Our Privacy Policy

Doit has been built and designed with privacy in mind from the very beginning, and is fully GDPR compliant.

Effective date: August 19, 2020


1.1 This document describes how Yxagon AB, company registration number 559217-2943 having its registered address at c/o CONLEGA, Box 160, 101 23 Stockholm Sweden (“Doit.io,” “we” or “us”) collects, uses and processes Personal Data (“Privacy Policy”). This Privacy Policy is applicable when you sign up to use Doit’s services (“Services”) as well as throughout your usage of the Services, such as writing notes, uploading documents, files, collaborate, get organized, etc to your account on our Services.

1.2 We do not own your personal data or content, nor do we sell it to others or use it for external advertising. It is your data.

1.3 All definitions in this Privacy Policy shall be interpreted in accordance with applicable data protection laws which refer to the General Data Protection Regulation (Regulation no. 2016/679) and the Directive on Privacy and Electronic Communications (Directive 2002/58/EC), as well as the national implementations and related national legislation.

2. Data Processed

2.1 We will process the following personal data when you are signing up for the Services and using the Services:

  • name;
  • email address;
  • account information/credentials;
  • address and company name (only for paid accounts);
  • IP address
  • picture of the data subject;
  • information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services; and
  • technical data, which may include your IP address, unique device ID, pages that you visit before, during and after using the Services, details about your browser, operating system or device, and language;

2.2 We may also use third-party service providers to collect and process analytics and other information on our Services. These third-party service providers may use cookies, pixel tags, web beacons, or other storage technology to collect and store analytics and other information. They have their own privacy policies addressing how they use the analytics and other information and we do not have access to, nor control over, third parties’ use of cookies or other tracking technologies.

2.3 We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as a social networking site or a third-party login service, we may collect information about you from that third party that you have made available via your privacy settings.

2.4 You are solely responsible and the controller for the personal data which may be included in the content that you post, upload and/or contribute to the Services. We have the capability to access the personal data but will only do so if there is any suspicion about a breach of the Terms of service or any illegal activity. We will not be able to access end-to-end encryption.

2.5We are unable to provide you with the Services and you will not be able to create and login to your account unless you provide us with some of the personal data mentioned above. For example, the processing of the personal data in 2.1 a) - c) is necessary to maintain the contractual relationship between you and us.


3.1 We will process the following categories of personal data: your name, e-mail address, account credentials, pictures of you and other content that you post, upload and/or contribute to the Services set out above for the following purposes:

  • to administer your account, to enable and provide the Services and integration with third party services, and to provide, personalize and improve your experience with the Services, and to otherwise provide the Services according to the Terms of service;
  • to send you alerts or messages by email or otherwise, including to provide you with information, newsletters and marketing or promotional material regarding updates about our products and Services. You can at any time opt out from marketing communication from us;
  • to inform you about updates of the Services or the Terms of service; and
  • to enforce the Terms of service, including to protect our rights, property and safety and also the rights, property and safety of third parties if necessary;

3.2 We will process the following categories of personal data: your IP address, information about your use of the Services, technical data for the following purposes:

  • to improve and develop the Services or new services and products and to analyse your use of the Services; and
  • to ensure the technical functioning of the Services and to prevent use of the Services in breach of the Terms of service;

3.3 We will process the following categories of personal data: company name and address for billing purposes, when you are using our premium accounts for the purpose of providing payment services.


4.1 Fulfillment of contract. By accepting Doit’s Terms of service and this Privacy Policy we process your personal data for the purposes in 3.1 a), c) and 3.2 d) to be able to fulfill the agreement with you, which is to deliver our Services to you according to the Terms of service and the Privacy Policy.

4.2 Legitimate Interest. The processing of your personal data for the purposes in 3.1 b), d) and 3.2 a) is processed on the basis of the legitimate interest of us. Our legitimate interest is to improve the Service, stay in touch with you regarding updates in the Service and marketing of our products and services. We also need to log data when you visit our Website and how you use it to be able to maintain a sufficient level of IT-security, to evade fraud and protect the App, Website and Service from cyber threats. If you are using the Service as a Company, we base the purposes in 3.1 a), c) and 3.2 d) on our legitimate interest if the User of the Service is a company and not a private person.


5.1 We may share and disclose your personal data to our service providers hosting the website and for authentication of users credentials, payment service providers and analytics service providers to be able to store the personal data, authenticate the personal data used within the Services, provide payments and analysing the use of the Services.

5.2 The main processing of the personal data is done within the EU. However, we may transfer personal data outside the EU/EEA and we are therefore applying specific safeguards for the data transfers as set forth in the table below. You can acquire further information regarding the transfer by contacting us at privacy@doit.io

Google Firebase - US - EU-US Privacy Shield

Google Analytics - US - EU-US Privacy Shield


We may access, preserve and share your personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.


We collect information by using technology such as cookies, pixels and tags (on your browser or device). For information about how we use these types of technologies, please see our cookie policy.


We store your personal data until you as a user decides to delete your account or have deleted certain information on the account that you have posted or uploaded to your account. However, if your account is inactive for a period of 365 consecutive days, we will delete your information automatically after reminding you about inactivity leading to automatic deletion. We may store some personal data longer if there are legal requirements or obligations such as bookkeeping legislation, and to protect ourselves in the event of legal claims.


The Services are not directed to persons under the age of thirteen (13). If you are a parent or guardian of a person under the age of 13 and you become aware that the child has provided personal data to us without your consent, please contact privacy@doit.io to exercise your access, rectification, erasure, limiting of processing and objection rights.


10.1 You have an absolute right to object and opt-out to the processing of your personal data for direct marketing and communication from us as described in point 3.1 above.

10.2 You have the right to request access and further information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You have the right to access and obtain a copy of the personal data we process relating to you free of charge. For repetitive access requests we may charge an additional fee based on administrative costs.

10.3 If the processing is based on the legal grounds consent or fulfillment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to other data controllers.


11.1 To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact us at the following address: privacy@doit.io or Yxagon AB, c/o Conlega Box 160 101 23 STOCKHOLM Sweden. In your letter/email please state your full name, [insert any other information the Company needs in order to process the request]. Note that you should sign the request to receive information of the processing of your personal data yourself.

11.2 If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.


If there is a change of control in our business, we may transfer your information to the new owners for them to continue to provide the Services. The new owners shall continue to comply with the commitments we have made in this Privacy Policy.


If we make changes to this Privacy Policy, we will notify you by posting the updated privacy policy on our webpage where it will be stated which date it has been updated or by notifying you at your registered e-mail address.