Privacy Policy

This summary is for convenience — the sections that follow control if there is any conflict.

• Your content stays with you and Apple. Screenshots, notes, voice memos, links, PDFs, reminders, and routines are stored on your device and (if you enable iCloud sync) inside your personal Apple iCloud account using Apple's CloudKit framework. We do not host, copy, or back up your library on our servers.
• AI is on-device first, cloud only when necessary. Apple Foundation Models, Core ML, on-device OCR, and on-device speech recognition handle most AI features locally on your device. When you ask for a feature that exceeds on-device capability (advanced summarisation, multi-step reasoning, or real-time live transcription), specific content you submit may be processed by our AI partners (NVIDIA Cloud, OpenRouter, Speechmatics) under data-processing agreements with no-training and short-retention obligations. We never send your full library to any cloud service.
• No advertising, no profiling, no data sale. We do not sell your personal data, use it for behavioural advertising, build advertising profiles, or share it with data brokers.
• Diagnostics are aggregate and minimised. Crash reports (Sentry) and subscription events (RevenueCat) help us keep the app working. They contain device + error + purchase metadata — not your library content.
• You can delete everything. You can delete any individual item, your entire library, your subscription, and your account from inside the app at any time. Account deletion permanently removes locally stored data and queues your iCloud-synced data for deletion through Apple's CloudKit.
• You have rights. Depending on where you live, you have rights to access, correct, port, or delete your data, and to object to processing. We honour those rights regardless of where you live.

This Privacy Policy is published by:

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, the Swiss FADP, the California Consumer Privacy Act (CCPA/CPRA), Brazil's LGPD, and Moroccan Law n° 09-08 on the protection of natural persons with regard to the processing of personal data, Taha Baalla is the data controller (or "business" / "responsable du traitement") for Némos.

We do not currently have a statutory obligation to appoint a Data Protection Officer (DPO) or an EU/UK Article 27 representative. If that changes, we will update this section. In the meantime, you can reach the controller directly using the contact details above.

This Privacy Policy applies to:

• The Némos iOS, iPadOS, and watchOS application (the "App"), including its widgets, Live Activities, Share Extension, Siri Shortcuts, App Intents, and Apple Watch companion;
• The Némos website at nemosapp.com and any subdomains, including the waitlist and account pages;
• Any browser extension, desktop client, or visionOS app we may release in the future, unless it has its own published policy.

Third-party services you reach through the App or the website (for example, links you save) are governed by their own privacy practices. We are not responsible for those services.

We have organised this section to mirror Apple's App Store Privacy Nutrition Label categories so that what you read here matches what you see on the App Store listing.

4.1 Identifiers (linked to you)

• Apple ID hash: When you sign in with "Sign in with Apple", Apple gives the App a stable, opaque user identifier. We never receive your Apple ID email address unless you explicitly choose to share it. We use this identifier solely to authenticate you and synchronise your subscription state.
• Subscription identifier: RevenueCat (our subscription provider) issues an anonymous "App User ID" linked to your Apple subscription so we can determine whether you have an active Pro subscription.
• Email address (waitlist only): If you join the waitlist on the website, we collect the email address you provide so we can email you when access opens. We do not require an email to use the App itself.

4.2 User content

• Screenshots, photos, links, notes, PDFs, audio recordings, transcripts, ebooks, web articles, video, and other media you save in the App.
• Folders, Smart Spaces, tags, reminders, routines, chat conversations, and the AI-generated names, summaries, and tags attached to your items.
• Knowledge-base entries you build inside the App (used by the on-device retrieval-augmented search).

Important: User content is stored locally on your device and (if you enable iCloud sync) in your personal iCloud account, not on Némos servers. See section 7.

4.3 Usage and diagnostics

• Aggregate feature usage (e.g. how many times the capture button was tapped) collected through privacy-respecting product analytics.
• Crash reports, ANRs (app-not-responding), and exception traces sent to Sentry. These contain device model, OS version, app version, a stack trace, and breadcrumbs of recent in-app events. We strip personal content before sending where technically possible.
• App Store / TestFlight metrics provided to us by Apple in aggregated form.

4.4 Purchases

• Subscription start, renewal, cancellation, refund, billing-issue, and trial-conversion events forwarded by Apple via App Store Server Notifications and reconciled by RevenueCat.
• We do not receive your payment card, banking, or address details — Apple processes the transaction.

