Nanogoals ("we," "our," or "us") operates the Nanogoals AI mobile application (the "App"). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have regarding your data.
By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.
1. Who We Are
Nanogoals is the company behind the Nanogoals AI mobile application — an AI-powered goal management app that helps users break down aspirations into personalized micro-steps. We serve as the data controller for the personal data processed through the App.
Contact:
- Privacy inquiries: privacy@nanogoals.app
- General support: support@nanogoals.app
- Legal inquiries: legal@nanogoals.app
2. Data We Collect
2.1 Data You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Account information | Name, email address, password (hashed) | Account creation and authentication |
| Goals and plans | Goal titles, descriptions, aspirations, phases, playbooks, micro-steps | Core app functionality |
| Session data | Session type (timer, counter, checklist, lesson, guided, freeform), duration, completion status, XP earned | Progress tracking |
| Coach conversations | Messages exchanged with the AI coach | Personalized coaching |
| User preferences | Dietary restrictions, allergies, equipment available, exercise dislikes, ingredient dislikes, learning styles, injuries | Personalizing AI-generated content |
| Coaching profile | Preferred coaching tone, response length, productive times, emoji preference, weekend break preference | Customizing AI coach behavior |
| Notification preferences | Reminder times, quiet hours, streak alerts, weekly report schedule | Notification delivery |
| Feedback | App ratings, category, written feedback | Improving the App |
| Referral data | Referral codes shared and received | Referral program |
2.2 Data We Collect Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Usage analytics | Screens viewed, features used, session frequency, engagement patterns | App improvement and analytics |
| Device information | Device model, operating system version, app version, language setting | Technical support and compatibility |
| Subscription data | Current tier (Free/Plus/Coach), purchase history, renewal dates | Subscription management |
| Gamification data | XP points, level, badges earned, streak count, challenge progress | Gamification features |
| Credit transactions | AI credit usage, monthly allocations, rollover balances, refunds | Credit system management |
2.3 Voice Data (Coach Tier Only)
If you use our Voice Coach feature (available on the Coach subscription tier at $9.99/month), we process the following:
| Data | Details |
|---|---|
| Voice audio | Real-time audio streamed during voice coaching sessions. Audio is captured at 16kHz PCM16 mono from your device microphone and streamed to Google's Gemini Live API for processing. |
| Session duration | Voice sessions are limited to 15 minutes maximum. |
| Transcription | Your voice is processed by Google Gemini to generate AI coaching responses. |
Important: Voice data is classified as biometric data under GDPR Article 9 and certain U.S. state laws (e.g., Illinois BIPA). We will request your explicit consent before your first voice coaching session. You can revoke this consent at any time through Settings > Data & Privacy, which will disable the Voice Coach feature.
We do not store voice recordings on our servers. Audio is streamed in real-time to Google's servers for processing and is subject to Google's data retention policies (see Section 4).
