← Back to site

Dotos Privacy Policy

Effective Date: March 8, 2026

Dotos ("Dotos," "we," "us," or "our") provides backend infrastructure and security services for organization-administered workspaces.

This Privacy Policy explains what information Dotos collects and processes directly, and clarifies our role in relation to organizational workspace data.

1. Platform Structure and Roles

Dotos operates a user-centered system administered by organizations.

There are two distinct categories of data within the Services:

1.1 Workspace Data (Organization-Controlled)

If you use Dotos through an organization ("Organization"):

  • The Organization controls the workspace (tenant).
  • The Organization determines what data is collected within that workspace.
  • The Organization determines access, retention, and deletion.
  • Dotos processes workspace data solely on the Organization's instructions.
  • Dotos does not independently control, manage, or delete workspace data.

    • If you have questions about workspace data, you must contact your Organization directly.

    1.2 Platform Operational Data (Dotos-Controlled)

    Dotos collects limited information necessary to:

  • Operate the platform
  • Maintain system security
  • Provide services to Organizations

    • We act as the data controller for this limited operational data.

    2. Information We Collect Directly

    We collect only the information necessary to operate and secure the Services.

    This may include:

    2.1 Organization Administrator Information

    For Organization owners or designated administrators:

  • Name
  • Business email address
  • Organization affiliation
  • Billing contact details (if applicable)

    • 2.2 Security and System Logs

    To maintain platform integrity, we collect:

  • IP addresses
  • Login timestamps
  • System activity logs
  • Device or browser metadata necessary for security monitoring

    • These logs are used solely for operational security and system reliability.

    We do not use this information for advertising or profiling.

    2.3 Single Sign-On (SSO) Authentication Data

    Dotos supports authentication through third-party SSO providers, including Google, Microsoft, Apple, Twitter (X), and Facebook. When you choose to sign in using an SSO provider, we receive limited profile information from that provider to authenticate your identity and create or link your account.

    What we receive from SSO providers:

  • Name (as registered with the provider)
  • Email address
  • Profile identifier (a unique ID assigned by the provider)
  • Profile photo URL (if made available by the provider)

    • How we use SSO data:

  • Authenticate your identity and manage your session
  • Create or link your Dotos account
  • Display your name and profile information within the platform

    • What we do not do with SSO data:

  • We do not request access to your contacts, calendars, files, or any data beyond basic profile information.
  • We do not store your SSO provider password. Authentication is handled entirely by the provider.
  • We do not share your SSO profile data with third parties for advertising or marketing.
  • We do not use SSO data for behavioral profiling or tracking across other services.

    • Revoking SSO access:

    You may revoke Dotos's access to your SSO account at any time through your provider's account settings (e.g., Google Account > Security > Third-party apps, Microsoft Account > Privacy > Apps and services, or equivalent settings for Apple, Twitter, or Facebook). Revoking access prevents future SSO sign-ins but does not automatically delete your Dotos account or data. To request account deletion, contact [email protected].

    3. What We Do Not Collect

    Dotos does not independently:

  • Profile individual users
  • Sell personal information
  • Access or use workspace content for marketing
  • Respond directly to individual deletion requests for workspace data
  • Control user-submitted workspace data

    • Workspace data is controlled exclusively by the Organization.

    4. How We Use Operational Data

    We use operational data to:

  • Authenticate accounts
  • Maintain system security
  • Detect fraud or misuse
  • Provide technical support to Organizations
  • Comply with legal obligations

    • We do not use operational data for behavioral advertising.

    5. Data Retention

    Operational Data

    We retain operational data only as long as necessary to:

  • Maintain platform security
  • Fulfill contractual obligations
  • Comply with applicable law

    • Workspace Data

    Workspace data retention is determined by the Organization. Dotos deletes or returns workspace data in accordance with its agreement with the Organization.

    6. Data Sharing

    We may share operational data with:

  • Infrastructure hosting providers
  • Security service providers
  • Payment processors (for Organization billing)
  • SSO identity providers (only the authentication handshake necessary to verify your identity)
  • Legal authorities if required by law

    • We do not sell personal information.

    7. Data Security

    We implement reasonable administrative, technical, and organizational safeguards to protect operational data, including:

  • Access controls
  • Encryption in transit
  • Infrastructure monitoring
  • Audit logging

    • No system can guarantee absolute security.

    8. Your Rights

    If you use Dotos through an Organization:

  • Requests related to workspace data must be directed to your Organization.
  • Dotos processes such requests only upon authorized instruction from the Organization.

    • For operational data controlled directly by Dotos (such as administrator account information or SSO profile data), you have the right to:

  • Request access to your data
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Revoke SSO provider access at any time through your provider's account settings

    • Requests may be directed to:

    [email protected]

    We may verify identity before responding.

    9. International Transfers

    If operational data is transferred internationally, appropriate safeguards are implemented as required by applicable law.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time.

    Material changes will be communicated appropriately.

    11. Contact Information

    For workspace-related matters, please contact your Organization directly.

    For operational data matters, you may contact:

    Dotos

    [email protected]

    12. Google User Data and Email Signature Sync

    When you choose to connect your Google account to sync your email signature, Dotos requests permission to manage your Gmail settings (the gmail.settings.basic scope). Dotos uses this access solely to write the email signature you create in Dotos to your Gmail account's send-as settings. Dotos does not read, send, delete, or otherwise access the content of your email messages, your contacts, or any other Gmail data. We store only the authorization tokens required to perform this sync and basic sync metadata (the last sync time and status). You can disconnect at any time from within Dotos, which revokes Dotos's access to your Google account.

    Dotos's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

    Version 2.1

    Powered by dotos