DOBER PRIVACY POLICY



By interacting with the website https://dober.chat or by using Dober Messenger through its mobile version - Dober Mobile App, you agree to be bound by this Privacy Policy and provide your consent to the collection, processing, storage and transfer of your Personal Data according to the rules indicated in this Policy.


This Privacy Policy (or "Policy") describes the rules and principles for the collection and processing of User`s Personal Data by Dober ("Dober"), which is the Processor and, in the cases described in this Policy, may act as Data Controller under the GDPR. Dober was developed by an individual entrepreneur Oberemok D.P., Individual Tax Code: 3195118838.


References to the words "we", "our" or "us" "Messenger" or similar words in context mean "Dober" - messenger for secure communication.


References to the words "you" or "your" or similar words in context mean Dober "Users".


We are committed to protect privacy and security for the Personal Data you provide to us, to minimize the collection of your Data. Dober will collect, use and share Personal Data only in the ways described in this Policy.


THIS POLICY DESCRIBES THE RULES THAT GOVERN HOW DOBER COLLECTS, MAINTAINS AND PROCESSES PERSONAL DATA OF DOBER PERSONAL ACCOUNTS USERS, WHOSE DATA IS STORED ON THE DOBER PUBLIC SERVER.



  1. TERMS
  2. PERSONAL DATA THAT WE COLLECT AND STORE
  3. METHODS AND GROUNDS FOR THE COLLECTION OF PERSONAL DATA
  4. PURPOSES OF PERSONAL DATA USAGE
  5. AGE LIMITS FOR DOBER USERS
  6. PERSONAL DATA DISCLOSURE
  7. USER RIGHTS
  8. RETENTION PERIOD FOR PERSONAL DATA
  9. DATA STORAGE SECURITY
  10. INTERNATIONAL TRANSFER OF PERSONAL DATA
  11. ADDITIONAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
  12. MAILING LIST AND PROMOTIONAL OFFERS
  13. LINKS TO OTHER SITES
  14. COOKIE USAGE
  15. FEEDBACK
  16. CHANGES TO THIS POLICY


  1. TERMS


    1. Personal Data (Information) is information that identifies you as a specific person or can identify you for interaction with you.

    2. User is an identifiable or non-identifiable individual who interacts with Messenger.

    3. CCPA (California Consumer Privacy Act) is a California statute designed to increase privacy rights and consumer protections for residents of California and the United States.

    4. Cookies are small text files that store information about your previous activities on the Dober Web site.

    5. GDPR - General Data Protection Regulation ("GDPR"), which applies to the regulation of personal data processing as of May 25, 2018.

    6. Business Account - is a User's (Business Client's) account that allows to use Messenger as a closed communication channel, available only to employees of such a Business Client or authorized users whose access is only allowed by this Business Client.

    7. Personal Account - registered Dober User's account.

    8. Business Account Server - is a physical or cloud-based server purchased or leased by the Business Account Owner (Business Client) on which the Dober software will be deployed and where all of the Business Client's information will be stored.

    9. Public Server - Dober leased or purchased, physical or cloud-based server on which all Personal Account data and Dober software are stored.


  2. THE PERSONAL DATA WE COLLECT AND STORE


    Business Account and Personal Account Messenger options are available in Dober. You can read more about this in the Dober Terms of Use.


    1. Personal data collected voluntarily at the initiative of Users. When a User creates a Personal Account to use Messenger:

      We collect User's Personal Data that identifies you as an individual, necessary to create and maintain a User account, and transfer information within Messenger in connection with the use of it. User's Personal information includes:

      1. Login, account name, and pseudonym (nickname). To register your account, you will need to come up with a username - a unique name for your account, which you will enter every time you log in to your account on any of your devices, to identify you as a User. Do not disclose your username to any third party to prevent the possibility of your account being compromised.
      2. You can add a name (the name under which other users will see you in the messenger address book, the User name is not unique and may coincide with the names of other Users) and a nickname (a unique identifier by which other Users will be able to find you in the messenger database). Note that your name and nickname will be publicly available to other Users. Dober does not require your name and/or nickname to match your actual name. The name and nickname may be fictitious and chosen at your discretion.


