Donna

Privacy Policy

Last updated: April 28, 2026

1. Your Data, Your Control

Your data belongs to you. Donna stores it on your behalf — we do not sell, share, or use it to train AI models.

  • You can export all your data at any time from your profile settings.
  • You can delete your account and all associated data permanently with one tap.
  • We do not retain copies of your data after deletion.

2. Overview

Donna is operated by Hi Donna Pty Ltd (ACN 697 488 743) (“we”, “us”, “our”), a company registered in New South Wales, Australia. Donna is a relationship intelligence and productivity application that integrates with your calendar, contacts, and communication tools to help you manage and strengthen professional relationships.

This Privacy Policy explains what information we collect, how we use it, and how we protect it. By using Donna, you agree to the practices described below.

3. Information We Access

When you connect Donna to Google or Microsoft, we may access:

Calendar Data

  • Event titles, times, dates, and attendees
  • Event descriptions (if applicable)

This allows Donna to:

  • Provide pre-meeting briefings
  • Track relationship activity
  • Create and modify calendar events when instructed by you

Contacts

Name, email address, phone number, and contact metadata.

Used to identify relationship connections, suggest engagement, and enrich profiles with publicly available professional information.

Voice Notes & Meeting Recordings

When you record a voice note or meeting:

  • Audio is processed to generate a text transcript.
  • The transcript is used to produce structured summaries, action items, follow-ups, and relationship insights.
  • These summaries are stored securely under your account.

Team Data

If you join or create a team within Donna, certain data may be shared with other team members, including:

  • Contacts you choose to share with your team
  • Meeting notes and action items assigned to team members
  • Opportunity signals relevant to the team

You control what is shared. Contacts and notes are only visible to your team when you explicitly share them or move them to a team folder.

4. No Stored Audio Recordings

Audio from voice notes and meeting recordings is processed for transcription only. We do not retain or store audio recordings once the transcript is created.

Transcription is performed by ElevenLabs. Audio is sent to ElevenLabs solely to produce the transcript and is discarded immediately after the transcript is returned.

Only the text transcript and structured insights derived from it are stored under your account.

5. How We Use Your Information

Donna uses your information to:

  • Generate pre-meeting briefings
  • Suggest follow-ups and action items
  • Draft communications (emails, messages)
  • Create calendar invites at your direction
  • Calculate relationship engagement signals
  • Produce daily and weekly relationship summaries
  • Surface business opportunities by analysing meeting transcripts and publicly available news about companies your contacts work at
  • Read aloud responses using text-to-speech
  • Improve relationship visibility and organisation

Donna does not sell your data. Donna does not use your data for advertising.

6. AI Processing

Donna uses artificial intelligence to:

  • Transcribe and summarise voice notes and meetings
  • Generate suggested follow-up messages and action items
  • Extract structured insights from conversations
  • Power the Ask Donna conversational assistant
  • Detect business opportunities from meeting transcripts
  • Search publicly available news and market information relevant to your contacts' companies
  • Convert text responses to speech for the read-aloud feature
  • Evaluate and rate the quality of response suggestions based on your feedback

AI-generated content is produced automatically and may not always be accurate. You are responsible for reviewing any drafted content before sending.

We do not use your personal data to train public AI models.

AI Service Providers

We use the following AI services to deliver core functionality:

  • Anthropic (Claude) — conversation summarisation, insight extraction, opportunity detection, and the Ask Donna conversational assistant
  • ElevenLabs — speech-to-text transcription of voice notes and meetings, and text-to-speech for read-aloud functionality
  • Perplexity AI — searching publicly available news and market information about companies relevant to your contacts
  • Google AI (Gemini) — available as an alternative AI model within the Ask Donna assistant

Data sent to these providers is processed solely for the purpose of generating your results. These providers do not retain your data or use it for model training.

Audio sent to ElevenLabs for transcription is not stored after processing. Text sent to ElevenLabs for speech synthesis is not stored after the audio is returned. Text-based prompts sent to Anthropic, Perplexity, and Google AI contain only the data necessary to generate your results and are not retained.

7. Desktop Application Features

The Donna desktop application includes the following features that interact with your system:

Video Call Detection

Donna monitors running applications and network activity on your computer to detect when you are on a video call (Zoom, Slack, Microsoft Teams, Discord, or Webex). This is used solely to offer to transcribe your meeting. No data about your network activity or running applications is stored or transmitted — detection happens locally on your device.

