Privacy policy

This is a working draft, pending review by a data-protection lawyer. It is not yet final and is not legal advice. Items shown in [brackets] must be completed before publication.

Summary

Here is the short version. The full detail is below.

Niravah works on your device. By default, your journal, moods, and reflections never leave your phone.
You do not need an account to use Niravah.
Cloud backup is optional. If you turn it on, your content is end to end encrypted, and only you hold the key.
We collect a small amount of anonymous usage data to improve the app. We never collect the text of your journal.
We do not sell your personal data.
You can export or delete your data at any time.

1. Who we are

Niravah is developed and operated by [PLACEHOLDER: legal entity name], registered at [PLACEHOLDER: registered address] ([PLACEHOLDER: company registration number]). We are the data controller for the personal data described in this policy. You can reach us about privacy at privacy@niravah.com.

2. Data we collect

On your device (no account)

When you use Niravah without an account, your content stays on your device: journal entries, moods, activities, dreams, countdowns, and the contacts you add. We have no access to it.

If you create an account and enable cloud backup

We process your email address (or sign-in identifier) to maintain your account, and an encrypted backup of your content so you can restore it or sync across devices. The backup is encrypted on your device before it is sent, and we cannot read its contents.

If you use the social feature

When you send a thought to someone you are connected with, we relay the message so it can reach them. Messages are encrypted for the connection. We process the minimum needed to deliver them.

Usage and reliability data

We collect a small amount of anonymous usage data to understand how the app is used and to fix problems. This is metadata only, for example whether an entry has a mood, a mood value, or a rough length range. We never collect the text of your journal or messages. Crash reports are stripped of personal content before they reach us.

Advertising (free version)

The free version may show ads. [PLACEHOLDER: confirm ad network and whether ads are contextual or personalised]. Personalised ads are shown only with your consent, asked separately, and you can change your choice at any time.

3. How we use it, and our legal bases

To provide the app and your account (performance of a contract).
To keep the app secure and prevent abuse (our legitimate interest).
To back up and sync your content (your consent, given when you enable backup).
To show personalised ads, if any (your consent, which you can withdraw).
To improve the app through anonymous usage data ([PLACEHOLDER: consent or legitimate interest, confirm]).

4. Journal and mood data

Your journal entries and moods can reveal health-adjacent or wellbeing information. We treat this content with extra care. By default it stays on your device. If you choose to enable cloud backup, we ask for your explicit, separate consent before any of this content is encrypted and stored, and you can withdraw that consent at any time. We never use this content for advertising.

We share data only with service providers who help us run the app, under data-processing agreements:

Google Firebase (Google) for account, encrypted backup, and notifications.
[PLACEHOLDER: error-reporting provider, e.g. Sentry] for crash reports.
[PLACEHOLDER: analytics provider] for anonymous usage data.
[PLACEHOLDER: ad network, if used] for advertising in the free version.

We do not sell your personal data.

6. International transfers

Some of our providers are based outside the European Economic Area, including in the United States. Where data is transferred, we rely on appropriate safeguards, including the EU–US Data Privacy Framework and the European Commission's standard contractual clauses. [PLACEHOLDER: confirm whether backup data is stored in an EU Firestore region (for example europe-west1 or eur3) or transferred to the US].

7. How long we keep your data

On-device data stays until you delete it or remove the app.
Account and backup data are kept while your account exists, then deleted. [PLACEHOLDER: retention period after deletion].
Messages in the social feature [PLACEHOLDER: retention period].
Anonymous usage and crash data [PLACEHOLDER: retention period].

8. Your rights

Under the GDPR you have the right to access, correct, delete, export, and restrict your data, and to object to certain processing. You can:

Export your data from within the app.
Delete your account and associated data from within the app.
Edit your profile and content at any time.
Withdraw a consent you have given, as easily as you gave it.

You can also contact us at privacy@niravah.com. We respond within one month. If you are in France or the EU, you have the right to lodge a complaint with your data-protection authority, such as the CNIL in France.

9. Cookies and trackers

This website sets no tracking cookies and uses no advertising trackers. In the app, any non-essential tracker (for example for personalised ads) is set only after you consent, and never before. You can change your choice at any time in the app settings.

10. Children

Niravah is intended for adults. You must be at least 16 to create an account or use the social feature. In France, where the age of digital consent is 15, younger users need the joint consent of the holder of parental authority. We do not knowingly collect data from children below these ages.

11. Use of AI

Niravah uses AI to support some features. [PLACEHOLDER: describe which features use AI and how]. Where you interact directly with an AI, or see content generated by AI, we tell you clearly.

12. Changes and contact

We will update this policy as the app evolves, and we will note the date of the latest version at the top. For any question about your data, contact privacy@niravah.com.