      3. Password and pin code. To register an account, the User must come up with a password that will secure login to the account on any User's device and a pin code that protects against other Users opening the Messenger, with no integration with Android and iOS security mechanisms. Dober processes passwords, but does not store them. The password hash is also not stored, making it impossible to reverse-engineer a User's password. When creating a password, remember that the more complex the password, the stronger the cryptographic protection of correspondence in Dober will be. Dober does not process or store the User's pin code.

      4. Secret Q&A. When registering an account, User can fill out additional information to regain access to the account if the password is lost. If User does not create password recovery information and, the password is lost, the account will no longer be available without the possibility of password recovery. Do not disclose the answers to the password recovery questions to third parties to prevent the possibility of your account being compromised.

      5. Public Key. Each User has its own public and private key. The public key is one of the two parts of a key pair used in public key cryptography, also known as end-to-end encryption, and is used to encrypt a message or data. Dober stores and processes the public key. The private key, on the other hand, is kept secret and used only by the owner to decrypt messages encrypted by end-to-end encryption. With end-to-end encryption, the public key encrypts the data and the private key decrypts it.
      6. When sending a message through Messenger, the sender generates a SHA3-512 symmetric key, which is used to encrypt the message with a public key, which is stored on the Public Server or Business Account Server. The message's recipient decrypts the symmetric key with the private key, which is decrypted with the password. Dober generates a unique symmetric key for each message.

        Generation of a unique symmetric key for each message provides an additional level of security during data transmission.


      7. Profile Images. You can add a profile picture to personalize your account, Dober does not require your profile picture to match your actual appearance and to be your personal photo. Please note that your profile image is always publicly available to other Users and is stored on the Public Server and Business Account Server in an unencrypted form.

      8. Audio, video, documents and messages. We store messages, photos, videos and documents you upload to your cloud chats in Messenger, so you can access your data on your devices at any time without relying on backups. Data is stored encrypted and only available to the sender and recipient.

      9. Metadata. Dober may receive and store data connected with your use of the features or Dober functions: login, correspondence, call, video, photo, and the date and time of your call in Dober, to enhance the security of your account and to prevent spam, abuse and other violations of our Terms of Use.

    2. Personal information collected automatically. When interacting with Messenger, some information about Users is automatically collected from a computer or mobile device.


      1. Server Logs. Our Public Servers automatically collect data when you use Messenger and record it. Dober may collect Personal Information such as: your IP address, to understand the country you are connecting from when you use Messenger, your time zone setting, information about the device and browser type you use to access Messenger, the URL of the website from which you visited Messenger, third party sites you visit to log out of Messenger, and your language settings.

      2. Device data. Dober collects data about the devices Messenger is used on, including device type, installed operating system, device settings, application identifiers, and failure data. Device data is stored on the Public Server in encrypted form and is available only to the User, the owner of the login and password owner.

      3. Location Data. We receive data from Users to help us to understand your approximate location (the location of the device from which a User connects to Messenger). For example, Dober may determine your approximate location to assist with localisation. Location data is stored on the Public Server in encrypted form and is available only to the User who owns the login and password. Dober does not track Users by their GPS.

      4. Time and date information. Dober collects information about the date and time the account was created, as well as the date and time the account was last logged into Messenger, to provide the User with session information that protects and controls the account from unauthorized logins.

    3. Messenger allows to create a Business Account, access to which is provided by the Dober User (Business Client), the owner of such a Business Account, to other Users. In addition, the Business Client may use its own Business Account Server to store, process Personal Information of Business Account Users who have access to it.

    4. When a User creates a Business Account in Messenger: We do not collect data from a Business User (Business Client) who uses Messenger as a closed channel of communication available only to the Business Account Users to whom the Business Client has granted access to such a Business Account.

    5. Business Client uses its Business Account Server to store, process the personal data of Users to whom they grant access.


      Business Account Server Data.When creating a Business Account, the User submits to Dober the Business Account Server's address and other data specified in clauses 2.1.1. 2.1.1. to 2.1.7. of the Policy as when creating a Personal Account.


