Privacy Policy — Duet

Last updated: 5 September 2025

1. Who We Are

Duet (duet.is and the Duet mobile/desktop apps) is operated by Meraki.so LLC. We are the data controller for personal information processed through Duet.

2. What We Collect

  • Account details: e-mail, full name, phone number, password hash, timezone, City and Country, Interests and subscription status.
  • Relationship data: events, dates, shared tasks, notes, reminders, photos you attach, profile pictures.
  • WhatsApp (default integration): if you join the Duet group, message text, sender and timestamp are processed to generate structured content. We do not build permanent logs of message bodies.
  • Other integrations: if you connect calendars or contacts we import only the minimum information needed.
  • Device & usage data: log files, IP address, app/browser version, device model, operating system, crash reports.
  • Payment information: receipts from purchases or limited card-holder data from payment processors.

3. Legal Bases (GDPR/UK GDPR)

  • Contract: to create your account and deliver the service.
  • Legitimate interests: fraud prevention, product improvement, analytics.
  • Consent: WhatsApp group integration, marketing e-mails, optional cookies. Consent can be withdrawn at any time (by leaving the group or adjusting settings).
  • Legal obligation: invoicing and bookkeeping records.

4. How We Use Data

  • Provide and secure the service.
  • Sync tasks, notes, reminders across devices.
  • Send push notifications and e-mail reminders.
  • Generate AI-driven tasks and relationship insights from WhatsApp group messages.
  • Process payments and manage subscriptions.
  • Respond to support requests.

5. WhatsApp Integration (Default)

  • All messages in the group are processed to generate notes, tasks and reminders.
  • Messages are transmitted securely to Duet’s servers, then forwarded in snippet form to OpenAI for structured outputs.
  • No permanent logs of message bodies are kept. Derived content (tasks/notes) remains until you delete it.
  • Risk disclosure: whatsapp-web.js is not part of the official WhatsApp Business Platform. There is a risk WhatsApp may limit or suspend your account.
  • Opt-out: leave the group at any time to stop processing.

6. Sharing & Transfers

We do not sell your personal data. We only share it with service providers and sub-processors who are strictly necessary to operate Duet, including OpenAI for message processing. Where data is transferred outside the EEA/UK, we rely on adequacy decisions or Standard Contractual Clauses.

7. Data Retention

  • Active accounts: data kept while your account is open.
  • Deleted accounts: most data erased within 14 days; backups deleted after 30 days.
  • Financial records: kept for the statutory period.
  • WhatsApp messages: processed in real time and not retained. Derived items remain until deleted by you.

8. Cookies & Local Storage

  • Essential: session ID, CSRF token, language, feature flags (required).
  • Optional: analytics and marketing (off by default, require consent).

9. Your Rights

You may request access, rectification, erasure, restriction, portability, and objection. You may withdraw consent at any time by leaving the WhatsApp group or adjusting settings. You may file a complaint with your local Data Protection Authority.

10. Children

Duet is for users aged 16+. We do not knowingly collect data from minors.

11. Security

We use industry-standard security including encryption in transit and at rest, access controls, and regular testing.

12. Changes

We will notify you at least 14 days before material changes take effect.

13. Contact

Privacy inquiries: privacy@duet.is