Privacy Policy
Last updated December 15, 2025
This Privacy Notice for Starlight Creative LLC (doing business as Doodl) ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
Download and use our mobile application (Doodl: Art with Friends), or any other application of ours that links to this Privacy Notice
Use Doodl. Doodl is a creative drawing and reflection app designed to inspire daily artistic expression and mindful creativity. Each day, users receive a new prompt that encourages them to draw, reflect, and share their creations within a positive, community-driven environment. The app allows users to upload their doodls, write personal reflections, connect with friends, and track creative streaks over time. Users can choose whether to keep their creations private or share them publicly. Doodl fosters consistency, connection, and self-expression by blending art, journaling, and social interaction in a safe and encouraging space.
Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at create@doodl.app.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we collect any information from third parties? We do not collect any information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, including payment processors.
How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
7. WHAT ARE OUR PAYMENT PROCESSING PRACTICES?
8. CHILD SAFETY STANDARDS
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. DO WE COLLECT INFORMATION FROM MINORS?
12. WHAT ARE YOUR PRIVACY RIGHTS?
13. CONTROLS FOR DO-NOT-TRACK FEATURES
14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
15. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
16. DO WE MAKE UPDATES TO THIS NOTICE?
17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
names
email addresses
usernames
payment information (processed securely through our payment processors)
Sensitive Information. We do not process sensitive information.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider.
Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's camera, contacts, social media accounts, storage, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server).
Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.
The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files.
Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services.
Google API
Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
To process payments and subscriptions. We may process your information to facilitate one-time payments and manage donation subscriptions through our payment processors.
To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency.
Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Payment Processors. We share payment information with third-party payment processors (Stripe for one-time payments and RevenueCat for subscription management) to process your transactions securely. These processors have their own privacy policies governing their use of your information.
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
Google Analytics
We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout.
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.
Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or X logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.
7. WHAT ARE OUR PAYMENT PROCESSING PRACTICES?
In Short: We process payments through secure third-party payment processors and do not store your complete payment card information.
We accept the following payment methods:
One-time donations via Stripe
Subscription donations via RevenueCat
Stripe. For one-time donation payments, we use Stripe as our payment processor. Stripe processes and stores your payment card information securely. We do not have access to your complete payment card details. For more information about how Stripe handles your data, please review Stripe's Privacy Policy at https://stripe.com/privacy.
RevenueCat. For subscription-based donations, we use RevenueCat to manage subscriptions. RevenueCat integrates with app store payment systems (Apple App Store and Google Play Store) to process payments. Your payment information is handled securely by the respective app store and RevenueCat. We receive only subscription status information (such as whether your subscription is active) and do not have access to your payment card details. For more information, please review RevenueCat's Privacy Policy at https://www.revenuecat.com/privacy.
Payment Data Security. All payment transactions are encrypted and processed through secure, PCI-compliant payment gateways. We do not store complete payment card numbers on our servers. We may store the last four digits of your payment card and expiration date for identification purposes only.
Donation Nature of Payments. All payments processed through Doodl are voluntary donations to support the service. Donations are non-refundable except as required by law or at our sole discretion. Subscription donations can be cancelled at any time through your account settings or the respective app store, and you will maintain access until the end of your current billing period.
8. CHILD SAFETY STANDARDS
In Short: Doodl maintains a zero-tolerance policy for Child Sexual Abuse and Exploitation (CSAE) and Child Sexual Abuse Material (CSAM).
As a social platform, Doodl is committed to providing a safe environment for all users, including children. This section outlines our standards and practices to prevent child sexual abuse and exploitation within our Services.
Prohibition of CSAE and CSAM
Doodl strictly prohibits:
Any content, behavior, or activity that sexually exploits, abuses, or endangers children
Child Sexual Abuse Material (CSAM) of any kind, including photos, videos, computer-generated imagery, or any visual depiction involving a minor in sexually explicit conduct
Grooming, sexual harassment of or by minors, solicitation of sexual acts from minors, or sexual extortion (sextortion)
Trafficking of children for sexual purposes
Any behavior that sexualizes a child or facilitates child abuse
Content Monitoring and Detection
We employ multiple methods to detect and prevent CSAE and CSAM:
Automated content monitoring systems
Manual review processes when content is flagged
User reporting mechanisms (see below)
Technology to recognize and block known illegal material using hash databases
User Reporting Mechanism
Doodl provides an in-app mechanism for users to report concerns about content or behavior that may violate our child safety standards. Users can:
Report inappropriate content directly through the app's reporting feature
Contact our support team at create@doodl.app
Use our designated child safety contact (see below)
We take all reports seriously and investigate them promptly. Users who report concerns play a vital role in keeping our community safe.
Immediate Response and Enforcement
When CSAM or CSAE content is identified, we take immediate action:
Immediate Removal: Content confirmed as CSAM or exploitative of children is removed immediately and permanently deleted from our platform.
Account Action: Users responsible for CSAM or CSAE content are permanently banned from Doodl on first offense, with no warnings given.
Law Enforcement Notification: We report confirmed CSAM cases to the National Center for Missing and Exploited Children (NCMEC) and/or relevant local authorities as required by law.
Prevention Measures: We implement measures to prevent re-upload of known CSAM material using hash technology and other technical safeguards.
Legal Compliance
Doodl complies with all applicable child safety laws and regulations, including:
The U.S. Children's Online Privacy Protection Act (COPPA)
Laws requiring reporting of CSAM to NCMEC or relevant authorities
Google Play's Child Safety Standards policy requirements
All other applicable child protection laws in jurisdictions where we operate
Child Safety Point of Contact
For matters specifically related to child safety, CSAE, or CSAM, you may contact our designated Child Safety Officer:
Email: create@doodl.app
Subject Line: Child Safety Concern
This contact is empowered to discuss our enforcement procedures and take immediate action when required.
If you believe a child is in immediate danger, please contact your local law enforcement immediately. You can also contact child safety organizations such as the National Center for Missing and Exploited Children (NCMEC) at www.cybertipline.org or 1-800-THE-LOST.
9. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
11. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at create@doodl.app.
12. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
13. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of certain US states, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.
Depending upon the state where you live, you may have specific privacy rights regarding your personal information. These rights may include:
Right to know whether or not we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to request the deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to non-discrimination for exercising your rights
Right to opt out of the processing of your personal data if it is used for targeted advertising or profiling
To exercise these rights, you can contact us at create@doodl.app or visit www.doodl.app/contact.
15. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: You may have additional rights based on the country you reside in.
Australia and New Zealand
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us using the contact details provided in this notice.
Republic of South Africa
At any time, you have the right to request access to or correction of your personal information. If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, The Information Regulator (South Africa) at enquiries@inforegulator.org.za.
16. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may email us at create@doodl.app or contact us by post at:
Starlight Creative LLC
2720 Sirius Vw
Kalispell, MT 59901
United States
18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please email us at create@doodl.app.