Privacy Policy
This Privacy Policy explains how Zovix Limited ("Zovix", "we", "our", or "us") collects, uses, and protects information in connection with the Dolly mobile application ("Dolly" or the "App"). By downloading or using Dolly, you acknowledge that you have read and understood this Privacy Policy. Where applicable law requires affirmative consent, we will seek your explicit consent through in-app mechanisms before processing your data.
1. Our Core Privacy Principle
Dolly is designed with a privacy-first architecture. Your financial data is stored exclusively on your device. We do not store, sell, or share your personal financial records with any third party.
2. Information We Collect
2.1 Information You Provide
When you use Dolly, the following data is created and stored locally on your device:
- Transaction records (merchant name, amount, date, category, payment method)
- Receipt images (stored on your device only)
- Bank statement data imported via PDF (processed locally after AI extraction)
- Savings goals and financial targets you create
- Notes and custom categories you add
2.2 Information Sent to Our Servers
To provide AI-powered features, Dolly transmits limited data to our secure cloud servers:
- Receipt images or bank statement files: uploaded temporarily for AI text extraction (OCR). These files are deleted from our servers as soon as technically practicable after processing is complete, and in any event within 24 hours.
- OCR-extracted text: the text extracted from receipts or statements is sent to Google Gemini AI for categorisation and analysis. This text contains transaction details. Although this text is not linked to your registered identity, it may constitute personal data under applicable law if you are identifiable from it.
- Anonymous usage metrics: non-identifiable usage counts (e.g., number of scans per month) used solely for quota enforcement.
2.3 Automatically Collected Technical Information
We collect minimal technical data necessary to operate the App:
- Anonymous Firebase Authentication ID (a randomly generated identifier)
- App version and device operating system (for compatibility purposes)
- Subscription plan status (Lite, Go, or Pro)
- Standard server access logs, retained for up to 30 days for security and abuse prevention
2.4 Information We Do Not Collect
We explicitly do not collect:
- Your name, email address, phone number, or any contact information
- Your bank account numbers, credit card numbers, or financial account credentials
- Your location data
- Your device contacts, photos library (beyond receipt capture), or microphone
- Any data from children under the applicable minimum age in your jurisdiction (see Section 7)
2.5 SDK and Technical Identifiers
Dolly integrates third-party software development kits (SDKs) that may collect limited technical data:
- Firebase SDK: may process anonymised device identifiers solely for authentication and cloud function security.
- RevenueCat SDK: processes App Store or Google Play purchase tokens and subscription status. RevenueCat does not access your financial transaction data.
- No advertising identifiers (IDFA / GAID) are accessed or processed by Dolly.
3. How We Use Your Information
We use the limited information we collect solely to:
- Provide AI-powered receipt scanning and bank statement parsing
- Enforce fair-use quotas based on your subscription plan
- Deliver AI-generated financial insights and spending analysis within the App
- Maintain the security and integrity of our services
- Comply with applicable legal obligations
We do not use your information for advertising, profiling, or any purpose beyond operating Dolly.
3A. Legal Basis for Processing (EEA and UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under GDPR Article 6:
Contract Performance (Article 6(1)(b))
We process OCR-extracted text from your receipts and bank statements, and your Firebase authentication ID, because this processing is necessary to provide the AI-powered features you have requested when using Dolly. We also process your subscription status via RevenueCat because this is necessary to manage your subscription and enforce the features available under your plan.
Legitimate Interests (Article 6(1)(f))
We retain anonymised usage quota counters for up to 13 months to manage fair use, prevent abuse, and for billing reconciliation. Our legitimate interest is the sustainable and secure operation of the App. We have assessed that this interest is not overridden by your interests or fundamental rights.
Legal Obligation (Article 6(1)(c))
We may process data where required to comply with applicable legal obligations, including court orders, regulatory requests, or mandatory disclosure requirements.
4. Third-Party Services
We are in the process of executing Data Processing Agreements (DPAs) with each of the processors listed below, as required by GDPR Article 28 and equivalent applicable laws, prior to the public launch of Dolly.
4.1 Google Firebase
We use Firebase for anonymous authentication and cloud processing functions. Firebase is operated by Google LLC. Your anonymous user ID is processed by Firebase solely to authenticate your requests. See: firebase.google.com/support/privacy
4.2 Google Gemini AI
OCR-extracted text from your receipts and bank statements is processed by Google Gemini AI to identify transaction details. Gemini processes this text to return structured data and does not retain it for model training under our enterprise agreement. See: ai.google.dev/gemini-api/terms
4.3 RevenueCat
Dolly uses RevenueCat to manage in-app subscriptions. RevenueCat processes your subscription status and purchase history. RevenueCat does not have access to your financial transaction data. See: revenuecat.com/privacy
4.4 Apple App Store
Your iOS app purchase and subscription billing is handled by Apple Inc. under their own terms and privacy policy. We do not have access to your Apple ID or payment information. See: apple.com/legal/privacy
5. Data Storage and Security
5.1 Local Storage
All your financial transaction data, receipt images, and personal records are stored in a local database on your device (SQLite via Drift). This data never leaves your device except as described in Section 2.2. We are in the process of implementing full at-rest encryption for the local database prior to the public launch of Dolly.
