Loading...
Data Protection Impact Assessment
GDPR Article 35 β Last reviewed: May 19, 2026
1. Processing Description
Donny Wonny is a digital companion platform that processes personal data including mood/emotional data, journal entries, chat interactions with an AI companion, family group data, and creative artwork submissions. This DPIA evaluates the privacy risks of these processing activities.
2. High-Risk Processing Activities
2.1 AI Mood Analysis
Nature: AI-powered analysis of user-submitted text (journal entries, chat messages) to infer emotional state and provide appropriate companion responses.
Risk level: High β involves processing of health-adjacent data (emotional/mental wellbeing).
Mitigations:AI inference output is used in-session to personalize the companion response, not stored for OpenAI model training (per OpenAI's API no-training-by-default terms). The underlying mood entries themselves ARE persisted on the user's account so the user can review their history (see Privacy Policy β βMood & Behavioral Analysisβ). Users can disable AI training use of their data via the in-app AI Training Opt-Out toggle. All AI interactions ride over TLS. No clinical diagnoses are made.
2.2 Family & Group Data Linkage
Nature:Users can create family groups linking multiple accounts, including children's accounts under parental supervision.
Risk level:High β involves children's data (COPPA/GDPR-K) and family relationship mapping.
Mitigations:Under-13 registration is blocked at sign-up β there is no under-13 account path; supervised minor accounts are limited to ages 13β17. Parents control data sharing within groups. No data shared outside the family unit. Data minimization for minors' accounts.
2.3 Journal Entry Encryption
Nature: Highly personal journal entries stored in encrypted form (AES-256-GCM).
Risk level: Medium β sensitive personal reflections, but encrypted at rest.
Mitigations: Content encrypted before storage. Decrypted only on authenticated read. Users can export and delete all entries at any time via the data deletion page.
3. Necessity & Proportionality
- Lawful basis: Consent (Art. 6(1)(a)) for mood analysis; Contract (Art. 6(1)(b)) for core service delivery
- Data minimization: Only data necessary for companion functionality is collected
- Storage limitation: Data retained only while the account is active. After a deletion request: 30-day cancellation grace period, then removed from active systems within ~30 days and from backups within ~90 days (see Data Deletion for the full schedule).
- Purpose limitation: Data used solely for providing the Donny Wonny companion experience
4. Risk Assessment Matrix
| Risk | Likelihood | Impact | Residual Risk | Mitigation |
|---|---|---|---|---|
| Unauthorized access to mood data | Low | High | Medium | AES-256-GCM encryption, auth tokens, rate limiting |
| AI model data leakage | Low | Medium | Low | No user data used for training; OpenAI DPA in place |
| Child data exposure | Low | Critical | Medium | COPPA parental consent, data minimization, group isolation |
| Journal content breach | Low | High | Low | Encrypted at rest, 72-hour breach notification |
5. Privacy Review
This DPIA has been reviewed by Donny Wonny's privacy team. We do not currently maintain a separate, formally appointed Data Protection Officer (DPO) role under GDPR Art. 37; privacy@donnywonny.com is the accountable privacy contact for the issues this DPIA covers. For questions or concerns, email privacy@donnywonny.com.
6. April 2026 Quarterly Review
Review date: May 19, 2026
Reviewed by: Donny Wonny privacy team
Findings: All processing activities described in Sections 1β2 remain in effect; the mitigations remain active. No new categories of high-risk processing have been introduced since the January 2026 assessment. Risk levels in the matrix are unchanged. No data breaches or near-misses have been reported in this period.
Conclusion: No revision to this DPIA is required at this time.
7. Review Schedule
This assessment is reviewed quarterly and whenever significant changes are made to data processing activities. Next scheduled review: July 2026.