Privacy Policy

Account information: When you sign up, we collect your name, email address, and password. If you use Google sign-in, we receive your name and email from Google.

Quiz responses: Your answers to the onboarding quiz (goals, age range, relationship context, attachment style, coping patterns) are used to personalize your plan. These are stored securely and never shared with third parties.

Chat conversations: Messages you send to Nancy (our AI companion) are stored to maintain conversation context and improve your experience. Chat messages are automatically deleted after 90 days.

Emotional check-ins: Your daily emotion check-ins and optional notes are used to personalize AI responses and track your progress. This data is stored on our servers, not only in your browser.

Exercise progress: We track which exercises you complete and when, to calculate your progress, streaks, and missed days.

Payment information: Payment is processed by Stripe (web) or Apple (iOS in-app purchases). We do not store your credit card number. We store your Stripe customer ID or Apple transaction identifier and subscription status only.

Device information: When you use our mobile app or website, we automatically collect limited technical information including device type, operating system version, app version, browser type, IP address (used only for security, rate limiting, and error diagnosis — not stored beyond 30 days), and approximate region derived from your IP. We do not collect precise location, contacts, photos, microphone, or advertising identifiers.

Error monitoring & crash reports: When the Service encounters an error, we may automatically collect diagnostic information (error type, URL or screen where it occurred, device details, and a short anonymized event log) via Sentry to identify and fix bugs. Personally identifying information is redacted before transmission wherever possible, and this data is retained for 90 days. No audio, video, or journal content is included.

We use your information to:

• Generate and personalize your daily wellness plans
• Power AI-generated responses (daily briefings, emotion acknowledgments, chat)
• Track your progress, streaks, and exercise completions
• Process payments and manage subscriptions
• Send important account notifications

We do not sell your personal data. We do not use your data for advertising. We do not use your data to train AI models.

Ask Nancy uses AI language models to generate personalized responses. When you interact with Nancy, the following data may be sent to our AI providers:

• Your quiz answers (to personalize responses to your situation)
• Recent emotion check-ins (to understand your current state)
• Chat conversation history (to maintain context)

Our AI provider (Anthropic) processes this data under a strict data processing agreement. They do not use your data to train their models. All API communications are encrypted in transit.

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. All data is encrypted in transit (TLS 1.2+).

We implement rate limiting, input validation, and audit logging on all API endpoints to prevent unauthorized access and abuse.

Chat messages: Retained for 90 days, then automatically deleted.

Quiz answers & plans: Retained while your account is active.

Exercise progress: Retained while your account is active.

Audit logs: Retained for 1 year for security and compliance purposes.

When you delete your account, all personal data is permanently removed within 30 days.

You have the right to:

• Access: Download all your data from Settings > Privacy > Download my data
• Rectification: Update your profile information in Settings
• Erasure: Delete your account and all data from Settings > Profile > Delete account
• Portability: Export your data in JSON format from Settings
• Object: Contact us to object to specific data processing

You can exercise these rights at any time through your account settings.

California residents (CCPA/CPRA): We do not sell or share your personal information as defined by the California Consumer Privacy Act. You have the right to know what personal information we collect, request its deletion, correct inaccurate information, and opt out of any sale or sharing for cross-context behavioral advertising (we do not engage in either). To exercise these rights, use the in-app tools above or contact us at trackyourbudgetph@gmail.com. We will not discriminate against you for exercising your CCPA rights.

EU/UK residents (GDPR): You additionally have the right to lodge a complaint with your local supervisory authority. Our legal basis for processing is the performance of our contract with you (delivering the Service), your consent where applicable, and our legitimate interest in operating and securing the Service.

We use the following third-party services to operate Ask Nancy:

• Supabase (database and authentication) — stores your account, plan, and progress data
• Stripe (web payment processing) — processes your subscription payments when you purchase via the website
• Apple (iOS in-app purchases) — processes your subscription payments when you purchase via the iOS app. Apple shares only the transaction identifier and subscription status with us; your payment method stays with Apple under its own privacy policy.
• Anthropic (AI language model) — generates personalized AI responses. Operates under Anthropic's zero-retention commercial terms; content is not used to train models.
• Microsoft Edge TTS (voice synthesis, All-In plan only) — generates Nancy's voice narration from the exercise text we send. No voice recordings from you are collected or transmitted. Only the short text strings we send are processed.
• Sentry (error monitoring) — receives diagnostic information when the Service encounters errors or crashes, used solely to identify and fix bugs. See §1 for what is collected.
• Vercel (web hosting) — serves the website and API. Logs requests (method, path, status, IP) for security and reliability, retained for up to 30 days.

Each sub-processor operates under a data processing agreement or equivalent terms that ensure your data is handled securely and in compliance with applicable privacy laws (including GDPR and CCPA).

We use essential cookies only for authentication (maintaining your login session). We do not use advertising cookies, tracking cookies, or third-party analytics.

Ask Nancy is not intended for users under 18 years of age. We do not knowingly collect personal data from minors.