2.4 Data We Do NOT Collect
- We do not collect precise GPS location data
- We do not collect contacts or address book data
- We do not collect financial information (payments are processed by Apple/Google via RevenueCat)
- We do not collect health data from Apple HealthKit or Google Health Connect
- We do not use advertising identifiers or run any ads
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Providing the App | Contract performance (Art. 6(1)(b)) | Account info, goals, sessions, conversations |
| AI-powered coaching | Contract performance (Art. 6(1)(b)) | Goals, preferences, coaching profile, conversations |
| AI content generation | Contract performance (Art. 6(1)(b)) | Goals, preferences, injuries, dietary info |
| Voice coaching | Explicit consent (Art. 9(2)(a)) | Voice audio (biometric data) |
| Subscription management | Contract performance (Art. 6(1)(b)) | Subscription data, purchase history |
| Analytics and improvement | Legitimate interest (Art. 6(1)(f)) or Consent | Usage analytics, engagement data |
| Notifications | Consent (Art. 6(1)(a)) | Notification preferences, streak data |
| Credit system | Contract performance (Art. 6(1)(b)) | Credit transactions, usage |
| Referral program | Contract performance (Art. 6(1)(b)) | Referral codes, referral relationships |
We do NOT use your data for:
- Selling to third parties
- Advertising or ad targeting
- Training AI models (your data is used only for your own coaching sessions)
- Profiling for purposes unrelated to the App's core functionality
4. Third-Party Services and Data Sharing
We share your data with the following third-party service providers, strictly for the purposes described:
4.1 AI Processing Providers
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Google Gemini 2.5 Flash | Goal descriptions, coaching conversations, user preferences, coaching profile context | Primary AI engine for coaching responses, goal planning, phase generation, and content creation | United States (Google Cloud) |
| DeepSeek V3 | Same as above (used only as fallback) | Fallback AI engine when Gemini is unavailable | China (DeepSeek servers) |
| Google Gemini Live | Real-time voice audio, goal context, coaching profile | Voice coaching sessions (Coach tier only) | United States (Google Cloud) |
Important regarding DeepSeek: When the primary AI provider (Google Gemini) is unavailable, your data may be processed by DeepSeek V3, whose servers are located in China. Data transferred to DeepSeek is subject to Chinese data protection laws. If you are located in the EU/EEA, this constitutes an international data transfer outside of adequacy decisions. You may opt out of DeepSeek fallback processing by contacting us at privacy@nanogoals.app.
4.2 Infrastructure and Services
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Supabase | All user data (encrypted at rest) | Database hosting, authentication, real-time services | United States (AWS) |
| Google Sign-In | Email, name, profile photo URL | Social authentication (optional — you may use email/password instead) | United States |
| RevenueCat | User ID, subscription status, purchase receipts | Subscription and in-app purchase management | United States |
| Apple App Store / Google Play | Payment information, subscription status | Payment processing (we never see your payment details) | United States |
4.3 We Do NOT Share Data With
- Advertising networks
- Data brokers
- Social media platforms (unless you explicitly share content)
- Government agencies (unless legally required)
5. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Until you delete your account | Required for service delivery |
| Goals, phases, playbooks | Until you delete your account | Core app functionality |
| Session history | Until you delete your account | Progress tracking and analytics |
| Coach conversations | Until you delete your account | Conversation continuity |
| User preferences | Until you delete your account | Personalization |
| Credit transactions | Until you delete your account | Audit trail and dispute resolution |
| Voice session audio | Not stored by us; streamed in real-time | Processed and discarded after response generation |
| Analytics data | 24 months from collection | App improvement |
| Engagement events | 12 months from collection | Usage pattern analysis |
| Referral data | Until you delete your account | Referral program tracking |
After account deletion: All data listed above is permanently deleted from our systems within 30 days. Backups containing your data are purged within 90 days. Data already shared with third-party AI providers is subject to their respective retention policies.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
6.1 Rights Under GDPR (EU/EEA/UK)
| Right | Description | How to Exercise |
|---|---|---|
| Access (Art. 15) | Request a copy of all personal data we hold about you | Settings > Data & Privacy > Export Data |
| Rectification (Art. 16) | Correct inaccurate personal data | Settings > Edit Profile, or contact us |
| Erasure (Art. 17) | Delete your account and all associated data | Settings > Delete Account |
| Data Portability (Art. 20) | Receive your data in a structured, machine-readable format (JSON) | Settings > Data & Privacy > Export Data |
| Restriction (Art. 18) | Restrict processing of your data | Contact privacy@nanogoals.app |
| Object (Art. 21) | Object to processing based on legitimate interests | Contact privacy@nanogoals.app |
| Withdraw Consent (Art. 7(3)) | Withdraw consent for analytics, notifications, or voice coaching at any time | Settings > Data & Privacy |
| Lodge Complaint | File a complaint with your local data protection authority | See your country's DPA website |
6.2 Rights Under CCPA/CPRA (California)
- Right to Know: Request what personal information we collect and how we use it.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
6.3 Response Time
We will respond to all data rights requests within 30 days. If we need additional time (up to 60 days for complex requests), we will notify you.
7. Data Security
We implement the following security measures:
- Encryption in transit: All data transmitted between the App and our servers uses TLS 1.2+ encryption.
