By downloading and using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the App.

1. Data Controller

The data controller responsible for your personal data is:

SIA Dosty
Valdeku iela 62 k-1 - 4, Riga, Latvia
Email: support@dosty.co

As a company incorporated in Latvia, SIA Dosty is subject to the GDPR and the laws of the Republic of Latvia. We are committed to protecting your privacy in accordance with these requirements.

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

  • Full name
  • Date of birth
  • Gender
  • Mobile phone number (used for account verification via SMS or WhatsApp)
  • Profile photo (optional)
  • Nickname / username
  • Pet information: type, name, breed, and age (optional)

2.2 Fitness and Activity Data

  • Daily step count
  • Estimated calories burned and distance walked
  • Step history and streaks
  • Coin / Crystal balance and transaction history
  • Donation history and community goal contributions
  • Season Pass progress and milestone completions

2.3 Usage and App Data

  • Leaderboard rankings (country-wide and friends)
  • In-App activity and feature interactions
  • Push notification preferences
  • WhatsApp messaging permissions

2.4 Technical Data

  • Device type and model
  • Operating system and version
  • App version
  • IP address
  • Crash logs and performance diagnostics

2.5 Data from Third-Party Health Platforms

With your explicit permission, we receive step and activity data from Apple Health (iOS), Google Fit, and Samsung Health. We only access the specific data types needed to operate the App's step-tracking features. We do not access other health records stored in these platforms.

2.6 Data We Do Not Collect

We do not collect payment card numbers or bank account details. All in-App payments are processed exclusively by Apple App Store or Google Play Store. We do not receive or store your payment credentials.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases under Article 6 of the GDPR:

4. How We Use Your Data

We use your personal data for the following purposes:

  • To create, verify, and manage your account.
  • To track your daily steps and convert them into Coins.
  • To display your position on the country-wide and friends leaderboards.
  • To manage your Season Pass progress, milestone rewards, and Partner Offer eligibility.
  • To process your Coin donations towards community pet food goals.
  • To send push notifications and WhatsApp messages about your activity, rewards, and community updates (with your consent).
  • To detect and prevent fraudulent step manipulation or abuse.
  • To respond to your support requests and communications.
  • To improve the App through crash logs and performance analytics.
  • To comply with our legal obligations.

5. Third-Party Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

5.1 Health Platform Integrations

When you connect Apple Health, Google Fit, or Samsung Health, data is retrieved from those platforms solely to power the step-tracking feature. We do not share your App data back to these platforms beyond what is technically required for the integration.

5.2 Partner Offers

When you unlock a Partner Offer reward in the Season Pass, we may share limited information with the relevant third-party partner (such as confirmation that you have reached a qualifying milestone) in order to validate and fulfil your reward. No sensitive personal data is shared with partners.

5.3 Service Providers

We engage trusted third-party service providers to support the operation of the App, including cloud hosting and infrastructure, SMS and WhatsApp message delivery, push notification services, and crash and performance analytics. These providers act as data processors and are bound by data processing agreements. They may only process your data on our instructions and in accordance with applicable law.

5.4 App Stores

Subscription purchases are processed by Apple App Store or Google Play Store. These platforms operate independently and are governed by their own privacy policies. We receive only a transaction confirmation and do not have access to your payment details.

5.5 Legal Disclosures

We may disclose your personal data if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights, the safety of users, or to investigate fraud or abuse.

5.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity. You will be notified of any such transfer and your rights will be preserved.

6. International Data Transfers

As a company registered in Latvia (EU), your personal data is primarily processed within the European Economic Area (EEA). The App is operated for users in Azerbaijan, which is outside the EEA.

Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR, including use of Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. You may request details of the safeguards applicable to your data by contacting us at support@dosty.co.

7. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the App's services. Specific retention periods are as follows:

  • Account data (name, phone number, profile): retained for the duration of your account, deleted within 30 days of account deletion.
  • Fitness and step data: retained for the duration of your account plus up to 12 months to allow for retrospective statistics, then deleted.
  • Donation and Season Pass history: retained for up to 3 years for community reporting and audit purposes, then anonymised or deleted.
  • Technical logs and crash reports: retained for up to 12 months.
  • Legal and compliance records: retained for as long as required by applicable law.