Global Voice Capture

You may configure a system-wide keyboard shortcut to capture voice notes from any application. When activated, Donna accesses your microphone to record audio, which is then transcribed and processed as described in Sections 3 and 4. Audio is not stored after transcription.

System Audio Capture

During meeting transcription, Donna may capture system audio (with your permission) to transcribe both sides of a conversation. This requires Screen Recording permission on macOS. Audio is processed for transcription only and is not stored.

8. Opportunity Detection

Donna analyses your meeting transcripts and contact network to surface business opportunities. As part of this feature:

  • Meeting transcripts are analysed by AI to identify potential opportunities, introductions, or follow-up actions
  • Donna searches publicly available news sources for information about companies your contacts work at, using their company name only
  • No private or confidential information about your contacts is shared with external news search providers — only the company name is used as a search query

You can dismiss, save, or act on any opportunity surfaced. Dismissed opportunities are suppressed and will not be shown again.

9. Data Storage & Security

We implement appropriate technical and organisational safeguards, including:

  • Encrypted storage of OAuth tokens
  • Secure HTTPS transmission for all data
  • Row-level access controls preventing cross-user access
  • Restricted server-side token handling
  • Encrypted local storage for session data on desktop

All data is isolated per user with row-level access controls — no other user or Donna employee can access your information, except where you have explicitly shared data with a team.

OAuth tokens are stored encrypted and are revoked upon disconnection or account deletion.

10. OAuth & Third-Party Services

Donna integrates with:

  • Google APIs (Contacts and Calendar)
  • Microsoft Graph API (Contacts and Calendar)

Donna only requests the minimum permissions necessary to function. We do not request access to read your email content.

You may disconnect your account at any time from your profile settings.

11. Google API Services User Data Policy

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

In practice, this means Donna:

  • Only uses Google user data to provide and improve user-facing features within the application
  • Does not transfer Google user data to others except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user consent
  • Does not use Google user data for serving advertisements
  • Does not allow humans to read Google user data unless we have obtained the user's affirmative agreement, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy and other laws
  • Does not use Google user data to train, develop, or improve generalised or non-personalised AI or machine learning models

12. Third-Party Service Providers

To deliver our service, we use the following sub-processors:

  • Supabase — hosting, database, authentication, and file storage
  • Anthropic (Claude) — AI summarisation, insight extraction, opportunity detection, and conversational assistant
  • ElevenLabs — speech-to-text transcription and text-to-speech
  • Perplexity AI — public news and market signal search
  • Google AI (Gemini) — alternative AI model for conversational assistant
  • Proxycurl — professional contact enrichment (LinkedIn public profile data)
  • Resend — transactional email delivery
  • Expo (EAS) — mobile app distribution and over-the-air updates
  • Stripe — payment processing (Donna does not store card details)

All sub-processors are contractually prohibited from using your data for their own purposes, including training AI models.

13. Response Feedback

When you rate a Donna response (thumbs up or thumbs down), the rating and a short excerpt of the response text are stored to improve the quality of future responses for your account. This feedback is not shared with other users or used to train external AI models.

14. Data Retention

We retain data only as long as your account remains active.

If you delete your account:

  • OAuth tokens are revoked
  • Stored notes, transcripts, and action items are deleted
  • Contact data is removed
  • Calendar connection data is removed
  • Meeting transcripts are deleted
  • Opportunity signals are deleted
  • Chat history and feedback are deleted
  • Team memberships are removed
  • All other personal data is permanently erased

Deletion is permanent. We do not retain backups of deleted user data.

15. Your Rights

You may:

  • Disconnect integrations at any time
  • Export all your data
  • Request account deletion
  • Access, modify, or delete your stored data
  • Control what data is shared with your team
  • Opt out of opportunity detection

To request deletion, contact: donna@hidonna.app

16. EU/UK Data Subject Rights

If you are located in the EU or UK, you have the following rights under GDPR/UK GDPR:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate personal data
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing of your personal data
  • Right to restriction — request restriction of processing
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, email donna@hidonna.appwith subject line “GDPR Request”. We will respond within 30 days.

17. Children's Data

Donna is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

18. Cookies

Donna uses essential cookies only for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

19. Changes to This Policy

We may update this Privacy Policy periodically.

The “Last Updated” date reflects the most recent revision. Material changes will be communicated via in-app notification or email.