Duudi

Legal

Privacy Policy

Last updated: May 15, 2026

Duudi is a workspace for solo freelancers — your tasks, notes, invoices, and meetings, in one calm place. This page explains, in plain words, what we collect, what we don't, and what we do with it.

Who we are

Duudi is operated by Kent Wong (kent@adaptconcepts.com). If you have any privacy question, that's the inbox.

What we collect

  • Account info — your name, email, and either a password hash (if you sign up with email/password, hashed with PBKDF2) or a Google account identifier (if you sign in with Google).
  • Workspace content — everything you create: tasks, notes, invoices, meetings, projects, clients. You own it; we store it so it survives across devices.
  • Technical signals — IP address and browser user-agent for rate limiting and bot prevention. We don't keep an analytics log of which pages you visit.

What we don't do

  • We don't sell your data.
  • We don't share it with third parties for advertising.
  • We don't use your notes, tasks, or invoices to train AI models.
  • We don't run third-party analytics, ad networks, or tracking pixels.
  • We don't email you marketing (we don't currently send email at all).

How we use your data

  • To provide the service: render your workspace, save your edits, generate your PDFs.
  • To keep you signed in: a single signed, httpOnly session cookie.
  • To prevent abuse: rate limiting, Cloudflare Turnstile on signup.
  • To respond to support requests when you email us.

Service providers we use

  • Neon — managed PostgreSQL where your workspace data lives. Encrypted in transit (TLS) and at rest.
  • Cloudflare — hosts the application (Pages), the bot-check (Turnstile), and DNS. Cloudflare sees request metadata.
  • Google — only when you choose to sign in with Google. They confirm your identity to us; that's it.

Each of these has their own privacy policy worth reading if you care.

Cookies

One cookie: duudi-session, signed and httpOnly, used to keep you logged in. No analytics cookies, no third-party tracking cookies.

Public share links

When you click "Share" on a note, we generate a random token and your note becomes readable at /share/{'{'}token{'}'}. Anyone with that link can read the note — we don't further restrict who. You can revoke the link from the note's share menu, which immediately deletes the token.

Your rights

  • Access — everything we store about you is visible inside the app.
  • Export — notes export as Markdown; invoices export as PDF. A bulk export endpoint is on the roadmap.
  • Correction — edit it in the app.
  • Deletion — email kent@adaptconcepts.com and we'll permanently delete your account and content within 7 days. (A self-serve delete button is coming.)

Data retention

We keep your data as long as your account exists. When you delete your account, every row tied to your user_id is dropped from the database (via Postgres ON DELETE CASCADE). We don't keep "soft-deleted" copies.

Children

Duudi isn't intended for users under 16. Please don't sign up if you're younger than that.

Changes

If we change how we handle data, we'll update this page and the "Last updated" date. For material changes we'll surface a notice the next time you sign in.

Contact

Questions? kent@adaptconcepts.com. A real human will reply.

← Back to home