Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Doodlez.io ("we", "us", "our"), operated by an individual based in the Netherlands, collects, uses, and protects your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection law.

1. Data Controller

The data controller for Doodlez.io is an individual based in the Netherlands. For any privacy-related queries, contact us at info@doodlez.io.

2. Data We Collect

Account data: When you register, we collect your email address, username, display name, and password (stored as a bcrypt hash). If you sign in via Google or Facebook, we receive your name, email and profile picture from those services.

Profile data: Any information you choose to add to your profile, including bio, avatar, banner image, and social links.

Content data: Drawings you create and publish, including stroke data, titles, tags, and thumbnails.

Usage data: Likes, comments, follows, and notifications generated through your use of the Service.

Technical data: Standard server logs including IP addresses, browser type, and pages visited. This data is retained for a maximum of 30 days.

Advertising data: If you use the free tier, Google AdSense may collect data about your browsing behaviour to serve personalised advertisements. See section 7 for details.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR:

  • Contract: Processing necessary to provide the Service you have signed up for (account management, storing your drawings, social features)
  • Legitimate interests: Service security, fraud prevention, and improving the platform
  • Consent: Personalised advertising via Google AdSense (you may withdraw consent at any time via cookie settings)
  • Legal obligation: Where required by applicable law

4. How We Use Your Data

  • To provide, operate, and improve the Service
  • To manage your account and authenticate you
  • To display your published drawings and profile to other users
  • To send you notifications about activity on your content
  • To detect and prevent abuse, spam, and violations of our Terms of Service
  • To comply with legal obligations

5. Data Sharing

We do not sell your personal data. We share data only with the following third parties as necessary to operate the Service:

  • Supabase — database and file storage (servers in the EU)
  • Vercel — hosting and deployment
  • Google — OAuth sign-in and AdSense advertising
  • Facebook (Meta) — OAuth sign-in

All third-party processors are required to handle your data in accordance with GDPR.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Published drawings are removed from public view immediately upon account deletion.

7. Google AdSense and Cookies

The free tier of Doodlez.io uses Google AdSense to display advertisements. Google AdSense uses cookies and similar tracking technologies to serve personalised ads based on your browsing behaviour. Google's use of advertising cookies is governed by Google's Privacy Policy at policies.google.com/privacy.

You can opt out of personalised advertising by visiting adssettings.google.com or by adjusting your cookie preferences via our cookie consent banner.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restriction: Request that we restrict processing of your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for advertising cookies at any time

To exercise any of these rights, contact us at info@doodlez.io. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including encrypted storage, HTTPS, and bcrypt password hashing. However, no system is completely secure and we cannot guarantee absolute security.

10. Children's Privacy

Doodlez.io is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the platform. The date at the top of this page indicates when it was last updated.

12. Contact

For any privacy-related questions or to exercise your rights, contact us at info@doodlez.io.