Dossier Icon
Download on the App Store Get it on Google Play

Dossier: Intimate Insights — Privacy Policy

Last Updated: 2025-12-29

Welcome to Dossier: Intimate Insights (“Dossier”). Your privacy is our priority. This Privacy Policy explains how we handle your information — both offline and online — and how we comply with privacy laws in Australia and around the world.

1. Who We Are

Dossier is developed and operated by Aionian Pty Ltd.
ABN: 681 219 581
Email: privacy@xoxodossier.com
Address: Suite 1110 Ground Floor, 97-99 Bathurst St, Sydney NSW 2000

2. What We Collect

Offline Data – Not Collected

All personal entries — such as experiences, activities, people, stats, metrics, and related media — are stored locally on your device. We do not collect or transmit this information unless you explicitly choose to share it through a chat feature.

You remain in full control of your offline data at all times.

Online Features – Minimally Collected

When you use Dossier’s chat or connection features, we collect:

  • Device ID and friend codes (to enable private connection)
  • Public keys (for end-to-end encryption)
  • Encrypted messages/media (held temporarily for delivery only)
  • Push tokens (to send message notifications)
  • Media hashes (non-reversible, used to detect abuse)

We do not collect your name, phone number, GPS, or email unless you explicitly provide them.

Email Signups

If you choose to sign up for Dossier updates on our website, we collect your email address so we can share occasional notes about new features, early access programs, or private invites. These emails are infrequent, never published publicly, and every message includes an unsubscribe link. We do not sell or rent email addresses to third parties.

3. How We Use Your Data

Purpose Lawful Basis (GDPR)
Connecting users securely Contractual necessity (Art. 6(1)(b))
Delivering encrypted messages/media Contractual necessity (Art. 6(1)(b))
Push notifications Legitimate interest (Art. 6(1)(f))
Abuse prevention (device bans, hash checks) Legitimate interest (Art. 6(1)(f))
Optional analytics Consent (Art. 6(1)(a))

We do not:

  • Sell your data
  • Use your data for targeted advertising
  • Profile users based on sensitive information

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing personal data:

  • Article 6(1)(a) – your consent (e.g. for optional analytics)
  • Article 6(1)(b) – contractual necessity (e.g. for encrypted messaging and chat features)
  • Article 6(1)(f) – our legitimate interests (e.g. for app security, abuse prevention, and push notifications)

Where required, you may withdraw consent at any time by disabling the relevant feature in your settings or contacting us.

4. Analytics and Advertising

Optional Analytics

If you opt in, we may collect anonymous analytics to improve performance, such as:

  • Feature usage (e.g. screens opened)
  • Crash logs
  • Device type or OS version

No personal, sensitive, or chat content is included.

Advertising

Dossier uses Google AdMob to serve in-app advertisements for users on the free tier. These ads may be personalized or non-personalized depending on your region and device settings.

  • Ads are not shown to users who upgrade to the paid version of the app (Dossier: Unhinged).
  • We do not share your sensitive personal data with advertisers.
  • Ad delivery is handled in accordance with Google's advertising policies, including GDPR and CCPA compliance where applicable.

You can manage ad preferences or opt out of personalized ads via your device settings.

California Privacy Notice (CCPA/CPRA)

We do not sell your personal information. We do not share data with third parties for cross-context behavioral advertising.

We will never discriminate against users who choose to exercise their rights under the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA).

