Privacy Policy
Last updated: March 9, 2026
📋 Godos is a cloud-connected app. To use it, you create an account and your data — including your tasks, lists, and conversations — is stored on our servers. This policy explains what we collect, why, and your rights over that data.
1. About Godos
Godos ("we", "our", or "the app") is a task management and productivity application for iOS, developed by ALIV CODE Ltd. Godos is a cloud-based service that requires account registration. Core features include to-do lists, a daily planner, an AI chat assistant, list sharing, and a friends/social system.
This Privacy Policy explains what information we collect when you use Godos, how we use it, and your rights regarding that information.
2. Account Registration
Using Godos requires creating an account. During registration we collect:
- Your email address (used for authentication and email verification via AWS Cognito)
- A username (public-facing identifier within the app)
- A display name (shown in your profile and to other users)
- A password (hashed and managed by AWS Cognito — we do not store your plaintext password)
You may also enable multi-factor authentication (TOTP-based), which is managed through AWS Cognito.
3. Data We Collect and Store
All core app data is stored server-side in our cloud database (MongoDB Atlas). The following information is collected and stored on our servers:
| Category | What we store |
|---|---|
| Account & profile | Email, username, display name, account settings, theme preferences |
| Tasks & to-do lists | Title, description, status, priority, due dates, tags, estimated time, subtasks, list membership |
| Daily planner | Planned items and scheduling data |
| AI chat sessions | Full conversation history with the AI assistant, stored per session |
| Social & sharing | Friends list, friend requests, shared lists, list membership and permissions |
| Security events | Event type, timestamp, IP address, User-Agent string, associated user ID |
| Policy acceptance | Timestamp, IP address, and User-Agent recorded when you accept our Terms of Service and Privacy Policy |
| Feedback & reports | In-app feature requests and bug reports you submit |
Your device stores only authentication tokens and a small number of local preference flags (such as theme selection and pending list acceptance IDs). No substantial app data is stored offline on your device.
4. Third-Party Services
Godos relies on the following third-party infrastructure to operate:
- AWS Cognito — handles user authentication, identity management, email verification, and MFA. Subject to Amazon's Privacy Policy.
- MongoDB Atlas — cloud-hosted database where all app data is stored. Subject to MongoDB's Privacy Policy.
- Redis — used for rate limiting and server-side caching. Transient data only; no persistent personal data.
- LLM provider (OpenAI-compatible API) — powers the in-app AI chat assistant. Messages you send to the AI assistant may be processed by this provider. We recommend you do not share sensitive personal information in AI chat sessions.
Additionally, Apple's App Store independently collects certain usage data (e.g. crash reports, download statistics) as described in Apple's Privacy Policy.
5. How We Use Your Data
We use the data we collect to:
- Provide, maintain, and improve the Godos app and its features
- Authenticate your identity and secure your account
- Enable social features such as friends, list sharing, and user search
- Power the AI chat assistant
- Detect and respond to security incidents and abuse
- Maintain an audit trail of consent to our Terms of Service and Privacy Policy
- Respond to your feedback, bug reports, and feature requests
We do not sell your personal data. We do not use your data for advertising.
6. Security Event Logging
Our backend logs security-relevant events (such as login attempts, password changes, and suspicious activity). These logs include event type, timestamp, IP address, User-Agent string, and user ID. This data is used solely for security monitoring and is not shared with third parties except as required by law.
7. Data Retention and Account Deletion
Your data is retained for as long as your account is active. If you delete your account through the app, your backend data — including your profile, tasks, lists, and chat history — is permanently deleted. Authentication credentials are removed from AWS Cognito at the same time.
The following categories of data may be retained after account deletion for legal and audit purposes:
- Security event logs (login attempts, IP addresses, User-Agent strings) — retained for up to 12 months
- Consent records (timestamps and metadata recording your acceptance of our Terms and Privacy Policy) — retained for up to 7 years to demonstrate legal compliance
- Any data we are required to retain by applicable law — retained for the period required by that law
All retained data is held securely and used only for the purposes described above.
8. Social Features and Shared Data
Godos includes social features. Please be aware of the following:
- Your username and display name are visible to other users when they search for you or view shared lists.
- When you share a list with another user, they can view the contents of that list.
- Friend relationships (who you are friends with) are stored on our servers.
9. AI Chat Assistant
Godos includes an AI-powered chat assistant. Conversations are stored server-side and linked to your account. Messages may also be transmitted to our LLM provider to generate responses. Do not share sensitive personal, financial, or health information with the AI assistant.
10. Children's Privacy
Godos is intended for users aged 13 and over. This minimum age aligns with UK GDPR and the ICO's Age Appropriate Design Code, which permits services to set a minimum age of 13 for UK users when appropriate safeguards are in place.
If you are located in an EU member state that has set a higher age of digital consent (up to 16 under EU GDPR), you must have obtained parental or guardian consent before using Godos. We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child below the applicable age threshold has created an account, please contact us at [email protected] and we will promptly delete that account and its associated data.
11. Your Rights Under UK GDPR and Applicable Data Protection Law
As a user of Godos, you have the following rights under UK GDPR (and, where applicable, EU GDPR):
- Right of access — you may request a copy of the personal data we hold about you
- Right to rectification — you may ask us to correct inaccurate or incomplete data
- Right to erasure — you may request deletion of your personal data; you can also delete your account directly in the App at any time
- Right to restrict processing — you may ask us to limit how we use your data in certain circumstances
- Right to data portability — you may request your data in a structured, commonly used, machine-readable format
- Right to object — you may object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or — if you are in the EEA — with your local data protection authority.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via an in-app notice. The "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this page periodically.
13. Contact Us
If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at: