About this policy
A short read on what we collect, why, and what you can do about it.
This Privacy Policy explains how KARCHEDON ("we", "us", "our") handles personal data when you use DIDO ("the App"), a project tracking application provided to clients of Karchedon. By signing in to DIDO, you acknowledge the practices described below.
Who we are
The data controller responsible for your personal data.
The data controller for personal data processed through DIDO is:
KARCHEDON
Skanes, Monastir, Tunisia
contact@karchedon.com
If you signed in to DIDO using credentials issued by your employer or another organization, that organization may act as a joint controller for some of your data. Contact them for matters specific to their internal records.
Data we collect
We collect only what's needed for the App to work.
- Account data — your email address, hashed password, display name, and the organization you belong to.
- Authentication data — session tokens issued when you sign in.
- Project data — the requests, quotes, messages, attachments (including PDFs), statuses, and timestamps you create or receive in the App.
- Notification data — your push notification token (issued by Apple) if you grant permission, plus the read/unread state of in-app notifications.
- Technical data — device type, operating system version, App version, and IP address, logged by our infrastructure for security and abuse prevention.
We do not collect location data, contacts, photos beyond what you explicitly attach to a message, advertising identifiers, or biometric data.
How we use your data
Operating the App you signed up for — nothing more.
- Authenticate you and keep your session secure.
- Display your requests, quotes, messages, and notifications.
- Deliver push notifications when you enable them.
- Provide customer support and respond to your messages.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with our legal obligations.
We do not sell your data, use it for advertising, or build behavioral profiles.
Legal basis
For users in the European Union, United Kingdom, and other GDPR-aligned jurisdictions.
As a Tunisian-established controller, KARCHEDON processes personal data in compliance with Loi organique n° 2004-63 du 27 juillet 2004 on the protection of personal data. Where the GDPR or UK GDPR also applies — for example because users reside in the EU or the UK — we rely on the following legal grounds:
- Contract — to provide DIDO to you and to the organization that issued your account.
- Legitimate interest — to keep the service secure, debug technical issues, and prevent abuse.
- Consent — for push notifications, granted via the iOS permission prompt.
- Legal obligation — where law requires us to retain or disclose specific data.
International transfers
Your data may travel — but always with safeguards.
Some of our sub-processors are based outside the European Economic Area, including in the United States. Where personal data is transferred internationally, we rely on the European Commission's Standard Contractual Clauses, adequacy decisions, or equivalent safeguards required under applicable data protection law.
Data retention
We keep data only as long as we need it.
- Account data — for as long as your account is active.
- Project data — for the duration of the contractual relationship between KARCHEDON and your organization, plus any retention period required by law (typically up to five years for commercial records).
- Logs and security data — up to twelve months.
- Backups — purged within ninety days of deletion from production.
When you ask us to delete your account, we erase or anonymize your personal data on the schedule above, except where law requires longer retention.
Your rights
You stay in control of your personal data.
Subject to your jurisdiction, you have the right to:
- Access the personal data we hold about you.
- Ask us to correct inaccurate or incomplete data.
- Ask us to delete your data ("right to be forgotten").
- Restrict or object to certain processing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a data protection authority — in Tunisia, the INPDP (Instance Nationale de Protection des Données à Caractère Personnel). EU-based users may also lodge a complaint with the supervisory authority in their country of residence.
To exercise these rights, email us at contact@karchedon.com. We respond within thirty days.
Security
Layered, industry-standard protections.
We safeguard your data with TLS encryption in transit, encrypted database storage, scoped access controls, hashed passwords, and regular security reviews. No system is perfectly secure, so we encourage you to choose a strong, unique password and to enable device-level protection.
If we ever experience a personal data breach affecting you, we will notify you and the competent supervisory authorities within the timeframes required by law.
Children
DIDO is a B2B tool, not a product for children.
The App is not intended for children, and we do not knowingly collect personal data from anyone under sixteen. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to this policy
We'll tell you when something material changes.
We may update this Privacy Policy as the App evolves. The "Last updated" date at the top of this page reflects the most recent revision. We will communicate material changes inside the App or by email to your account address.
Contact us
Questions, requests, or concerns — we're here.
For privacy questions, data subject requests, or to report a concern:
Email · contact@karchedon.com
Mail · KARCHEDON, Skanes, Monastir, Tunisia