Privacy Policy

1. Geographic Scope

The Service is offered only to individuals located in the United States. By using the Service, you represent that you are located in, and a resident of, the United States. We do not offer the Service to, and do not knowingly collect personal information from, individuals outside the United States.

2. Information We Collect

2.1 Information you provide to us

• Account information: email address and a password (which we do not see in plaintext; it is managed by our authentication provider).
• Profile information: first name, last name, username, and an optional profile photo.
• User content: tasks, subtasks, task titles and descriptions, priority levels, due dates, requests, questions, poll options, and responses you create or send.
• Recipient information you supply: when you send a request, task, or invitation, you provide the recipient's name and email address so we can deliver your message.
• Feedback: feedback text and any files you attach when you use our in-app feedback feature.
• Communications: messages you send to our support team.

2.2 Information collected automatically

• Account identifiers: an internal account ID we generate for your account.
• Device and technical data: device type (iOS or Android), operating system version, app version, and time zone.
• Push notification tokens used to deliver push notifications to your device.
• Log and usage data: IP address, approximate event timestamps, whether recipients have viewed or responded to your requests, and response rates.
• Crash data: stack traces, device model, operating system version, and app version when the app encounters an error.
• Advertising identifier: a device-level identifier provided by your mobile operating system, collected only when you grant tracking permission. If you decline, this identifier is not collected and is not transmitted to our advertising partners.
• Cookies and similar technologies: on the website, cookies and browser local storage for authentication sessions and preferences. On mobile, secure device storage for session tokens and local key-value storage for app preferences.

2.3 Product analytics and Usage Metrics

We use product analytics to understand how the Service is used and to improve it. Recorded events relate to feature usage, in-app prompts, and non-fatal errors, and are associated with your internal account ID rather than your name or email. We also retain aggregate, pseudonymized metrics derived from your use of the Service, which do not contain the substantive content of your User Content (collectively, "Usage Metrics").

2.4 Marketing measurement and ad optimization

We work with third-party advertising partners to measure the effectiveness of advertisements we run to promote the Service, and to optimize how those ads are delivered. Our mobile app transmits a limited set of signals to these partners, including app installs and opens, a small set of in-app product events (for example, when a user sends their first task), basic device information (device type, operating system version, app version), and your device's advertising identifier (only when you have granted tracking permission).

We do not transmit your name, email address, phone number, or the content of your tasks, messages, or User Content to these partners.

Where supported by your operating system, install attribution may also occur through privacy-preserving frameworks that return aggregate, non-identifying data and do not require tracking permission.

We do not display third-party advertisements inside the Service, and we do not use these signals to build audiences for retargeting or for any purpose other than measuring and optimizing the advertisements we run.

3. How We Use Information

We use the information we collect to:

• Create and maintain your account and deliver the Service.
• Deliver, route, and display requests, tasks, and responses between you and the people you choose to involve.
• Send transactional communications, including email and push notifications.
• Measure product usage, diagnose errors, and improve the Service.
• Prevent fraud, abuse, and violations of our Terms of Service; enforce our agreements; and protect the safety of our users.
• Comply with legal obligations and respond to lawful requests.

We do not display third-party advertisements inside the Service. We do share a limited set of signals with our advertising partners so we can measure and optimize the advertisements we run to promote the Service, as described in Sections 2.4 and 4.5.

4. How We Share Information

4.1 With other users

The Service is collaborative. When you send a request or invite a collaborator, that recipient will see your name, profile photo, and the content you sent them. Recipients you invite will also see your responses to their requests, if any.

4.2 With service providers (processors)

We share information with vendors who process data on our behalf, under contracts that restrict use of that data to providing services to us. These providers support, among other things, cloud hosting, database, authentication, and file storage; push notification delivery; crash and error reporting; product analytics; transactional email delivery; and font and content delivery.

4.3 For legal reasons and safety

We may disclose information when we believe in good faith it is necessary to:

• Comply with applicable law, legal process, or a lawful government request.
• Enforce our Terms of Service or investigate potential violations.
• Detect, prevent, or address fraud, security, or technical issues.
• Protect the rights, property, or safety of Nomo, our users, or others.

4.4 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify you if this occurs and the successor is bound by this Privacy Policy or provides notice of changes.