    6. Dober does not collect or store the data of Business Account Users. Such Users receive access to Messenger from the Business Account Creator - Business Client, who collects, stores and processes such Users' personal data on the Business Account Server.

    7. Dober does not use phone numbers as identifiers to create and authorize an account, or to log in to an account by sending an SMS with a code.

    8. Dober does not use or solicit email from Users to create and authorize an account or recover a password.

    9. Dober does not integrate with the User's device phone book. However, the Users always have access to information about the device from which they used Messenger and can end the session on such a device.

    10. Dober does not collect or process special categories of User`s Personal Data (sensitive data), such as information about race or ethnicity, religious or philosophical beliefs, sexual life and orientation, political views, trade union membership, health information, and genetic and biometric data. We also do not collect information about Users' criminal or misdemeanor records. We do not collect your financial data, payment card data, financial transactions, etc.


  3. METHODS AND GROUNDS FOR THE COLLECTION OF PERSONAL DATA


    1. Dober collects and processes Personal Data of Users to provide access to the Messenger and ensure its usage, to fulfill obligations imposed by laws, to comply with the requirements of public authorities, including regulatory and law enforcement bodies, to settle and prevent disagreements and disputes, detect and prevent fraud or other illegal actions with the data, as well as to protect the interests, rights and freedoms of Users relating to the protection of their Personal Data.

    2. We collect identifiable and non-identifiable Personal Information from Users when they register for an account and use the Messenger.


  4. PURPOSES OF PERSONAL DATA USAGE


    1. We process Users' Personal Data for the purposes set forth in this Policy:

      1. To provide the User with information about his/her use of Dober (session data - history of visits, active sessions, time of visits, data of the device from which the User accessed the Messenger);
      2. To enable the User to manage the devices to which the account is accessible and to monitor unauthorized access of third-party devices to the User's account;
      3. To ensure internal quality and safety controls, protect against fraudulent or illegal activities and hold accountable those responsible for such activities;
      4. To ensure compliance with the law, including protection of our rights, the rights of Users or the rights of third parties;
      5. To prevent or stop activities that we may consider illegal, unethical;
      6. To increase the security of your account, and to prevent spam, abuse, and other violations;
      7. To respond to inquiries and complaints, and to communicate with Users;
      8. To develop and provide search tools as well as additional features in the Messenger.


  5. AGE LIMIT FOR USERS


    1. The Messenger is not intended for use by minors under the age of 16. Dober does not knowingly collect information from minors under the age of 16 and believes that children of any age should obtain parental or legal guardian consent before using the Messenger and submitting any Personal Information.

    2. If you believe that we have erroneously or inadvertently collected Personal Information from minors under the age of 16, please let us know at support@dober.chat so that we can delete that information.


  6. PERSONAL DATA DISCLOSURE


    1. Dober may transfer and disclose Users' Personal Information to enforce and protect its and Users' rights, to ensure Dober's security, to prevent fraud and illegal activity, or in the event of a security threat, including to prevent death or direct harm to health.

    2. Dober may transfer and disclose Users' Personal Information to law enforcement and regulatory bodies at their lawful request. If we receive a request for Personal Information, we may disclose such information if such disclosure is consistent with or mandatory under applicable law, regulation or court orders.

    3. Dober may transfer and disclose Users' Personal Information in accordance with the privacy provisions set forth in this Policy in the event of a change in Dober's business structure, such as: merger, acquisition, bankruptcy proceedings, liquidation, reorganization, sale of some or all of Dober's assets or stock, investment raising, public issue of securities, acquisition of all or part of the business, in similar transactions and procedures. In doing so, we are committed to providing security and protection for your data at least as high as described in this Policy.

    4. It is up to the User to determine the amount and quantity of Personal Data that he or she shares with other Users when using the Messenger. Dober does not control and is not responsible for the processing and storage of Personal Information that Users have provided to third parties. Dober cannot delete all copies of User Information that have previously been shared with third parties. For example, when you share files with Users in cloud chat rooms, Dober is not responsible for the distribution of your Personal Information by such User and cannot affect the use of your information by third parties.

