Privacy Policy

Last updated: May 12, 2026

DoItNow runs your AI workspace on infrastructure we operate, but the contents of that workspace — your code, your messages, your memory — belong to you. This policy explains what we store, where it lives, who can see it, and how to take it with you when you leave.

DoItNow is operated by DoItNow Inc. (“DoItNow”, “we”). For questions email support@doit-now.ai.

1. What we collect

1.1 Account information

  • Email address, display name, and avatar URL from your OAuth provider (Google or GitHub) when you sign up.
  • Subscription tier and billing-related metadata when you pay.
  • Linked channel identities (Telegram username, Slack workspace memberships, Discord IDs) only after you explicitly connect them.

1.2 Workspace contents

  • Chat messages you send through any connected channel (Telegram, Slack, Discord, the web chat) and the AI's replies. These live on your workspace's persistent volume (~/.doitnow/lifelog/) and are indexed locally so the AI can recall past context. The lifelog never leaves your Pod.
  • Files, code, and any other content you create inside your workspace. Stored on the same persistent volume, mounted into your Pod at/home/user.
  • Your WORKSPACE.md context, capped at 4 KiB. Stored in our control-plane database because the dashboard needs to edit it without booting your Pod; injected into the Pod as an environment variable on every restart.

1.3 Third-party service credentials

When you connect a service (Supabase, Vercel, GitHub, …) we receive an OAuth access token on your behalf. Tokens are stored encrypted at rest in AWS Secrets Manager under names scoped to your workspace (doitnow/<service>/workspace/<id>/...). We never log token values and they are never returned in any API response.

1.4 Operational metadata

  • Request logs for the control-plane API (path, status, timing).
  • Token-usage records for billing when you use Platform mode AI credits (provider, model, token counts — never the prompt or response text).
  • Audit log of every administrative action that touches your account (admin_audit_log).

2. What we never do

  • We do not sell your data.
  • We do not train any model on your messages, files, or workspace contents.
  • We do not share workspace contents with anyone except as required to operate the service (see § 4 on subprocessors) or to comply with valid legal process.

3. Where your data lives

DataLocationEncryption
Account profile, workspace metadataAWS RDS (ap-northeast-2)At rest (AWS KMS) + in transit (TLS)
Workspace files, chat history, lifelogYour Pod's EBS persistent volumeAt rest (EBS KMS) + isolated per workspace
OAuth tokens, BYOK API keysAWS Secrets ManagerAt rest (KMS) + IAM-scoped read
Request logsCloudWatch / app stdoutAt rest (CloudWatch managed)

All infrastructure runs in AWS ap-northeast-2 (Seoul). We do not currently replicate user data to other regions.

4. Subprocessors

We use the following third-party services to operate DoItNow:

  • AWS — compute, storage, database, secrets, KMS.
  • Anthropic — Claude models when you use Platform mode with the Claude provider. Prompts/responses flow through Anthropic's API to generate replies; Anthropic's own retention policy applies to that surface.
  • OpenAI / Google / Moonshot — model providers for the equivalent Platform modes. Same boundary.
  • Slack, Telegram, Discord — message delivery for the channels you connect. Each platform's policy governs how messages cross their wire.
  • Stripe — payment processing.

We never send your data to a subprocessor we haven't listed above without updating this policy first.

5. Your rights

  • Export — download a .zip of your workspace at any time from Dashboard → Workspace → Privacy → Export. The bundle includes message history, channel registrations, audit trail, and a pod-home.tar.gz of your /home/user. Secrets are replaced with placeholders (the actual token values never leave AWS Secrets Manager).
  • Inspect access — Dashboard → Workspace → Privacy → “Has DoItNow's system ever seen my data?” surfaces every admin / system access to your account. Self-export events are logged too, so you have a full record.
  • Delete — deleting a workspace removes its persistent volume, all rows tied to it, and (after a 7-day grace window) its Secrets Manager entries. Deleting your account from Dashboard → Settings does the same for everything attached to your user_id. Backups are purged within 30 days.
  • Access / correction — most of your data is editable directly on the dashboard. For anything you can't change yourself email support@doit-now.ai.

6. Children

DoItNow is not directed at children under 14. We do not knowingly collect data from anyone under that age. If you believe a child has signed up, contact us and we will delete the account.

7. Changes

We will note material changes to this policy at the top of this page and email account-holders at least 14 days before they take effect. Continued use of DoItNow after that date constitutes acceptance.

8. Contact

DoItNow Inc.
Email: support@doit-now.ai