4.5 Information shared with advertising partners

We do not sell your personal information for money. However, as described in Section 2.4, our mobile app transmits a limited set of signals — including your advertising identifier (only when you have granted tracking permission), app installs and opens, and a small number of in-app events — to one or more third-party advertising partners so that those partners can measure and optimize the advertisements we run to promote the Service. Under California, Colorado, Connecticut, Texas, Utah, and Virginia privacy laws, this activity may be considered "sharing" for purposes of cross-context behavioral advertising or "targeted advertising."

How to opt out. On iOS, you can opt out at any time by opening the Settings app → Privacy & Security → Tracking and turning off "Allow Apps to Request to Track" (either for Nomo specifically or for all apps). You may also choose "Ask App Not to Track" the first time the in-app tracking prompt appears. When you decline, we do not transmit your advertising identifier to our advertising partners, and any further install attribution occurs only through aggregate, non-identifying methods provided by your operating system.

5. Data Retention and Deletion

We retain personal information for as long as your account is active or as needed to provide the Service, resolve disputes, enforce our agreements, and comply with legal obligations.

You can delete your account at any time:

• In the mobile app: Settings → Delete Account.
• By email: napgosu@nomo.sh.

When you delete your account, we permanently delete your account data and User Content from our primary systems.

Deletion of individual Items. When you delete an individual unit of User Content through the Service, we remove its substantive content from our primary production systems within a commercially reasonable period. We may retain Usage Metrics and other pseudonymized or de-identified metadata associated with the deletion for the purposes set forth in Section 3. Deletion of an individual unit of User Content is distinct from, and does not effect, account-level deletion.

Some information may persist after deletion:

• Anonymized or aggregated data that no longer identifies you.
• Logs and analytics held by our analytics and crash-reporting vendors subject to their retention policies.
• Information we are required to retain for legal, tax, accounting, or security purposes.
• Backups, which are overwritten on a rolling basis.

6. Data Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (HTTPS/TLS), at-rest encryption for stored data, row-level access controls, and secure credential storage on mobile devices. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

7. Data Location

Your information is stored and processed in the United States.

8. Your Choices

• Profile and content: view, edit, or delete your profile and content through the Service.
• Notifications: manage push notification preferences in Settings → Notifications, or via system-level device settings.
• Marketing emails (if any): unsubscribe using the link in the email.
• Ad tracking: deny tracking when prompted, or change your preference at any time in iOS Settings → Privacy & Security → Tracking. See Section 4.5 for details.
• Account deletion: see Section 5.

9. U.S. State Privacy Rights

Depending on where you live, you may have additional rights under state privacy laws (including California, Virginia, Colorado, Connecticut, Utah, and Texas).

9.1 Rights (subject to eligibility and exceptions)

• Right to know / access: confirmation that we process your personal information, and a copy of it.
• Right to delete: deletion of personal information we hold about you.
• Right to correct: correction of inaccurate personal information.
• Right to data portability: your data in a portable, machine-readable format.
• Right to opt out of targeted advertising, sale, or "sharing": we do not sell personal information for money. We do share a limited set of advertising-related signals with third-party advertising partners to measure and optimize the ads we run to promote the Service, as described in Section 4.5. You can opt out at any time using the iOS App Tracking Transparency control described in Section 4.5.
• Right of non-discrimination: we will not discriminate against you for exercising any of these rights.

9.2 California (CCPA/CPRA) specifics

• Categories collected in the past 12 months: identifiers (including, when permitted by you, your device's advertising identifier), customer records, internet or network activity (usage data), geolocation data (IP-based only, approximate), and user-generated content.
• Sources: you, your device, and the people you invite.
• Business purposes: providing and improving the Service, security and fraud prevention, communications, and legal compliance.
• Do Not Sell or Share: we do not sell personal information for money. We do share a limited set of advertising-related signals with third-party advertising partners for purposes that may qualify as "sharing" for cross-context behavioral advertising under California law. See Section 4.5 for the categories of data shared and how to opt out.
• Sensitive personal information: we do not use or disclose sensitive personal information for purposes that require an opt-out right under California law.
• Financial incentives: none offered.

9.3 How to exercise your rights

Email napgosu@nomo.sh with the subject "Privacy Request" and describe the right you wish to exercise. To protect your information, we will take reasonable steps to verify your identity, typically by asking you to confirm the email address on file with your account. We will respond within the time required by applicable law. You may designate an authorized agent by providing signed written permission. If we deny your request, you may appeal by replying to our response with the word "Appeal" and an explanation of why you disagree.

10. Children Under 13

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, contact us at napgosu@nomo.sh.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" at the top and, for material changes, provide additional notice (such as an in-app or email notice). Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the changes.

12. Contact Us