4.5 Permission-gated device data

The App requests certain Apple system permissions only when you use the related feature, and only with the justification declared in the App's Info.plist. You can revoke any permission at any time in iOS Settings → Privacy & Security or Settings → Némos.

• Photo Library (NSPhotoLibraryUsageDescription / WhenInUse): to import existing screenshots and photos you choose to save into the App.
• Camera (NSCameraUsageDescription): to scan documents, capture screenshots, and use the live data scanner (text / barcode / QR).
• Microphone (NSMicrophoneUsageDescription): to record voice memos and dictate notes.
• Speech Recognition (NSSpeechRecognitionUsageDescription): to transcribe voice memos. Most transcription happens on-device. Real-time / live transcription is processed by Speechmatics (see section 6).
• Notifications: to deliver reminder alerts, Live Activity updates, and routine prompts you have configured.
• Local Network: only when needed for direct device-to-device sync.
• Face ID / Touch ID (NSFaceIDUsageDescription): to lock the App. Face / fingerprint data never leaves the Secure Enclave on your device — we never see it.
• Calendar / Reminders: only if you explicitly enable two-way sync with Apple Calendar / Reminders.
• Location: we do not request precise GPS location. Some features may use approximate, coarse network-level location for time-zone or weather context (via Apple's WeatherKit, which receives only the coarse location).
• Family Controls / Screen Time: only if you enable the optional focus-and-routines integration (currently gated, requires Apple's Family Controls entitlement).
• Nearby Interaction (UWB): only when you opt into peer-to-peer ranging features.
• Group Activities (SharePlay): only when you start a SharePlay co-edit session over FaceTime.

4.6 Web / waitlist

• Email address you submit to the waitlist form.
• IP address (necessarily processed by our hosting provider Cloudflare for routing, rate-limiting, and protection against abuse — never used to track you across sites). IP addresses are not stored in our waitlist database; they appear only in transient hosting logs.
• If, and only if, you accept the cookie / analytics consent banner: pseudonymous Google Analytics 4 measurement events (page views, durations, scroll depth) keyed to a per-browser cookie. You can withdraw consent at any time and we will stop sending events.

4.7 What we do NOT collect

• We do not read, scan, mine, or train models on the content of your library.
• We do not collect precise GPS location for tracking.
• We do not collect contacts, call logs, SMS, browser history, or health / fitness data.
• We do not use the Identifier for Advertisers (IDFA), fingerprinting, or any cross-site / cross-app tracking technology.
• We do not buy data about you from data brokers.

We use the categories of data above only for the purposes listed:

• Provide, operate, secure, and improve the App and the website;
• Authenticate you and synchronise subscription state across your Apple devices;
• Sync your library between your devices via your personal iCloud account;
• Run on-device AI features (auto-naming, tagging, summarisation, OCR, embeddings, search, transcription) and, where you trigger features that exceed on-device capability, run cloud-assisted AI features through the partners disclosed in section 6;
• Diagnose crashes and improve reliability;
• Process subscription billing through Apple and reconcile entitlements through RevenueCat;
• Send service emails (waitlist confirmations, security alerts, material legal updates). We do not send marketing email without your prior consent;
• Comply with legal obligations and respond to lawful requests;
• Detect, prevent, and respond to fraud, abuse, security incidents, and breach of these terms.

We do not use your information for behavioural advertising, profiling for marketing purposes, or automated decision-making that produces legal or similarly significant effects on you.

Némos is designed on-device-first. The following AI features run entirely on your device, with no content leaving your device or your iCloud:

• Apple Foundation Models (iOS 26+ / iPadOS 26+ / macOS 26+ where available) for summarisation, naming, and rewriting.
• Apple Vision (VNRecognizeTextRequest) and on-device OCR for screenshot and document text extraction.
• Apple Speech (SFSpeechRecognizer, on-device mode) for voice memo transcription.
• Core ML embeddings and clustering used by the local search and "Smart Spaces" features.
• VisionKit Data Scanner for live text and barcode capture.

When you trigger features that the on-device models cannot satisfy at the required quality (for example, advanced multi-step reasoning, very large context summarisation, or real-time live transcription), the App may send only the specific content needed for that request to one of the following processing partners. We do not send your full library, and we do not retain the request payload on our own servers.

