Privacy Policy
Last updated: June 2026
1. Information We Collect
Authentication: Email address and password (hashed) via Supabase Auth.
Profile: Display name (optional).
Usage Data: Tasks, projects, notes, labels, and daily Line commits stored in our database.
Analytics: PostHog (optional, opt-in): event data (task completion, line commits) without PII. No session recording.
2. How We Use Your Data
- Provide and improve the Nowva service.
- Understand usage patterns via anonymous analytics (PostHog, if enabled).
- Send transactional emails (subscription changes, account recovery).
3. Data Retention & Deletion
You can delete your account and all associated data at any time via the Settings panel or by requesting DELETE /api/account.
We commit to deletion within 30 days (GDPR Art. 17). Soft-deleted data is purged after 90 days.
4. Third-Party Services
Supabase: Postgres database + Auth. Data Processing Agreement available.
PostHog: Analytics (opt-in). Captured events: task_added, task_completed, line_committed, mode_switched, etc.
Vercel: Hosting and edge functions.
5. Your Rights
- GDPR (EU): Right to access (Art. 15), delete (Art. 17), rectify (Art. 16).
- CCPA (US): Right to know (§1798.100), delete (§1798.105).
- LGPD (Brazil): Right to access, delete, port data (Arts. 17–19).
Request data export: GET /api/account/export.
6. Security
Data in transit: TLS. At rest: AES-256 (Supabase). Database: user_id isolation via Row-Level Security (RLS).
7. Contact
Privacy questions: privacy@nowva.app
8. GDPR Disclaimer
Not a substitute for professional medical or mental health treatment. Nowva is a task management tool for focus and productivity. If you are experiencing a mental health crisis, please seek professional help.