- Encryption at rest: All data stored in our database (Supabase/AWS) is encrypted at rest using AES-256.
- Authentication: Passwords are hashed using bcrypt. We support Google Sign-In as an alternative.
- Row-Level Security (RLS): Database policies ensure users can only access their own data.
- Access controls: Only authorized personnel can access production databases.
- No local storage of sensitive data: Credentials and tokens are stored in platform-secure storage (iOS Keychain / Android Keystore).
8. International Data Transfers
If you are located outside the United States, your data will be transferred to the United States where our infrastructure providers (Supabase, Google Cloud) are located.
For EU/EEA users, these transfers are governed by:
- Standard Contractual Clauses (SCCs) with our service providers
- Google's compliance with EU-US Data Privacy Framework
For transfers to DeepSeek (China), no adequacy decision exists. We rely on your explicit consent and have implemented additional safeguards. You may request to opt out of DeepSeek processing.
9. Children's Privacy
Nanogoals is not intended for children under 13 years of age (or under 16 in the EU/EEA where applicable).
- We do not knowingly collect personal information from children under 13.
- We implement age verification during account creation.
- If we discover that we have collected data from a child under 13, we will delete it promptly.
- If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@nanogoals.app.
10. AI-Specific Disclosures
10.1 How AI Is Used in the App
Nanogoals AI uses artificial intelligence throughout the App:
| AI Feature | What It Does | Data Sent to AI |
|---|---|---|
| Goal Planning | Breaks your aspiration into phases and micro-steps | Goal description, category, preferences |
| Content Generation | Creates lessons, recipes, workouts, quizzes | Goal context, playbook type, user preferences (dietary, allergies, injuries, equipment) |
| Coach Chat | Provides personalized coaching responses | Conversation history, goal progress, streak data, coaching profile |
| Voice Coaching | Real-time voice conversation with AI coach | Voice audio, goal context, coaching profile |
| Daily Guidance | Suggests daily priorities and adjustments | Current goals, phase progress, recent sessions, streak status |
10.2 AI Limitations
- AI-generated content is for informational and motivational purposes only.
- AI coaching is not a substitute for professional medical, psychological, fitness, or nutritional advice.
- AI responses may occasionally be inaccurate or inappropriate. If you encounter harmful content, please report it via Settings > Feedback.
- We implement safety filters on AI outputs, but no filter system is perfect.
10.3 Automated Decision-Making
The App uses automated processing to:
- Classify your goals into board types (habit, fitness, learning, project, journey)
- Generate personalized micro-steps and content
- Adjust coaching tone and recommendations based on your preferences
These automated decisions do not have legal or similarly significant effects on you. You can override any AI suggestion by editing your goals, steps, or preferences manually.
11. Cookies and Tracking
The Nanogoals AI mobile app does not use cookies. We use the following tracking technologies:
| Technology | Purpose | Can You Opt Out? |
|---|---|---|
| In-app analytics | Track screen views and feature usage for app improvement | Yes, via Settings > Data & Privacy |
| Engagement tracking | Measure session frequency and completion rates | Yes, via Settings > Data & Privacy |
| RevenueCat SDK | Track subscription status and purchase events | No (required for subscription functionality) |
We do not use any advertising SDKs, pixels, or cross-app tracking technologies.
12. Health and Fitness Disclaimer
Nanogoals AI includes fitness-related goal tracking features. This App is not a medical device and does not diagnose, treat, cure, or prevent any medical condition.
- Always consult a qualified healthcare professional before starting any exercise program.
- If you have injuries or medical conditions, update your preferences in Settings > Preferences > Injuries so the AI can avoid recommending unsuitable exercises.
- AI-generated workout content is general guidance, not personalized medical advice.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this page.
- We will notify you via in-app notification or email for significant changes.
- Continued use of the App after changes constitutes acceptance of the updated policy.
We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data:
- Email: privacy@nanogoals.app
- Support: support@nanogoals.app
- Legal: legal@nanogoals.app
For EU/EEA residents, you have the right to lodge a complaint with your local supervisory authority (Data Protection Authority).