5. Opting Out

Feature How to Opt Out
Analytics Toggle off in app settings
Notifications Disable in your device’s notification settings
Online/chat features Don’t use them — app functions offline by default
All data Delete your entries or uninstall the app

6. Data Retention & Deletion

Data Type Retention How to Delete It
Offline content Stored only on device Delete in app or uninstall
Encrypted messages/media Temporary (for delivery only) Auto-deleted after read by recipients
Friend codes & device ID Until manually reset Reset in app or email us
Push tokens Until identity is reset Disable notifications
Analytics Max 12 months Toggle off or contact us

Deletion Policy

For deletion of any server-held identifiers or online data (e.g. friend codes, device IDs, push tokens, or analytics if enabled), please submit a request as follows:

  • Send an email to support@xoxodossier.com.
  • Include your Dossier identity PIN code (found in the app’s settings). Requests without your PIN cannot be processed.
  • If you no longer have access to the app or your PIN, we are unable to complete your deletion request.
  • Offline content is stored on your device only; to delete it, remove within the app or uninstall the app.

We aim to process verified deletion requests within 30 days, subject to lawful retention obligations.

7. Third-Party Services

We use secure third-party infrastructure to enable features like encrypted messaging and push notifications. These providers:

  • Temporarily process data only as needed for delivery
  • Do not access or store your personal content
  • Are required to comply with international privacy and security standards

Data may be processed in countries such as the United States or the European Union, with safeguards like TLS encryption, data minimisation, and Standard Contractual Clauses in place.

A full list of our sub-processors is available upon request. Contact privacy@xoxodossier.com.

For international transfers of data outside the European Economic Area (EEA), we ensure compliance with Chapter V of the GDPR by implementing appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable.

We assess the privacy and security practices of all third-party services we use and only partner with providers that meet strong data protection standards.

8. Abuse, Safety & Legal Compliance

Dossier is committed to maintaining a safe, lawful platform. We take reasonable and proportionate steps to detect and prevent the misuse of our app, in accordance with applicable international laws, including the GDPR and Australian Privacy Principles.

To support this:

  • We reserve the right to suspend or restrict access where we believe Dossier is being used unlawfully (e.g. to share non-consensual or illegal content)
  • We may use automated systems to detect known child sexual abuse material (CSAM), using privacy-preserving technologies such as file hashing or pattern matching, where technically feasible
  • These systems do not involve human review and do not retain the media itself
  • We may retain non-reversible hashes of flagged content, but only to comply with mandatory reporting or abuse prevention obligations
  • Under the GDPR, this is carried out under Article 6(1)(c) (compliance with legal obligation) and Article 6(1)(f) (legitimate interest in preventing abuse and ensuring platform integrity)

9. Data Breaches

In the unlikely event of a breach involving your personal data:

  • We will notify affected users as required by the Australian Notifiable Data Breaches Scheme and relevant international laws (e.g. GDPR Art. 33)
  • We will take immediate action to secure affected systems

10. Law Enforcement & Legal Requests

We only share data with authorities when legally compelled to do so. Where required:

  • We may provide limited metadata (e.g. device ID, friend code)
  • We do not provide message or content access unless legally required and technically feasible (subject to encryption)

11. Privacy by Design

Dossier is built with Privacy by Design principles. That means:

  • Default local data storage
  • Encryption-first communication
  • Minimal data collection
  • No ad tech or hidden tracking
  • User control and transparency throughout

We regularly review our security practices and platform architecture to uphold this standard.

12. Your Rights

Depending on your country, you may have the right to:

  • Access the data we hold about you
  • Correct or delete your information
  • Withdraw consent (for analytics, etc.)
  • Lodge a complaint with your local data authority

If you are located in the European Union, you may also have the right to:

  • Request a copy of your personal data in a portable format
  • Object to or restrict certain types of processing
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@xoxodossier.com.

13. Children

Dossier is not intended for users under 16 years old. We do not knowingly collect or store data from minors.

14. Changes to This Policy

We may update this Privacy Policy as features evolve or laws change. When we do, we’ll notify you in the app or via our website. Continued use after updates means you agree to the revised terms.

15. Contact Us

If you have questions, concerns, or privacy requests:

Email: privacy@xoxodossier.com
Aionian Pty Ltd
Suite 1110 Ground Floor, 97-99 Bathurst St, Sydney NSW 2000
ABN: 681 219 581