendar and accept RSVPs on your behalf.
  • Photos and files you attach: when you tap the photo or document picker in Compose, the file you select is uploaded to your Doyna tenant and forwarded as an attachment via your connected mailbox.
  • AI conversations: your typed prompts, the conversation context, and any files you explicitly attach to the AI feature.
  • Device information: your timezone (auto-read from the device). No advertising IDs, no IDFA / GAID, no precise location.
  • Local storage on your device: your session token in iOS Keychain / Android Keystore (encrypted at rest by the OS), and theme / swipe preferences in regular app storage.

In the Doyna product more broadly:

  • Email content, documents, meeting transcripts, and CRM data you explicitly connect.
  • AI query history and generated documents.
  • All data stays in your tenant (cloud: single-tenant EU instance; self-hosted: your infrastructure).

2a. AI inference providers

The Doyna AI assistant supports three inference modes. Which one is active for you depends on how your tenant is configured by your administrator:

  • OpenAI (United States): AI prompts, conversation context, and any files you attach to the AI feature are sent to OpenAI for inference. We run with OpenAI's API “no training” setting; OpenAI does not train models on this data.
  • Anthropic (United States): same flow as above, with Anthropic's Claude models. We run under Anthropic's commercial API terms; Anthropic does not train models on this data.
  • Self-hosted on-prem LLM: if your tenant is configured for self-hosted inference, AI data never leaves your infrastructure and no third-party AI provider is used.

Customer administrators can pick a single mode for the whole tenant. We do not silently fall back between providers. The active subprocessor list for your tenant is documented in our Subprocessors page.

3. What we do NOT do

  • We never train AI models on your data. Not ours, not a third party's, not a vendor's.
  • We never share data across customers. Single-tenant architecture means your data is isolated.
  • We never sell data to advertisers, data brokers, or anyone else.
  • We do not use Google Analytics, Facebook Pixel, or any third-party tracking on this website.

4. How we process contact form data

When you submit the contact form, your data is:

  1. Sent from your browser to our Cloudflare Worker (doyna-contact).
  2. Forwarded via Resend (transactional email API, EU region) to [email protected].
  3. Stored in our Google Workspace inbox until we reply and/or delete it.

We respond within one business day. If you want your contact data deleted, email us and we'll remove it immediately.

5. Cookies and localStorage

This website uses zero tracking cookies. We store two values in your browser's localStorage:

  • doyna.theme — your preferred theme (dark/light)
  • doyna.lang — your preferred language (en/ro)
  • doyna.cookies — whether you accepted or declined the cookie notice

Cloudflare may set its own technical cookies for CDN and security purposes. These are first-party, functional, and not used for tracking.

6. Your rights under GDPR

As an EU resident, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Lodge a complaint with the Romanian DPA (ANSPDCP)

To exercise any of these rights, email [email protected].

7. Data retention

Contact form submissions: retained until we respond, then deleted within 90 days unless a business relationship begins. Product data (for customers): retained for the duration of your subscription. On cancellation, all data is deleted within 60 days (cloud) or immediately (self-hosted, since it's your infrastructure).

8. Deleting your account

You can delete your Doyna account and all associated data at any time. From the mobile app: Settings → Delete Account. From the web, or if you no longer have the app installed: doyna.ai/delete-account. We complete the deletion within 30 days; backups purge on the standard 90-day rotation.

9. App Store and Play Store disclosures

The categories of data we collect, mapped to Apple App Privacy and Google Play Data Safety:

  • Contact Info — email address, name (linked to your account, used for app functionality and authentication, not for tracking).
  • User Content — emails, attachments, calendar events, photos, files, AI conversations (linked, app functionality only).
  • Identifiers — Doyna user ID and OAuth subject identifier (linked, authentication).
  • Other Data — timezone (linked, app functionality).
  • Tracking: none. No advertising SDKs, no cross-app trackers, no IDFA, no GAID. NSPrivacyTracking is set to false.

10. Changes

We may update this policy. Changes will be posted on this page with an updated date. For material changes, we'll notify you via email if you're a customer.