Privacy Policy

Last updated: 06/06/2025

Duata (“we,” “us,” or “our”) is a cybersecurity training app that helps users recognize scams, phishing attempts, and other digital threats. This Privacy Policy outlines what data we collect, how we use it, and how we protect your privacy.

1. Information We Collect

A. Information You Provide

• Your email address and name (if you sign up or log in)

• Your age

• Your answers to training questions and simulations

• Any feedback or support messages you send us

B. Gmail Access (Optional)

If you choose to connect your Gmail account via OAuth, we may:

• Insert simulated phishing emails into your inbox for training

• Access email metadata (e.g., sender name, subject) to improve realism

We do not read or store your personal emails.

We do not sell or share your Gmail content.

C. Automatically Collected Data

• Device type and operating system

• App usage data (e.g., levels completed, screens visited)

• Crash reports used to fix bugs and improve performance

2. How We Use Your Information

We use your data to:

• Deliver training simulations that match your skill level

• Track your progress and adjust difficulty accordingly

• Improve the app’s performance and user experience

• Send important notifications about your account or training schedule

We do not use your data for advertising or external tracking.

3. Data Storage and Security

• OAuth tokens and personal data are encrypted and stored securely

• All data is stored using modern, cloud-based security standards

• We only access your data to deliver training or provide support

4. Your Rights and Choices

You can:

• Disconnect your Gmail account at any time in your Google Account settings:

  https://myaccount.google.com/permissions

• Request that we delete your account and all associated data by emailing us at support@duata.app

• Contact us to review, correct, or update your information

5. Data Retention

We keep your data only as long as necessary to operate the app and support your training experience. You may request full deletion at any time.

6. Children’s Privacy

Duata is not intended for children under the age of 13. We do not knowingly collect personal information from children.

7. Third-Party Service

Duata uses third-party services including:

• Google (for OAuth and Gmail simulations)

• Supabase (for secure data storage and analytics)

• Apple (for iOS device data and app distribution)

We only use these services to support core app features. We do not share data for marketing or third-party tracking.

8. Changes to This Policy

We may update this policy to reflect changes in the app or legal requirements. We will notify users of material changes and update the date at the top of this page.

9. Contact US

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@duata.app

Website: https://duata.app