Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect the following information:

• Username or display name
• Email address
• Password (encrypted and stored securely)

1.2 User Content

We collect and store the content that the user voluntarily creates within the Application, including, by way of example:

• Journal and entry texts
• Uploaded images and photos
• Drawings and annotations
• Stickers and decorations used
• Metadata associated with content (dates, tags, etc.)

All content remains the exclusive property of the user. The Application does not claim any ownership rights over content created or uploaded by the user.

1.3 Access to Device Photo Library

To allow the user to select and add images to their journal, the Application may request access to the device's photo library.

• Permission is requested only when the user decides to add a photo
• Access is optional and not required for use of the Application's main features
• Selected images are used exclusively for journaling features
• Photos are not used for other purposes nor shared without the user's explicit consent

1.4 Technical Information

We automatically collect some technical information when you use the Application:

• Device type and operating system
• Application version
• Usage and error logs, to improve the service
• IP address, anonymised when possible

2. Legal Basis for Processing

We process personal data on the following legal bases:

• Contract performance, to provide the requested services and manage the account
• Consent, when required for specific purposes
• Legitimate interest, to improve services, ensure security, and prevent fraud
• Legal obligations, to comply with applicable regulations

3. Purposes of Processing

The information collected is used to:

• Provide, maintain, and improve the Application
• Authenticate the account and ensure security
• Sync content across devices
• Provide technical support and respond to user requests
• Analyse Application usage to improve user experience
• Comply with legal obligations and prevent fraudulent activity

4. Data Retention and Security

We adopt appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Secure authentication and access control
• Regular backups to prevent data loss
• Activity monitoring to detect unauthorised access

Data is retained for the duration of the account or as required by law. In the event of account deletion:

• Personal data is deleted within 30 days
• Backups may be retained for up to 90 days for security and technical recovery purposes

5. Information Sharing

We do not sell, rent, or share personal data for commercial purposes. Data may be shared only:

• With the user's explicit consent
• With service providers essential to the operation of the Application, subject to confidentiality obligations
• When required by law or a competent authority
• To protect our rights, user safety, or prevent abuse
• In the event of corporate operations (merger, acquisition, or sale of assets), with prior notice to users

Third-Party Services

To provide our services we use the following third-party providers:

• Apple (App Store) – Application distribution and in-app payment management https://www.apple.com/privacy/
• Supabase – user authentication and secure data storage https://supabase.com/privacy
• RevenueCat – subscription and in-app payment management https://www.revenuecat.com/privacy

Each provider processes data in accordance with its own privacy policies and applicable regulations.

6. User Rights

The user has the right to:

• Access their personal data
• Request rectification or updating
• Request deletion
• Object to certain processing of personal data not necessary for the Application's operation
• Request data portability
• Withdraw consent at any time

Requests may be sent via the Application or to the email address indicated in the Contact section. We will respond within the time limits set by applicable law.

7. Cookies and Similar Technologies

The Application may use cookie-like technologies for authentication, service operation, and anonymous usage analysis. Preferences can be managed through device settings.

8. International Data Transfers

Data may be transferred to and processed on servers located outside the user's country of residence, in compliance with applicable laws and with adequate security safeguards.

9. Children's Privacy

The Application is not intended for users under 14 years of age (in Italy) or the minimum age required by law in the user's country of residence. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We reserve the right to update this Privacy Policy periodically. Any changes will be communicated via the Application and the update date will be amended accordingly.

11. GDPR Compliance

For users resident in the European Union, personal data is processed in compliance with the General Data Protection Regulation (GDPR).

12. Governing Law

This Policy is governed by the laws of Italy.

13. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, you can contact us:

• Data controller: Elisabetta Cillo
• Email: hello@getnabi.app