5.2 Cloud Security
Data transmitted to our servers is encrypted in transit using TLS 1.2 or higher. Our Firebase Cloud Functions are secured with authentication token verification to prevent unauthorised access.
5.3 Data Retention
- Receipt images and bank statement files: deleted from our servers as soon as technically practicable after processing, and in any event within 24 hours.
- Standard server access logs: retained for up to 30 days for security and abuse prevention purposes.
- Anonymous usage quota counters: retained for up to 13 months for billing and abuse prevention.
- Firebase anonymous authentication records: retained for the lifetime of your anonymous account or until you delete the App.
5.4 Security Limitations
While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of data transmitted over the internet.
5.5 Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR or equivalent applicable law, and notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
To report a suspected data security incident, contact us at: [email protected]
6. Your Rights and Choices
6.1 Data Access, Portability, and Deletion
Because your financial data is stored locally on your device, you have direct control over it. You may delete individual transactions, export your data, uninstall the App, or contact us to request deletion of any server-held data.
6.2 GDPR Rights (EEA and UK Users)
| Right | What it means for you |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Request correction of inaccurate personal data. |
| Erasure (Art. 17) | Request deletion of your personal data ('right to be forgotten'). |
| Restriction (Art. 18) | Request that we restrict processing of your data in certain circumstances. |
| Data Portability (Art. 20) | Receive your personal data in a structured, machine-readable format. |
| Object (Art. 21) | Object to processing based on legitimate interests or for direct marketing purposes. |
| Automated Decision-Making (Art. 22) | Dolly's AI analysis generates spending insights for your information only and does not make automated decisions with legal effects. |
| Withdraw Consent (Art. 7(3)) | Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. |
To exercise your rights: [email protected]. We will respond within 30 days.
6.3 CCPA Rights (California Residents)
California residents have the right to know, delete, opt out of sale (we do not sell personal information), and non-discrimination. Contact: [email protected]
6.4 PDPO Rights (Hong Kong Users)
Under the Personal Data (Privacy) Ordinance (Cap. 486), you have the right to request access to and correction of any personal data we hold. Contact: [email protected]
6.5 PIPL Rights (China Users)
If you are located in the People's Republic of China, your personal information is processed in accordance with the Personal Information Protection Law (PIPL). Use of AI-powered features involves transfer of OCR-extracted text to servers outside mainland China. By enabling these features, you consent to such cross-border transfer. Contact: [email protected]
6.6 Other Jurisdictions
We respect the privacy rights of users in all jurisdictions, including LGPD (Brazil), PDPA (Singapore), Australian Privacy Act, and others. Contact: [email protected]
7. Children's Privacy
Dolly is not directed to children. The minimum age to use Dolly is 13 years old in general, 16 years old in certain EEA member states, and 18 years old for the AI Financial Insights Chat feature in all jurisdictions. We do not knowingly collect personal information from children below the applicable minimum age. Contact: [email protected]
8. International Data Transfers
When you use AI-powered features, your OCR-extracted text may be processed by Google's servers, which may be located outside your country of residence. EEA/UK users: Google provides appropriate safeguards including Standard Contractual Clauses (SCCs). Other jurisdictions: we rely on applicable transfer mechanisms as required by local law.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice within the App at least 30 days before the change takes effect.
10. Contact Us
| Company | Zovix Limited |
| Privacy Enquiries | [email protected] |
| Security / Breach Reports | [email protected] |
| Website | dolly.zovix.ai |
Zovix Limited currently does not have an appointed EU or UK representative. EEA and UK users may direct all data protection enquiries to our Privacy Officer at [email protected].
Terms of Service
Please read these Terms of Service ("Terms") carefully before using the Dolly mobile application ("App") operated by Zovix Limited ("Zovix", "we", "our", or "us"). By downloading, installing, or using Dolly, you agree to be bound by these Terms.
1. Acceptance of Terms
These Terms constitute a legally binding agreement between you and Zovix Limited. By using Dolly, you confirm that you are at least 13 years of age (or the minimum age applicable in your jurisdiction), have the legal capacity to enter into this agreement, and will comply with all applicable laws and regulations.
2. Description of Service
Dolly is a personal finance management application that provides AI-powered receipt scanning, bank statement import and analysis, expense tracking and categorisation, and AI-generated financial insights. Dolly is a personal productivity tool. It is not a licensed financial institution, investment adviser, tax adviser, or accounting firm. No feature of Dolly constitutes regulated financial advice.
