Skip to main content
Main
Sign in Register company

dont policy

Privacy Policy

dont stores business data so companies can run requests, offers, projects, procurement planning, finance, approvals, and Google-connected communication or calendar workflows in one system.

What we store

  • dont is a product made and operated by dont SIA. The official dont support mailbox for product, privacy, and Google verification questions is assist@dont.lv.
  • Account information, workspace membership, business records, communication records, operational logs, and security events.
  • Business data is processed to deliver the product, improve reliability, and surface rules-based workflow recommendations.

How we use data

  • To run the service, secure accounts, detect abuse, support audit trails, and improve product performance.
  • We do not expose one company’s records, Google-connected data, finance data, recommendations, or workflow history to another company.

Google OAuth, Gmail, and Calendar data

  • If a user connects Gmail, dont requests only the configured Google OAuth scopes needed to identify that user's mailbox, read messages for that user's communication sync, and send user-directed Gmail messages from dont.
  • If a user connects Google Calendar, dont requests only the configured Google OAuth scopes needed to identify that user's calendar account, list calendars, sync selected calendar events, and create or update calendar events when two-way sync is enabled.
  • Personal OAuth connections are private to the connecting user. Company admins cannot access a user's private connected Gmail or Calendar data by resetting that user's dont password.
  • dont uses individual user OAuth for Google integrations. It does not use Google Workspace domain-wide delegation, service-account impersonation, or an dont superadmin role to access Gmail or Calendar data for Google accounts that have not connected and consented.
  • When a connected user syncs Gmail messages or Calendar events into an authorized company workspace, those synced dont records may be visible to users with the relevant workspace permissions. That workspace visibility does not give admins direct Google account access or Workspace-wide mailbox/calendar access.
  • Private Gmail and Calendar views require the connecting user to enable and recently verify two-factor authentication before OAuth connection, display, sync, or management.
  • If an dont admin/support account attempts unauthorized access to another user's private Google data through the application or admin tools, dont blocks the request, locks that user's private Google integrations, clears stored Google OAuth tokens, records a security audit event, and requires the user to reconnect Google.
  • If an dont password is changed, 2FA is reset, or repeated private-integration 2FA checks fail, dont locks personal OAuth connections for that user by clearing stored OAuth tokens and requiring reconnection by the user.
  • Google user data is used only to provide Gmail sync, Gmail sending, and calendar sync features for the connecting user, and is not sold, shared for advertising, or used to train generalized AI models.
  • dont personnel do not read Google message or calendar content unless the user requests support, access is required for security or abuse investigation, or access is required by law.
  • dont's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
  • OAuth access and refresh tokens are stored encrypted, can be disconnected by the connected user, and are cleared when the Gmail mailbox or calendar connection is disconnected.

Security and retention

  • Access is permission-scoped. Historical records may be retained for audit, finance, accounting, legal, security, and operational integrity.
  • dont keeps company, user, payment, login, and related business records for up to 10 years where required or justified by legal, accounting, audit, or security obligations.
  • Expired, unpaid, canceled, or locked company workspaces are retained and access-restricted instead of being automatically deleted before the retention period ends.
  • If you have legal or data questions, contact the company workspace owner or dont support.

Private workspace limits

  • dont does not publish one company’s internal contacts, margins, files, workflow rules, or private relationship data to other companies or anonymous visitors.
  • Any future public visibility feature must be explicitly enabled before company information is shown outside the private workspace.

Support contact

assist@dont.lv