    5. Dober is not liable for violations of the rights of Users or the rights of third parties if such violation occurred as a result of sending any information in chat rooms and/or group chats.


  7. USER RIGHTS


    1. Right for Access. The Privacy Policy defines the Personal Data that Dober collects and processes. Users may obtain confirmation of the use and processing of Personal Data and may contact the DPO in order to request access to the Personal Data that we collect and store, pursuant to Article 15 of the General Data Protection Regulation.

    2. Right for Correction.If the Personal Data stored and processed by Dober is inaccurate or incomplete, the User has the right to update, correct, supplement their Personal Data. The User may make their own corrections by logging into their Dober account from the mobile app interface or the Dober web version and using the "delete" function, the incorrect data will be deleted and the User will be able to make updates. The User may contact the DPO to access their Personal Data to update, correct and/or modify it, pursuant to Article 16 of the General Data Protection Regulation. We will inform you of the measures taken within 30 working days of such a request.

    3. Right to export. The User may request the transfer of Personal Data to third parties in accordance with Article 20 of the General Data Protection Regulation. You have the right to receive Personal Data in a structured, commonly used and machine-readable format and to use it elsewhere or to ask us to transfer it to a third party for your choice. You may exercise this right through the interface of your Dober account.

    4. Right to delete.The User has the right to delete his Personal Data in accordance with Article 17 of the General Data Protection Regulation. The User may either do this himself/herself via the appropriate option in the Messenger or by contacting us by sending an email to support@dober.chat. The personal data, in this case, will be permanently deleted. In the event of a request for deletion, Dober will inform you of the action taken and within 30 business days of such request.

    5. The right to restrict processing. You can ask us to stop or suspend the processing of Personal Data. If you request the restriction of processing, we will inform you within 30 business days of such a request. If you request the restriction of the processing of Personal Data after we have shared it the with third parties in accordance with this Policy, we will inform them of this restriction where applicable.

    6. Right to object.The User has the right to raise an objection to the processing of Personal Data at any time, in accordance with Article 21 of the General Data Protection Regulation.

    7. Right to withdraw consent to data processing.The User has the right to withdraw their consent to the processing of Personal Data, which has been given to Dober, at any time. We rely on your consent as the legal basis for data processing, in the event that the User withdraws consent to the processing, certain features of our Messenger may not be available any more time.

    8. The right not to be subjected to automated decision-making in individual cases, including profiling.The User has the right not to be subjected to a decision that is based solely on automated processing, including profiling, which causes its legal consequences, according to Article 22 of the General Data Protection Regulation.

    9. The right to file a complaint to a supervisory authority.If you have concerns about any aspect of Dober's privacy policy, including the way your personal data is processed. In that case, you may report them to the appropriate supervisory authority or contact the DPO by email or through the inquiry form.

    10. Dober may deny Users the right to access, correct, transfer, delete, object if Dober is acting as a processor of Personal Data and is limited in its authority by the data controller. If Dober denies the right to access, correct, transfer, obliteration, objection of Personal Data, we shall inform you of the reasons, within thirty (30) business days, from the date of such denial.

    11. Dober will make commercially reasonable efforts to accommodate User requests for deletion, but certain information will be retained in the Messenger. In addition, the rights described above may be limited, for example, if complying with your request would disclose Personal Information of another User or if you ask us to delete information that we are required by law to keep, or if we have a legitimate interest in keeping it, such as to prevent fraud or participate in a lawsuit.

    12. Personal information may remain in the archive, and information you update or delete may be retained for our administrative purposes to the extent permitted by law. We will not delete information you have posted publicly using or in Messenger. Dober cannot delete all copies of information that has previously been shared with others.

    13. If you are a California resident, you have additional rights, which can be found in Section 11 of this Policy.


  8. RETENTION PERIOD FOR PERSONAL DATA


    1. Dober retains Personal Information of Users until the User's account is deleted. If you want to delete your account, you can do so in "account settings". Deleting your account results in deleting all messages, media, contacts and all other data you store in Dober. This action must be confirmed through your account and cannot be undone at a later date. All messages and files that you have sent to another User will remain for that User unchanged.