• NVIDIA Cloud (NIM / NeMo): for advanced inference. Operated under NVIDIA's enterprise data-processing terms. Used in zero-retention modes where available.
• OpenRouter: a multi-provider AI gateway that routes specific requests to model providers. We select providers whose terms prohibit training on your content. OpenRouter and the underlying providers may briefly retain inference payloads for abuse prevention; we have configured zero-retention routing where supported.
• Speechmatics: for real-time live speech-to-text over a WebSocket connection. Audio is processed in transit and is not retained on Speechmatics' systems beyond the time needed to return the transcript.

No model training on your content. Our agreements with the AI partners listed above prohibit using your content to train, fine-tune, or improve their models on our behalf. We do not, and will not, sell your content to AI companies or third parties for training.

If you do not want any cloud AI processing to occur, you can disable cloud-assisted AI features in Settings → Privacy. Some advanced features will be unavailable while cloud AI is disabled.

7.1 On your device

By default, the entire Némos library is stored locally on your device using MMKV (an encrypted key-value store) and the iOS file system inside the App's sandbox. Sensitive secrets are stored in the iOS Keychain. Live Activities, widgets, and Apple Watch read from a shared App Group container that only Némos targets can access.

7.2 In your Apple iCloud account

If you enable iCloud sync, your library is synchronised across your Apple devices through Apple CloudKit using two databases:

• A private CloudKit database tied to your Apple ID — only you (and Apple under their privacy policy) can access this data;
• A shared CloudKit database used only when you explicitly invite another Apple user to a shared folder.

We do not receive a copy of your CloudKit data. Apple is the storage controller; their handling is governed by Apple's Privacy Policy and their iCloud terms.

7.3 On our infrastructure

We operate a thin server footprint, used only for the items listed below:

• Cloudflare Pages (United States / global edge): hosts the marketing website and waitlist form;
• Cloudflare D1 (a SQLite database at the Cloudflare edge): stores waitlist email addresses and timestamps;
• Cloudflare Workers: serve the API endpoints (waitlist subscribe, health checks);
• Resend (United States): delivers transactional emails (waitlist confirmations, account / security emails);
• Sentry: stores crash reports and diagnostic events (we use Sentry's EU region where account configuration permits);
• RevenueCat (United States): stores subscription entitlement events.

The third parties below process personal data on our behalf, under written data-processing agreements that bind them to confidentiality, security, and use-limitation obligations.

We will keep this list current. We will give reasonable advance notice of new sub-processors that materially change how we process personal data.

We do not sell, rent, or trade your personal data. We do not share it for cross-context behavioural advertising as defined under California law. We share data only as follows:

• With the sub-processors listed above, strictly to provide the App and the website;
• With Apple, for billing, subscription, and platform integration;
• With other Némos users you choose to invite to a shared folder — they will see the contents of that folder until you revoke their access;
• With government, courts, or law enforcement, only when compelled by legally valid process, after meaningful review, and to the minimum extent required. We will challenge requests we believe are overbroad or unlawful;
• In the event of a corporate change (sale of the business, merger, succession of the sole proprietorship). We will give reasonable notice and your data will continue to be governed by a privacy policy at least as protective as this one;
• To protect rights and safety, where strictly necessary to investigate fraud, abuse, threats to physical safety, or violations of our Terms of Service.

When you share a folder, the people you invite gain access to the items inside that folder for as long as the share is active. Sharing operates over Apple's CloudKit Shared Database — Némos does not relay or copy the contents.

You can change a participant's permissions or revoke access at any time from inside the App. Once you revoke access, future updates are no longer visible to the former participant; copies they have already exported are outside our control.

To make Némos useful on the lock screen and your wrist, we use a shared App Group container so the main App, the widget extension, the Live Activity extension, the Share Extension, and the Apple Watch companion can read and write the same data.

• Only Némos targets that you have installed can read this container.
• Spotlight indexing donates titles and snippets so iOS can surface your items in system search; you can disable Spotlight indexing for Némos at any time in iOS Settings → Siri & Search.
• App Intents (used by Siri, Shortcuts, and the new App Intents framework) run on-device and only invoke the operations you explicitly allow.
• The Apple Watch companion sends voice recordings to the iPhone (over Watch Connectivity) for transcription; the audio is not relayed off-device unless you have enabled cloud transcription.

The Némos iOS / iPadOS / watchOS App does not use cookies or web tracking technologies.

The website at nemosapp.com uses:

• Strictly necessary cookies for the waitlist form and abuse prevention. These cannot be disabled, are session-only or short-lived, and contain no personal identifiers beyond what is needed for the request.
• Analytics cookies (Google Analytics 4) — only after you accept the cookie banner. We do not load any analytics or advertising script before consent. You can withdraw consent at any time by clicking "Cookie preferences" in the website footer.