3. AI Financial Information Disclaimer
Dolly's AI analysis is based solely on the transaction data you input and may be incomplete or inaccurate. You should not make any significant financial decision based solely on information provided by Dolly. Always consult a qualified and licensed financial professional. Zovix accepts no liability for any financial loss arising from reliance on Dolly's AI-generated outputs.
4. User Accounts and Authentication
Dolly supports Email/Password, Sign in with Google, and Sign in with Apple. You may use the App with an account linked to your email address. Your account credentials are managed securely by Firebase Authentication and are never stored on our servers in plain text. You are responsible for maintaining the security of your device and account credentials. If your device is lost or stolen, we recommend immediately changing your password.
5. Subscription Plans and Payments
5.1 Available Plans
| Plan | Price | Key Features |
|---|---|---|
| Dolly Lite | Free | Basic features including 10 AI scans per month |
| Dolly Go | As displayed in the App | Unlimited AI scanning, bank statement auto-import (10/month), no ads |
| Dolly Pro | As displayed in the App | All features including AI Financial Insights, no ads |
5.2 Billing — iOS (Apple App Store)
All payments are processed by Apple Inc. Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current billing period. Manage and cancel your subscription in your Apple ID Account Settings.
5.3 Refunds
Refund requests are subject to Apple's standard refund policy. Contact Apple Support at reportaproblem.apple.com.
5.4 Price Changes
We will provide at least 30 days' prior notice of any price increase via in-app notification. You may cancel before the new price takes effect without penalty.
5.5 EU/EEA Right of Withdrawal
If you are a consumer in the EEA, you have the right to withdraw from your subscription within 14 days of purchase. To exercise this right, contact us at [email protected] within 14 days of purchase.
6. Acceptable Use
You agree not to violate any applicable laws, circumvent subscription limits, reverse engineer the App, use it to process third-party data commercially, transmit malicious code, or attempt to gain unauthorised access to our systems.
7. Intellectual Property
Dolly, including its design, code, branding, and content, is owned by Zovix Limited. You are granted a limited, non-exclusive, non-transferable, revocable licence to use the App for personal, non-commercial purposes. You retain ownership of all financial data you input into Dolly.
8. Data and Privacy
Your use of Dolly is also governed by our Privacy Policy (Version 2.0), which is incorporated into these Terms by reference.
9. Disclaimer of Warranties
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, DOLLY IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND. We do not warrant that the App will be uninterrupted, error-free, or that AI-generated analysis will be accurate or complete. Nothing in this Section affects your statutory rights as a consumer.
10. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ZOVIX LIMITED SHALL NOT BE LIABLE FOR any indirect, incidental, special, consequential, or punitive damages, or any damages exceeding the amount you paid to Zovix in the 12 months preceding the claim.
11. Indemnification
You agree to indemnify and hold harmless Zovix Limited from claims arising from your wilful misconduct, material violation of these Terms, or infringement of any third-party right. This indemnification does not apply to claims arising from Zovix's own acts or negligence.
12. Termination
We may suspend or terminate your access to Dolly immediately for material violations, or with at least 30 days' prior notice for any other reason if you are a paying subscriber. Paid subscribers terminated without cause will receive a pro-rated refund for the unused portion of their billing period.
13. Governing Law and Dispute Resolution
These Terms are governed by the laws of the Hong Kong Special Administrative Region. EU/EEA and UK consumers retain rights under their local consumer protection laws. Any dispute shall first be attempted via good-faith negotiation. US users: unresolved disputes shall be resolved by binding individual arbitration (JAMS Consumer Arbitration Rules). EU users may use the ODR platform at ec.europa.eu/odr.
14. Changes to Terms
We will notify you of significant changes by posting a notice within the App at least 30 days before the changes take effect.
15. Severability
If any provision of these Terms is found to be unenforceable, that provision shall be limited to the minimum extent necessary so that these Terms otherwise remain in full force.
16. Force Majeure
Zovix shall not be liable for failure or delay in performance caused by circumstances beyond its reasonable control, including acts of God, pandemic, war, government actions, or third-party service outages.
17. Business Continuity and Corporate Changes
In the event of a merger or acquisition, we will notify you within 30 days. In the event Zovix ceases operations, we will provide at least 90 days' notice, paid subscribers will receive a pro-rated refund, and all server-side data will be deleted within 30 days of cessation.
18. Complaints Procedure
- Step 1: Email [email protected]. We acknowledge within 3 business days and aim to resolve within 15.
- Step 2: Escalate to [email protected] if unsatisfied.
- Step 3: Refer to your local consumer protection or data protection authority.
19. Entire Agreement
These Terms, together with our Privacy Policy (Version 2.0), constitute the entire agreement between you and Zovix Limited regarding Dolly.
20. Contact Us
| Company | Zovix Limited |
| General Support | [email protected] |
| Legal | [email protected] |
| Website | dolly.zovix.ai |