Privacy Policy - Scafolding

Last updated: November 21, 2025

Introduction

Scafolding is an ADHD-friendly task management application for iOS developed by David PAVLOVSCHII, operating under the business name Doved Studio ("we", "us", or "our"). This Privacy Policy describes how we handle information in connection with your use of the Scafolding mobile application (the "App").

Scafolding is designed to help people with ADHD and executive dysfunction manage their tasks, track their progress, and improve their productivity through gamification and intelligent features.

Our Privacy Commitment

At Scafolding, your privacy is our top priority. We have built this app with privacy-by-design principles:

• Local Storage Only: All your personal data, including tasks, goals, ADHD tracking data, and gamification progress, is stored exclusively on your device using encrypted SQLite databases.
• No Data Collection: We do not collect, transmit, or store any of your personal information on our servers or any third-party servers.
• No Tracking: We do not track your behavior, usage patterns, or any other activity within the App.
• No Selling: We do not sell, rent, or share your data with third parties for commercial purposes.
• Transparency: This policy clearly outlines what data the App accesses and how it is used solely for app functionality.

Information We Collect

The App accesses certain types of information to provide its features. All information is stored locally on your device unless explicitly stated otherwise.

1. Health and Fitness Data

• Data Type: Step count from Apple HealthKit
• Purpose: To visualize correlations between your physical activity and productivity, helping you understand how movement affects your focus and task completion.
• Permission Required: You must explicitly grant access to your HealthKit data. This is optional and the App functions without it.
• Storage: Step count data is read from HealthKit but not stored permanently in the App. Only aggregated statistics for visualization purposes are kept locally.
• Third-Party Access: Your HealthKit data is never shared with us or any third party.

2. Calendar Data

• Data Types: Events, reminders, and calendar information from Apple Calendar and Google Calendar (if connected)
• Purpose: To provide a unified view of your schedule, sync tasks with calendar events, and create checklists linked to events.
• Permission Required: You must grant calendar access permissions. This is optional.
• Storage: Calendar data is accessed in real-time and displayed within the App. Event references may be stored locally to link tasks to calendar events.
• Third-Party Access:For Google Calendar integration, the App uses Google Calendar API under OAuth 2.0 authentication. We do not store your Google credentials. Your calendar data remains between you, your device, and Google's servers.

3. User Authentication Data

• Data Type: Google Sign-In authentication token (for Google Calendar integration)
• Purpose: To securely authenticate and authorize access to your Google Calendar without storing your password.
• Storage: Authentication tokens are stored securely in iOS Keychain on your device.
• Third-Party Access:Authentication is handled by Google's secure OAuth 2.0 system. We only receive a limited-scope access token to read and write calendar events.

4. Photos and Images

• Data Type: Photos selected by you to attach to tasks
• Purpose: To allow you to add visual context to your tasks (e.g., photos of documents, shopping lists, reference images).
• Permission Required: Photo library access is requested only when you choose to attach a photo to a task.
• Storage: Selected photos are stored locally in the App's secure container on your device.
• Third-Party Access: Photos are never uploaded to any server or shared with third parties.

5. Task and Goal Data

• Data Types: Tasks, subtasks, goals, categories, priorities, deadlines, completion status, notes, and checklists
• Purpose: Core functionality of the App - to help you organize and complete tasks.
• Storage: All task and goal data is stored locally in an encrypted SQLite database on your device.
• Third-Party Access: None. This data never leaves your device.

6. ADHD Tracking Data

• Data Types: Mood ratings, focus level assessments, energy level tracking, and daily symptom logs
• Purpose: To help you understand patterns in your ADHD symptoms and identify what conditions optimize your productivity.
• Storage: All ADHD tracking data is stored locally in an encrypted database on your device.
• Third-Party Access: None. This sensitive health information never leaves your device.

