د DIDO

Privacy Policy

Last updated · May 4, 2026

About this policy

A short read on what we collect, why, and what you can do about it.

This Privacy Policy explains how KARCHEDON ("we", "us", "our") handles personal data when you use DIDO ("the App"), a project tracking application provided to clients of Karchedon. By signing in to DIDO, you acknowledge the practices described below.


Who we are

The data controller responsible for your personal data.

The data controller for personal data processed through DIDO is:

KARCHEDON
Skanes, Monastir, Tunisia
contact@karchedon.com

If you signed in to DIDO using credentials issued by your employer or another organization, that organization may act as a joint controller for some of your data. Contact them for matters specific to their internal records.


Data we collect

We collect only what's needed for the App to work.

  • Account data — your email address, hashed password, display name, and the organization you belong to.
  • Authentication data — session tokens issued when you sign in.
  • Project data — the requests, quotes, messages, attachments (including PDFs), statuses, and timestamps you create or receive in the App.
  • Notification data — your push notification token (issued by Apple) if you grant permission, plus the read/unread state of in-app notifications.
  • Technical data — device type, operating system version, App version, and IP address, logged by our infrastructure for security and abuse prevention.

We do not collect location data, contacts, photos beyond what you explicitly attach to a message, advertising identifiers, or biometric data.


How we use your data

Operating the App you signed up for — nothing more.

  • Authenticate you and keep your session secure.
  • Display your requests, quotes, messages, and notifications.
  • Deliver push notifications when you enable them.
  • Provide customer support and respond to your messages.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with our legal obligations.

We do not sell your data, use it for advertising, or build behavioral profiles.



Sharing & sub-processors

A small set of trusted infrastructure providers — and no one else.

To run DIDO, we rely on the following sub-processors, each acting on our behalf under contractual data-protection commitments:

Google Firebase & Google Cloud
Authentication, database (Cloud Firestore), and file storage. Operated by Google Ireland Limited and Google LLC. firebase.google.com/support/privacy
Apple Inc.
App Store distribution and the Apple Push Notification service, when you enable notifications.

The DIDO backend at qdb.karchedon.com is operated directly by KARCHEDON on its own infrastructure in Tunisia and is not delegated to a third party.

We do not share your data with advertisers, data brokers, or third-party analytics providers.

We may disclose data when required by law, a valid court order, or to protect the rights, property, or safety of users or the public.


International transfers

Your data may travel — but always with safeguards.

Some of our sub-processors are based outside the European Economic Area, including in the United States. Where personal data is transferred internationally, we rely on the European Commission's Standard Contractual Clauses, adequacy decisions, or equivalent safeguards required under applicable data protection law.


Data retention

We keep data only as long as we need it.

  • Account data — for as long as your account is active.
  • Project data — for the duration of the contractual relationship between KARCHEDON and your organization, plus any retention period required by law (typically up to five years for commercial records).
  • Logs and security data — up to twelve months.
  • Backups — purged within ninety days of deletion from production.

When you ask us to delete your account, we erase or anonymize your personal data on the schedule above, except where law requires longer retention.


Your rights

You stay in control of your personal data.

Subject to your jurisdiction, you have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority — in Tunisia, the INPDP (Instance Nationale de Protection des Données à Caractère Personnel). EU-based users may also lodge a complaint with the supervisory authority in their country of residence.

To exercise these rights, email us at contact@karchedon.com. We respond within thirty days.


Security

Layered, industry-standard protections.

We safeguard your data with TLS encryption in transit, encrypted database storage, scoped access controls, hashed passwords, and regular security reviews. No system is perfectly secure, so we encourage you to choose a strong, unique password and to enable device-level protection.

If we ever experience a personal data breach affecting you, we will notify you and the competent supervisory authorities within the timeframes required by law.


Children

DIDO is a B2B tool, not a product for children.

The App is not intended for children, and we do not knowingly collect personal data from anyone under sixteen. If you believe a child has provided us with personal data, please contact us and we will delete it.


Changes to this policy

We'll tell you when something material changes.

We may update this Privacy Policy as the App evolves. The "Last updated" date at the top of this page reflects the most recent revision. We will communicate material changes inside the App or by email to your account address.


Contact us

Questions, requests, or concerns — we're here.

For privacy questions, data subject requests, or to report a concern:

Email · contact@karchedon.com

Mail · KARCHEDON, Skanes, Monastir, Tunisia