    2. When you delete a User's account from the Public Server, the encryption keys used for correspondence are deleted, but the messages in the chats remain. Users with whom you communicated receive a modified chat - a chat with your deleted account, in which they can't write, but can read the correspondence history. If the User was the Owner/Creator of the Groups, when deleting his account, such Groups and messages in them are deleted without the possibility of recovery. If the Owner/Creator User, before deleting his/her account, delegated his/her account management rights (right to be the Group`s owner and/or administrator) to another User, such Groups will not be deleted and the messages in them will still be readable, the deleted Use'r account will be displayed as a deleted account.

    3. We store data only in encrypted form. We may retain some data in the same encrypted, depersonalized form after your account is deleted, but this is only permissible for our legislation compliance purposes.


  9. DATA STORAGE SECURITY AND DPO


    1. We have implemented appropriate technical and organizational measures to protect against unauthorized access or unauthorized processing of Personal Data, and against accidental loss, destruction or damage to Personal Data. Such measures include physical security, cloud and network infrastructure security, third-party security, security monitoring and incident response. Despite our efforts, no security measures are perfect, and no method of transferring data can be 100% guaranteed to be safe and secure from any interception or other type of misuse.

    2. If you become aware of incidents that threaten the security of your data, please contact us by email at support@dober.chat.

    3. Centralized data storage.User Data is stored on Public Servers owned or leased by Dober, which is located in Ukraine, that is, data is not stored on the User's devices and loss of the device does not result in the information loss. Thus, we do not transfer the Personal Data of Users to other data processing centers. All data is stored in encrypted form.

    4. End-to-end data encryption.Messages, media and files from chats, as well as call content and data you store in your account are processed only on your device and on the recipient's device (the User you are communicating with in Messenger). Before this data reaches our Public servers, it is encrypted with a key known only to you and the recipient. Dober's Public Servers will process this end-to-end encrypted data to deliver it to the recipient or store it. Dober has no way to decrypt the actual information, we store and process random sequences of characters that make no sense without keys that Dober does not have.

    5. Post-quantum cryptography - post-quantum end-to-end encryption ensures confidentiality of User`s data and is an advanced data protection technology. Information transmitted via Messenger is available only to the sender and recipient without the possibility of interception or eavesdropping.

    6. Dober employs a Data Protection Officer ("DPO") to monitor the storage and security of User data, who is responsible for complying with the personal data protection laws under Articles 37, 38, 39 of the GDPR.

    7. Under GDPR regulations, Dober engages the DPO to perform the following tasks:

      1. control the compliance with the norms and requirements of the regulations for data collection and processing;
      2. representation before the regulatory oversight bodies;
      3. data security requests advising;
      4. User's appeals and complaints reviews to protect their rights.

    8. Dober is not responsible for the leakage, unauthorized collection and disclosure, resale and misuse of Users' personal information on the Business Account server.

    9. If the Business Client provides a server to store and process the data, Dober is not responsible for the security of the processing, transmission and storage of this data. Business Client is responsible for ensuring the data's security and its safety.


  10. INTERNATIONAL TRANSFER OF PERSONAL DATA


    1. Dober stores data of Users on its Public server located on the territory of Ukraine and does not transfer data beyond its borders.

    2. If a Business Account User uses their Business Account Server to collect, store, process data, such Users' data may be transferred outside of the country in which the User resides, including to the EU, outside the EU, to the United States, and to any country where the Business Account Server is physically located. In such a case, the Business Account Server owner (Business Client), undertakes to ensure compliance with applicable laws in the relevant jurisdiction and to ensure the safety and security of the data of Users who are granted access to the Business Account.

    3. Dober is not responsible for and has no control over transferring the User's data who access and use the Messenger through the Business Account. If there are any questions related to Personal Information, such Users who have accessed a Messenger Business Account should contact such Business Account creator.


