Last updated: May 24, 2026
Dotto (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights regarding your data when you use our Service. This policy is governed by, and intended to comply with, the Israeli Protection of Privacy Law, 5741-1981, and its regulations, including the Privacy Protection (Data Security) Regulations, 5777-2017 and the Privacy Protection (Transfer of Information Abroad) Regulations, 5761-2001.
We collect the following types of information:
We use your information to:
We do not sell your data, we do not share it with advertisers, and we do not use your content to train AI models.
We process your personal data on the following legal bases under the Israeli Protection of Privacy Law:
We work with the following third-party providers to deliver the Service:
Each provider has its own privacy policy. We only share the minimum data necessary for them to provide their services, and we maintain contractual data-processing arrangements with each provider where applicable.
International data transfers. Most of our third-party providers are based in the United States. By using Dotto, you acknowledge and consent that your personal data may be transferred to, stored, and processed in countries outside of Israel, including the United States. We rely on contractual safeguards (such as Data Processing Agreements and Standard Contractual Clauses) with our providers to protect your data during such transfers, in accordance with the Privacy Protection (Transfer of Information Abroad) Regulations, 5761-2001.
We retain account data, credit balances, transaction history and analysis results (relevance scores, segment metadata, lecture summaries, transcripts) for as long as your account remains active. Extracted exam text and the embeddings derived from it are retained until you delete the underlying course or close your account.
Raw audio and original exam files are not stored long-term - the audio is deleted from our servers within hours after each analysis completes, and exam files are processed in memory and discarded after their text is extracted. Original lecture video files are never transmitted to our servers and remain on your device.
Retention after account deletion. When you delete your account, your personal data and content are removed from our active systems within thirty (30) days. Certain records (such as tax-invoice data and transaction logs) must be retained for up to seven (7) years under Israeli tax and accounting law, and security/abuse logs may be retained for up to one (1) year for fraud-prevention purposes. Such residual data is segregated from active systems and used solely for the legal purpose that requires it.
We implement industry-standard technical and organisational security measures to protect your data, consistent with the Israeli Privacy Protection (Data Security) Regulations, 5777-2017, including:
However, no system is completely secure, and we cannot guarantee the absolute security of your information. You are responsible for keeping your account credentials confidential.
In the event of a personal data security incident that is reasonably likely to result in significant harm to you, we will notify you and the Israeli Privacy Protection Authority as soon as practicable, in accordance with the requirements of the Privacy Protection (Data Security) Regulations, 5777-2017. Notification to you will be made via the email address associated with your account.
Subject to applicable law, you have the right to:
To exercise any of these rights, contact us at team@dotto.solutions. We will respond to your request within thirty (30) days, as required under the Israeli Protection of Privacy Law, 5741-1981. In some cases (such as conflicting legal obligations to retain certain data), we may be unable to fulfill the request in full and will explain the reasons in our response.
Dotto uses essential cookies and browser local storage for authentication, session management (via Clerk), and basic preference storage. We do not use advertising cookies, third-party tracking pixels, or cross-site behavioural tracking. You can control cookie settings through your browser, but disabling essential cookies may prevent you from using the Service.
The Service is intended for users aged 18 and over, or 16 and over with verifiable parental consent. We do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe we have collected personal information from a child under 16 without your consent, please contact us immediately at team@dotto.solutions and we will take prompt steps to delete that information.
In the event that Dotto is involved in a merger, acquisition, reorganisation, asset sale, bankruptcy, or similar transaction, your personal data may be transferred to the successor entity. We will notify you (via email or a prominent notice within the Service) of any such transfer that materially affects how your data is processed, and you will retain the rights described in this Privacy Policy with respect to the successor entity.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date, and where the change materially affects how your data is processed, by email or in-Service notification at least fourteen (14) days before the change takes effect. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
This Privacy Policy is governed by the laws of the State of Israel, including the Protection of Privacy Law, 5741-1981 and applicable regulations. Any disputes shall be resolved in the competent courts of Tel Aviv-Yafo, Israel.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
The Israeli Privacy Protection Authority can be reached at www.gov.il/he/departments/the_privacy_protection_authority.
Also read our Terms of Service