Privacy Policy

Last updated: March 25, 2026

Nod ("we", "our", "the app") is a proximity-based social discovery app. This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

Account Information

• Apple Sign In: We receive your name and email (if you choose to share them) from Apple. We store a display name, profile photo, and a unique user ID.
• Profile data you provide: Bio, interests, gender, connection intents, profile photo, and vibe tag.

Location Data

• Approximate location: Used to determine your general area for proximity features and venue detection. We use geofencing to detect when you are near supported locations.
• Presence logs: When you dwell at a location, we periodically log your approximate position so other users can see recent activity ("ghosts"). These logs are deleted after 6 hours.

Bluetooth Data

• BLE advertising: Your device broadcasts a rotating, ephemeral hash derived from your user ID. We never broadcast your raw user ID or personal information over Bluetooth.
• Signal strength (RSSI): Used solely to estimate proximity for positioning in the stream view. Not stored on our servers.

Usage Data

• Anonymous analytics events (e.g., feature usage counts, session duration) to improve the app. These contain no personally identifiable information.

2. How We Use Your Data

• Social discovery: Your profile, interests, and embeddings are used to compute compatibility scores with nearby users.
• Proximity matching: BLE and location data determine who is physically nearby.
• Messaging: If two users mutually nod each other, they can exchange messages for 24 hours.
• Safety: Block and report features use your user ID to enforce restrictions.

3. Data Retention

• Matches: Local match records are automatically deleted after 24 hours.
• Ghost presence: Presence logs are pruned after 6 hours.
• Messages: Conversation windows expire 24 hours after a mutual nod.
• Account data: Retained until you delete your account.

4. Data Sharing

We do not sell your data. Your data may be shared with:

• Other nod users: Your display name, photo, bio, interests, vibe tag, and connection intents are visible to nearby users. Your exact location is never shared.
• Service providers: We use Supabase for backend infrastructure (database, authentication, storage). Data is stored in their secured infrastructure.
• AI services: Your interests and bio are processed by Google Gemini to generate embeddings and vibe tags. This data is sent in anonymized form without your name or contact details.

5. Data Security

• BLE identity uses rotating ephemeral hashes, not raw user IDs.
• Authentication uses Apple's secure Sign In flow with PKCE.
• All network communication uses HTTPS/TLS.
• Blocked users are enforced at both the software and BLE hardware level.

6. Your Rights

• Access & export: You can view all your profile data within the app.
• Deletion: You can permanently delete your account and all associated data from Settings. This is irreversible.
• Invisibility: You can enable Invisible Mode to hide from the radar at any time.
• Blocking: Blocked users are filtered at the BLE level and cannot see or interact with you.

7. Children's Privacy

Nod is not intended for users under 18. We do not knowingly collect data from minors.

8. Changes to This Policy

We may update this policy from time to time. Continued use of the app constitutes acceptance of the updated policy.

9. Contact

Questions about this policy? Reach us at hareetj+nod@gmail.com.