Privacy Policy
At Ditto, we take your privacy seriously. This Privacy Policy explains how TWELVE12 LIMITED (Company Number 15070672) ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the Ditto photo challenge app and website at dittos.co.uk. By using Ditto, you agree to the practices described in this policy.
1. Information We Collect
We collect the following types of information when you use Ditto:
Account Information
- Email address (for authentication and communication)
- Authentication credentials via Firebase Auth, including email/password, Google Sign-In, and Apple Sign-In
- Third-party account identifiers (e.g., your Google or Apple account ID) used solely for authentication
- Username and display name
- Profile photo and cover photo
- Bio text
User Content
- Photos you upload for challenges and dittos, stored securely in Firebase Storage
- Captions and comments you write
- Challenge settings (category, duration, recipients)
Usage Data
- App interactions (likes, follows, challenge participation)
- Device information (device type, operating system)
- Crash reports and performance data
- Timestamps of actions and login sessions
Push Notification Data
- Firebase Cloud Messaging (FCM) device tokens for delivering push notifications
- Notification preferences and settings
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Ditto service
- Personalise your experience (e.g., the "For You" feed)
- Enable social features (following, challenges, leaderboards)
- Send you notifications about challenges, likes, and followers
- Detect and prevent fraud, abuse, and violations of our Terms
- Analyse usage patterns to improve app performance
- Communicate important service updates
3. Firebase & Analytics
Ditto uses Google Firebase for authentication, data storage, cloud functions, and analytics. Firebase may collect:
- Anonymous usage statistics and crash reports
- Device identifiers for analytics purposes
- Performance monitoring data
Firebase Analytics helps us understand how users interact with Ditto so we can improve the experience. This data is processed in accordance with Google's privacy policies. You can learn more at: firebase.google.com/support/privacy
4. Data Sharing & Selling
We do not sell your personal data. Period.
We may share your information only in the following circumstances:
- With other users: Your profile information, photos, and challenges are visible to other Ditto users as part of the social experience
- Service providers: We use trusted third-party services (Firebase, Google Cloud) to operate Ditto. These providers only process data on our behalf and are bound by confidentiality obligations
- Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request
- Safety: We may share information to protect the rights, safety, and property of Ditto, our users, or the public
5. Data Storage & Security
Your data is stored securely using Firebase Cloud Firestore and Firebase Storage, hosted on Google Cloud infrastructure. We implement industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS)
- Firebase security rules to restrict data access
- Secure authentication with Firebase Auth
- Regular security reviews
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
6. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access: You can request a copy of the personal data we hold about you
- Right to Rectification: You can update or correct your personal information through your profile settings
- Right to Erasure: You can request deletion of your account and associated data
- Right to Restrict Processing: You can ask us to limit how we use your data
- Right to Data Portability: You can request your data in a portable format
- Right to Object: You can object to the processing of your personal data
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, contact us at support@dittos.co.uk. We will respond within 30 days.
7. Data Deletion
You can delete your Ditto account at any time through Settings > Delete Account. When you delete your account:
- Your profile information will be permanently removed
- Your uploaded photos will be deleted from our storage
- Your challenges and dittos will be removed
- Your likes, follows, and comments will be cleared
Please note that some data may persist in backups for up to 30 days after deletion. Content that has been shared or copied by other users may remain visible. We will process deletion requests within 30 days.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your data within 30 days, except where retention is required by law. Anonymous, aggregated data may be retained indefinitely for analytics and service improvement.
9. Children's Privacy
Ditto is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us immediately.
10. Cookies & Tracking
The Ditto mobile app does not use traditional browser cookies. However, Firebase and other analytics tools may use device identifiers and similar technologies to collect usage data. You can control some tracking through your device settings.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of Ditto after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
- 📧 Email: support@dittos.co.uk
- 🌐 Website: dittos.co.uk
For GDPR-related enquiries, you may also contact our Data Protection contact at privacy@dittos.co.uk.
We aim to respond to all enquiries within 48 hours and will resolve GDPR requests within 30 days.