  11. ADDITIONAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS


    1. This additional privacy notice for California residents applies solely to California residents.

    2. The CCPA requires us to disclose the categories of Personal Information we collect about consumers in California, the categories of sources from which the information was collected, the business or commercial purposes for which the information was collected, and the categories of parties to whom we share Personal Information of California residents.

    3. If User is a California resident, the following options are available for him under the California Consumer Privacy Act ("CCPA"):

    Right to Know. You may ask no more than twice in 12 months for the following information about the Personal Information we have collected, used and disclosed about you in the past 12 months

        - the categories and specific amounts of Personal Information we have collected about you;

        - the categories of sources from which we collected Personal Information;

        - the purposes for which we collect Personal Information;

        - the categories of third parties to whom we have provided (disclosed) Personal Information;


    Right to Delete. You may request us to delete Personal Information we received from you, subject to certain limitations under the CCPA.


    The right to refuse selling your Personal Information. You have the right to refuse or object to the sale of your Personal Information. But please know that we do not sell your Personal Information.


    Non-Discrimination. The CCPA highlights that you cannot be discriminated against for exercising these rights.



  12. MAILINGS AND PROMOTIONAL OFFERS


    1. Dober does not use Users' Personal Information for advertising targeting or other commercial purposes. Dober does not share Users' Personal Information with third-party advertisers for the purpose of targeting advertisements on websites, applications and services. Dober retains only the information it needs to operate as a secure and multifunctional cloud service.

    2. Dober does not offer Users any tools to promote their messages in group chats. No Personal Information of Users is used or analyzed to show advertisements or sponsored messages.


  13. LINKS TO OTHER SITES


    1. Messenger does not contain links to external resources and does not integrate with them via API.

    2. Dober has no control over the external resources that Users may link to. If you follow a link to an external resource, you will be redirected to a website, mobile application or other resource that may collect and process your Personal Information. External resources may place their own cookies or other files on your device, collect data, or request personal information from you. We encourage you to review the privacy policies of external resources that you visit by clicking on links that Users send to each other. If you follow a link to a third party resource (website, app, etc.), you leave Dober, the rules of our Privacy Policy cease to apply to you. Dober has no control over the content of third-party resources and does not give its approval for them, nor Dober can guarantee the security and safety of your data in this case.


  14. USE OF COOKIES


    1. Dober only uses basic cookies that are designed to operate and deliver our services online. The cookies we use are small text files that enable Dober to provide, customize and enhance User interactions with Dober. You can control cookies through your device settings, including whether or not to accept them and how to delete them completely. You can block Cookies in your web browser, but please note that if you disable Cookies, you will not be able to use the web version of Dober. We do not use cookies for profiling or advertising.


  15. FEEDBACK


    1. For any questions regarding collecting and processing your Personal Information, you may contact DPO Dober at support@dober.chat. DPO Dober will respond within 10 days.

    2. You also have the right to receive additional information about your rights concerning your Personal Information by sending an email to: support@dober.chat. Dober will respond within 10 days.

    3. If you have an unresolved privacy or data use issue that we have not resolved, any questions or complaints about Dober or this Policy, you may contact us by emailing support@dober.chat. Dober will respond within 10 days. If your request, in our opinion, requires a longer resolution, we will let you know and notify you of the anticipated response time.


  16. CHANGES TO THIS POLICY


    1. Dober has the right to periodically amend, update and supplement this Policy to ensure the integrity of Personal Data, notify changes in the use of Personal Data and comply with the GDPR/CCPA.

    2. In the event of material changes that relate to Personal Information, we will notify Users of such changes by posting a newsletter in Messenger. We encourage you to review this Policy periodically to be informed of how we use your Personal Information.

    3. After making changes to the Policy, we have the right to request Users to re-consent to the updated Policy. Changes to the current Policy become effective upon publication of the amended version of the Policy.

    4. Our electronic or otherwise retained copies of this Privacy Policy shall be deemed to be accurate, complete, valid and enforceable versions of this Policy in effect at the time you interact with Dober.

    5. By continuing to interact with Dober after changes to the Policy, you agree to the changes to the Privacy Policy.

    6. This Privacy Policy was adopted and published on February 20, 2023.