This policy explains what Dough collects, why it is used, and which providers help run accounts, emails, billing, AI features, and live DonutSMP data.
This policy explains how Dough handles information when you visit the site, create an account, use the DonutSMP dashboard, subscribe to Pro, or ask the AI assistant a question.
Dough is built to collect only what is needed to operate accounts, protect the service, process payments, send account emails, and provide dashboard features.
Account information can include your email address, first name, last name, username, authentication identifiers, password reset state, and profile settings.
Usage information can include pages visited, selected dashboard actions, AI usage counts, rate-limit events, searched DonutSMP usernames or market terms, and server-side logs such as IP address, user agent, and timestamps.
Payment information is processed by Stripe. Dough receives subscription and customer status data, but does not store your full card number.
We use information to create and secure accounts, send welcome and password reset emails, keep sessions active, show dashboard data, enable Pro features, and prevent abuse.
We use usage and security logs to debug issues, enforce rate limits, protect authentication routes, investigate suspicious traffic, and improve reliability.
When you use the AI assistant, your message and any context you explicitly attach, such as current page data, may be sent to an AI provider to generate a response.
Do not include passwords, payment details, API keys, or sensitive personal information in AI prompts. AI conversations may be logged for abuse prevention, usage limits, debugging, and product quality.
Dough uses cookies and similar storage for authentication, remember-me sessions, dashboard theme preferences, and security behavior required by the app.
Some cookies are essential. Without them, login, protected dashboard routes, password recovery, and subscription access may not work correctly.
Dough uses Supabase for authentication, user profiles, database storage, and server-side auth verification. We use Resend to deliver account emails such as welcome confirmation and password reset messages.
We use Stripe for checkout, billing, subscription status, invoices, and payment portal access. We may use AI infrastructure providers to process assistant prompts and return responses.
We do not sell your personal information. We share data only when needed to run Dough, comply with law, process payments, send emails, protect the service, or respond to legitimate security issues.
Public DonutSMP data shown in Dough may come from upstream APIs and is not created by Dough. Player and market lookups are used to provide the dashboard experience.
We keep account data while your account exists or while needed for security, billing, legal, or operational reasons. Logs and rate-limit data may be kept for a shorter operational window.
Subscription and invoice records may remain in Stripe even after your Dough account access changes, according to billing and legal retention requirements.
Dough uses server-side Supabase clients, service-role isolation, route protections, password reset OTP verification, and rate limits to protect important routes.
No online service is perfectly secure. You should use a strong unique password, protect your email account, and sign out on shared devices.
You can update certain profile details from the dashboard settings page. You can manage Pro billing through Stripe where the billing portal is available.
You may request account or privacy help through the contact method published on Dough. We may need to verify account ownership before acting on requests.
Dough is not intended for children under 13. If you believe a child provided personal information without appropriate permission, contact us so we can review it.
We may update this policy as Dough changes. If the changes are material, we will make reasonable efforts to notify users through the site or account email.