7. App Usage and Gamification Data

• Data Types: Task completion statistics, streak counters, achievement unlocks, badge collection, points/experience scores, Huel companion state and reactions
• Purpose: To provide gamification features that motivate you to complete tasks and maintain productivity habits.
• Storage: All gamification data is stored locally on your device.
• Third-Party Access: None. Your progress and achievements are private.

8. Device Information

• Data Types: Device model, iOS version, app version, screen size (for UI optimization)
• Purpose: To ensure the App functions correctly on your device and to optimize the user interface.
• Storage: This information is only used in-memory for app functionality and is not persistently stored or transmitted.
• Third-Party Access: None.

9. Notification Preferences

• Data Types: Notification settings, reminder preferences, notification schedule
• Purpose: To send you local notifications and reminders for your tasks as you have configured.
• Storage: Notification preferences are stored locally on your device.
• Important: All notifications are generated locally on your device. We do not use push notification servers.

How We Use Your Information

All information accessed by the App is used exclusively for the following purposes:

• Core App Functionality: To provide task management, goal tracking, and productivity features.
• Calendar Integration: To display your schedule and sync tasks with calendar events.
• Health Insights: To show correlations between physical activity and productivity.
• ADHD Support: To help you track and understand your ADHD symptoms and patterns.
• Gamification: To motivate you through achievements, badges, streaks, and the Huel companion.
• Personalization: To customize the App experience based on your preferences and settings.
• Local Notifications: To remind you about tasks and deadlines as you have configured.

We do NOT use your information for:

• Marketing or advertising purposes
• Analytics or usage tracking
• Profiling or behavioral analysis
• Selling or sharing with third parties
• Training machine learning models
• Any purpose beyond providing the App's features

Data Storage and Security

Local Storage

All your data is stored locally on your iOS device using:

• Encrypted SQLite Database: Your tasks, goals, ADHD tracking data, and gamification progress are stored in an encrypted database protected by iOS data protection APIs.
• iOS Keychain: Sensitive credentials (such as Google authentication tokens) are stored in the secure iOS Keychain.
• App Sandbox:All data is isolated within the App's secure container, inaccessible to other apps.

Security Measures

• Data at rest is encrypted using iOS native encryption (when device passcode is enabled)
• Secure communication protocols (HTTPS/TLS) for Google Calendar API requests
• OAuth 2.0 authentication for Google services (no password storage)
• Automatic data protection when device is locked
• No transmission of personal data to remote servers

Backups

Your data may be included in iOS device backups (iCloud or iTunes/Finder). These backups are controlled by Apple's backup policies and encryption. We do not have access to your backup data. If you wish to exclude the App's data from backups, you can disable iCloud backup for the App in your device settings.

Data Sharing and Third Parties

We do not sell, rent, trade, or otherwise share your personal information with third parties. The only external services the App interacts with are:

1. Apple HealthKit

• Purpose: Reading step count data (with your explicit permission)
• Data Flow: Data is read directly from HealthKit on your device; no server transmission occurs
• Privacy Policy: https://www.apple.com/legal/privacy/

2. Google Calendar API

• Purpose: Reading and writing calendar events (with your explicit permission)
• Data Flow:Calendar data is synchronized directly between your device and Google's servers using Google Calendar API
• Authentication: Handled by Google OAuth 2.0; we do not store your Google password
• Privacy Policy: https://policies.google.com/privacy

Important: We do not operate any backend servers that collect, store, or process your data. All App functionality runs locally on your device.

What We DO NOT Collect

To be absolutely clear, we do NOT collect, store, or transmit:

• Your precise or approximate location
• Your browsing history or web activity
• Your email content or messages
• Your contacts or address book
• Your microphone or voice recordings
• Your financial information or payment details (the App is currently free)
• Advertising identifiers (IDFA)
• Analytics or telemetry data
• Crash reports (unless you explicitly send them via iOS reporting)
• Device fingerprints or unique identifiers
• Any personal identifiable information (PII) that is not strictly necessary for app functionality

Your Rights and Control

You have complete control over your data:

Access and Portability

• All your data is stored locally on your device and is accessible to you at all times through the App interface
• You can export your data at any time (feature available in the App settings)