After the applicable retention period, data is securely deleted or anonymised so that it can no longer be linked to you.

8. Children's Privacy

The App is available to users aged 13 and above. Users between the ages of 13 and 17 (“Minors”) may only use the App with the verifiable consent of a parent or legal guardian.

8.1 Data Collected from Minors

We collect the same categories of data from Minors as from adult users (see Section 2). We do not knowingly collect more data from Minors than is necessary to provide the App's core features.

8.2 Parental Consent

By registering an account on behalf of or together with a Minor, the parent or legal guardian confirms that they have provided consent for the Minor's use of the App and the collection of their personal data as described in this Privacy Policy.

8.3 Parental Rights

Parents or legal guardians may at any time request access to, correction of, or deletion of their child's personal data by contacting us at support@dosty.co. Upon verified request, we will action such requests within 30 days.

8.4 Discovery of Underage Users

If we become aware that we have collected personal data from a child under the age of 13 without appropriate parental consent, we will promptly delete that data and close the associated account. Please contact us at support@dosty.co if you believe this has occurred.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. To exercise any of these rights, please contact us at support@dosty.co. We will respond within 30 days of receiving your request.

9.1 Right of Access (Art. 15)

You have the right to request a copy of the personal data we hold about you and information about how we process it.

9.2 Right to Rectification (Art. 16)

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. You can update most of your profile data directly within the App.

9.3 Right to Erasure — “Right to be Forgotten” (Art. 17)

You have the right to request deletion of your personal data where: (a) the data is no longer necessary for the purposes it was collected; (b) you withdraw consent and there is no other legal basis for processing; (c) you object to processing and there are no overriding legitimate grounds; or (d) the data has been unlawfully processed.

You can delete your account at any time through the App's settings. Upon deletion, your account data, step history, Coins, Season Pass progress, and leaderboard standing will be permanently removed within 30 days, subject to any legal retention obligations.

9.4 Right to Restriction of Processing (Art. 18)

You have the right to request that we restrict the processing of your data in certain circumstances, such as where you contest the accuracy of the data or have objected to processing pending verification of our legitimate grounds.

9.5 Right to Data Portability (Art. 20)

Where processing is based on your consent or the performance of a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.

9.6 Right to Object (Art. 21)

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

9.7 Right to Withdraw Consent

Where processing is based on your consent (e.g., health data access, push notifications), you may withdraw your consent at any time through your device settings or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Data State Inspectorate of Latvia (Datu valsts inspekcija), the supervisory authority for data protection in Latvia, if you believe we have processed your data in breach of the GDPR. Contact details: www.dvi.gov.lv.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data transmission (TLS), secure server infrastructure, access controls, and regular security reviews.

Steps are saved locally on your device and uploaded to our servers with protection against network loss or battery drain. We minimise the data stored locally and do not store unencrypted sensitive data on device.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. If you become aware of any security vulnerability or suspect unauthorised access to your account, please notify us immediately at support@dosty.co.

11. Analytics and Tracking

The App does not use browser cookies. We may use mobile analytics tools to collect anonymised or pseudonymised data about App performance, crash events, and feature usage. This data helps us improve the App and is not used to identify you individually. Where analytics tools involve processing of personal data, they are governed by appropriate data processing agreements.

12. Push Notifications and WhatsApp Messages

With your consent, we send push notifications and WhatsApp messages to keep you informed about your step progress, leaderboard updates, Season Pass milestones, community donation goals, and promotional offers.

You can manage push notification permissions at any time through your device's operating system settings (iOS: Settings › Notifications; Android: Settings › Apps › Dosty Walks). Withdrawing notification permissions does not affect your ability to use the App's core features.

For WhatsApp messages, we check for WhatsApp availability on your device at registration. If WhatsApp is not available, we use SMS instead. You may opt out of WhatsApp communications by contacting us at support@dosty.co.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify you via the App, push notification, or email at least 14 days before the changes take effect. The updated policy will always be accessible within the App and will display the date of the most recent revision.

Your continued use of the App after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our privacy team at:

SIA Dosty
Valdeku iela 62 k-1 - 4, Riga, Latvia
Email: support@dosty.co