Privacy Policy

Last updated: June 2026

1. Information We Collect

Authentication: Email address and password (hashed) via Supabase Auth.

Profile: Display name (optional).

Usage Data: Tasks, projects, notes, labels, and daily Line commits stored in our database.

Analytics: PostHog (optional, opt-in): event data (task completion, line commits) without PII. No session recording.

2. How We Use Your Data

3. Data Retention & Deletion

You can delete your account and all associated data at any time via the Settings panel or by requesting DELETE /api/account.

We commit to deletion within 30 days (GDPR Art. 17). Soft-deleted data is purged after 90 days.

4. Third-Party Services

Supabase: Postgres database + Auth. Data Processing Agreement available.

PostHog: Analytics (opt-in). Captured events: task_added, task_completed, line_committed, mode_switched, etc.

Vercel: Hosting and edge functions.

5. Your Rights

Request data export: GET /api/account/export.

6. Security

Data in transit: TLS. At rest: AES-256 (Supabase). Database: user_id isolation via Row-Level Security (RLS).

7. Contact

Privacy questions: privacy@nowva.app

8. GDPR Disclaimer

Not a substitute for professional medical or mental health treatment. Nowva is a task management tool for focus and productivity. If you are experiencing a mental health crisis, please seek professional help.