Privacy Policy

Duho is a reasoning assistant with persistent memory across your tools, calendar, and conversations. This policy explains what data Duho accesses, why, how it is used and protected, and the choices you have. It applies to the Duho applications (iOS, macOS, web) and the services that run them, operated by Duho ("Duho", "we", "us").

1. Who we are & how to reach us

Duho is the data controller for the personal data described in this policy. Questions, access requests, or deletion requests: [email protected]. We respond to verified requests within 30 days.

2. What data we access

Calendar data (Google, Microsoft 365, Apple/iCloud, and CalDAV providers)

When you connect a calendar account, Duho requests permission to read and write calendar events on that account. We access calendar data only to provide Duho's calendar features:

Reading events & availability — to show your existing events, list your calendars, and check free/busy windows so a new event lands on the right calendar at a time that doesn't conflict.
Creating, updating, and deleting events — to write an event you have chosen to schedule (for example, turning a photo of an appointment card into a calendar event), to update it, or to undo a write you reverse.

Duho is manual-first: every calendar write is presented to you for explicit confirmation before it happens. Duho does not write to your calendar silently. Each write is recorded so you can undo it.

By provider, the access is:

Google Calendar — accessed through the Google Calendar API using the https://www.googleapis.com/auth/calendar.events scope (view and edit events on calendars you can access). You grant this on Google's consent screen and can revoke it at any time at myaccount.google.com/permissions.
Microsoft 365 / Outlook — accessed through the Microsoft Graph API using the delegated Calendars.ReadWrite permission against your own mailbox (/me/events). You grant this on Microsoft's consent screen and can revoke it at myaccount.microsoft.com.
Apple / iCloud — accessed on your device only, through Apple's EventKit framework after you grant calendar permission in the OS prompt. Apple calendar data accessed this way is read and written locally on your device; Duho does not store your Apple calendar tokens or copy your Apple calendar events to our servers.
Other calendars (CalDAV — Fastmail, Yahoo, self-hosted, etc.) — accessed through the CalDAV standard using a server URL, username, and an app-specific password you provide.

Captures & content you give Duho

Content you submit to Duho — photos, notes, files, and messages you capture, and the conversations you have with the assistant — is processed to produce the output you ask for (for example, extracting an appointment's details from a photo so it can become a calendar event). This content, and Duho's reasoning memory derived from it, is stored to provide the assistant's persistent-memory features.

Account & technical data

Account identifiers (such as the email label of a connected calendar), authentication tokens, and basic technical/operational logs needed to run the service securely and reliably.

3. How we use your data

To provide the features you request — reading and writing calendar events you confirm, and producing the assistant output you ask for.
To maintain the assistant's persistent memory across your tools and conversations, so context carries over.
To operate, secure, debug, and improve the reliability of the service.
To comply with legal obligations.

We do not use your calendar data, captures, or other personal data for advertising, and we do not use it to train generalized / foundation AI models.

4. Google API Services — Limited Use disclosure

Google Limited Use commitment

Duho's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained through Google APIs (including Google Calendar data):

is used only to provide or improve user-facing features that are prominent in Duho's interface, and is not used for any other purpose;
is not transferred or sold to third parties for advertising, marketing, or other purposes, or to data brokers;
is not used to serve advertisements;
is not used to train, develop, or improve generalized or non-personalized AI/ML models; and
is not read by humans unless we have your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse) or to comply with applicable law, or the data is aggregated and anonymized and used to improve the service in line with this policy.

5. Microsoft / Outlook data handling

Calendar data accessed through the Microsoft Graph API is used solely to provide Duho's calendar features against your own mailbox, under the same commitments as above: it is not sold, not transferred to third parties for advertising, not used to serve ads, and not used to train generalized AI models. Duho requests only the delegated Calendars.ReadWrite permission needed for the feature and accesses only your own calendar. You can revoke Duho's access at any time from your Microsoft account's app-permissions page.

6. How we store & protect your data

Encryption in transit: all data moves over TLS/HTTPS.
Tokens encrypted at rest: OAuth access and refresh tokens for connected calendar accounts are stored encrypted in our database — never in plaintext, never on the device registry.
On-device only for Apple: Apple/iCloud calendar access happens on your device; we hold no Apple calendar token server-side.
Tenant isolation: your data is scoped to your account and not commingled with other users' data.
Least privilege: we request the narrowest scopes that deliver the feature (event read/write), not broad account access.

7. Data retention

Connected-account tokens are retained while the account is connected and deleted when you disconnect it or delete your account.
Captures and assistant memory are retained while your account is active so the assistant's persistent-memory features work, and are deleted on account deletion or on a specific deletion request.
Calendar events created by Duho live in your calendar; deleting your Duho account does not delete events already written to your calendar (you can delete those in your calendar, or use Duho's undo before disconnecting).
Operational logs are retained only as long as needed for security and reliability, then deleted or anonymized.

8. Sharing & disclosure

We do not sell your personal data. We share it only with: (a) service providers / sub-processors who run Duho's infrastructure under contractual confidentiality and data-protection obligations, and only as needed to operate the service; and (b) authorities where required by law. The calendar providers you connect (Google, Microsoft, Apple, your CalDAV host) are the sources of the calendar data, not recipients of additional data from us.

9. Your choices & rights

Disconnect any calendar at any time inside Duho; this stops further access and removes the stored tokens for that account.
Revoke at the provider — Google: myaccount.google.com/permissions; Microsoft: myaccount.microsoft.com; Apple: Settings → Privacy & Security → Calendars.
Access, correct, export, or delete your data — email [email protected]. Depending on where you live, you may have additional rights under the GDPR, UK GDPR, or CCPA/CPRA, including the right to object and the right to lodge a complaint with your data-protection authority.

10. Children

Duho is not directed to children under 13 (or the equivalent minimum age in your jurisdiction) and we do not knowingly collect their data.

11. International transfers

Duho may process data in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.

12. Changes to this policy

We may update this policy as Duho evolves. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated in-app.

13. Contact

Duho — [email protected]. See also our Terms of Service.