Deletion

• You can delete individual tasks, goals, or tracking entries at any time
• You can delete all app data through the App settings
• Uninstalling the App will permanently delete all local data from your device

Permission Management

• You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health
• You can revoke Calendar access at any time in iOS Settings > Privacy & Security > Calendars
• You can revoke Photo library access at any time in iOS Settings > Privacy & Security > Photos
• You can revoke Notification permissions in iOS Settings > Notifications
• You can disconnect Google Calendar integration within the App settings

GDPR Rights (for EU Users)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access (Article 15): Access your personal data stored in the App
• Right to Rectification (Article 16): Correct inaccurate data through the App interface
• Right to Erasure (Article 17): Delete your data at any time
• Right to Restriction (Article 18): Limit processing by revoking permissions
• Right to Data Portability (Article 20): Export your data in machine-readable format
• Right to Object (Article 21): Object to specific data processing (managed through permissions)

Since all data is stored locally on your device and we do not collect or process data on our servers, you can exercise these rights directly through the App or your device settings without needing to contact us.

Children's Privacy

Scafolding is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has used the App, please contact us at hello@dovedstudio.com, and we will provide guidance on deleting any local data.

In accordance with the Children's Online Privacy Protection Act (COPPA), we:

• Do not collect personal information from children under 13
• Do not knowingly allow children under 13 to register for the App
• Do not share personal information of children under 13 with third parties

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

Right to Know

You have the right to know what personal information we collect, use, and disclose. This Privacy Policy describes all information the App accesses. Since data is stored locally, you can access it directly through the App.

Right to Delete

You can delete your personal information at any time through the App settings or by uninstalling the App.

Right to Opt-Out of Sale

We do NOT sell your personal information. We have never sold personal information and do not have plans to do so in the future.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

European Privacy Rights (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we comply with the General Data Protection Regulation (GDPR):

Data Controller

David PAVLOVSCHII, operating under the business name Doved Studio, is the data controller for the App.

Legal Basis for Processing

• Consent (Article 6(1)(a)): For accessing HealthKit data, Calendar data, and Photo library
• Contract Performance (Article 6(1)(b)): For providing core App functionality (task management, gamification)
• Legitimate Interest (Article 6(1)(f)): For app optimization and ensuring proper functionality

Data Transfers

All data is stored locally on your device. The only cross-border data transfer occurs when you use Google Calendar integration, which is governed by Google's GDPR-compliant data processing terms.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the App features, or legal requirements. When we make changes:

• We will update the "Last updated" date at the top of this policy
• If changes are significant, we will notify you through the App or via the email you provided (if applicable)
• Your continued use of the App after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically. The current version will always be available within the App and at this URL.

Third-Party Privacy Policies

This Privacy Policy applies only to the Scafolding App. When you interact with third-party services through the App, their own privacy policies apply:

• Apple HealthKit: https://www.apple.com/legal/privacy/
• Apple Calendar: https://www.apple.com/legal/privacy/
• Google Calendar: https://policies.google.com/privacy
• Google OAuth: https://policies.google.com/privacy

We recommend reviewing these third-party policies to understand how they handle your data.

App Tracking Transparency (ATT) Statement

In compliance with Apple's App Tracking Transparency framework:

Scafolding does NOT track you across apps and websites owned by other companies.

• We do not use your device's advertising identifier (IDFA)
• We do not share your data with data brokers
• We do not use your data for targeted advertising
• We do not create user profiles for advertising or marketing purposes

You will NOT see an App Tracking Transparency permission prompt when using Scafolding because we do not engage in any tracking activities that require such permission.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or how the App handles information, please contact us:

• Email: hello@dovedstudio.com
• Business Name: Doved Studio
• Owner: David PAVLOVSCHII
• Address: 200 rue de la Croix Nivert, 75015 Paris, France

We will respond to your inquiry within a reasonable timeframe, typically within 30 days for GDPR-related requests.