We do not load advertising cookies, social-media tracking pixels, or fingerprinting libraries on the website.

Némos does not "track" you in the sense defined by Apple's App Tracking Transparency framework. We do not link information collected from the App with information from third-party apps or websites for advertising or advertising-measurement purposes, and we do not share device identifiers with data brokers. The App therefore does not display the ATT prompt — there is no tracking we could ask permission for.

We retain personal data only as long as is necessary for the purpose for which it was collected, or as required by law:

• Your library content: retained on your device and in your iCloud until you delete it. Items moved to "Recently Deleted" are erased automatically after 30 days.
• Waitlist email: retained until you unsubscribe (every email contains a one-click unsubscribe link) or you ask us to delete it.
• Subscription events (RevenueCat): retained for the life of your subscription plus 7 years for tax / accounting purposes (or longer if a longer period is required by law).
• Crash reports (Sentry): retained for up to 90 days, then permanently deleted.
• Aggregate / pseudonymous analytics: retained in non-identifiable form indefinitely for trend analysis.
• Server logs (Cloudflare, Resend): retained for up to 30 days for security and abuse-prevention purposes.
• Records related to a legal claim: retained for the duration of the limitation period applicable to the claim.

The data controller is established in the Kingdom of Morocco. Some of our sub-processors are located in the United States, the United Kingdom, and the European Economic Area. When personal data leaves your country, we rely on lawful transfer mechanisms:

• For transfers from the EEA, the UK, or Switzerland to a third country: the European Commission's Standard Contractual Clauses (with the UK Addendum / Swiss recognition where applicable), supplemented by technical safeguards (encryption in transit and at rest, access controls);
• For transfers from Morocco to a third country: compliance with Moroccan Law n° 09-08 and any prior authorisations or transfer mechanisms required by the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP).

You can request a copy of the safeguards in place by emailing [email protected].

You can delete your Némos account and the data associated with it from inside the App at any time:

1. Open the App;
2. Go to Settings → Account → Delete account;
3. Confirm the deletion.

Account deletion immediately:

• Removes locally stored data on the device;
• Issues a CloudKit deletion request for your private and shared databases — Apple permanently erases data on a schedule it controls;
• Deletes your subscription identifier from RevenueCat;
• Removes your email from our waitlist database (if applicable);
• Triggers deletion of associated diagnostic events from Sentry (subject to Sentry's deletion timelines, which can take up to 90 days).

If your subscription is still active, deleting your account does not automatically cancel the subscription — you must cancel through Apple (Settings → Apple ID → Subscriptions). See section 8 of the Terms of Service.

You can also request deletion by emailing [email protected]. We will verify your identity and complete the deletion within 30 days (or sooner if required by applicable law).

17.1 Rights available to all users

• Access — view what we hold and how we use it;
• Correction — fix inaccurate data;
• Deletion — delete your account and personal data (see section 16);
• Export — export your library at any time from the App;
• Withdraw consent — for any processing based on your consent.

17.2 EEA, UK, and Switzerland (GDPR / UK GDPR / FADP)

You have the rights of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability (for data you provided based on contract or consent and processed by automated means), objection (including a general right to object to processing based on legitimate interests), and not to be subject to a decision based solely on automated processing producing legal or similarly significant effects.

Our legal bases for processing are:

• Performance of a contract (GDPR Art. 6(1)(b)) — to provide the App and the subscription you have purchased;
• Legitimate interests (Art. 6(1)(f)) — to keep the App secure, prevent fraud, and improve reliability, balanced against your rights and freedoms;
• Consent (Art. 6(1)(a)) — for cookies / analytics on the website and any optional opt-in features clearly labelled as such;
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and law-enforcement obligations.

You have the right to lodge a complaint with your supervisory authority (in the EEA, that is the data-protection authority of your member state of residence; in the UK, the Information Commissioner's Office; in Switzerland, the FDPIC).

17.3 California (CCPA / CPRA)

California residents have the right to know what personal information we collect, use, disclose, and (if applicable) sell or share; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information for cross-context behavioural advertising — we do not sell or share personal information as defined by California law; the right to limit the use of sensitive personal information — we do not use sensitive personal information for purposes that trigger this right; and the right to non-discrimination for exercising these rights.

To exercise these rights, email [email protected]. You may also designate an authorised agent. We will verify your identity by matching the email or Apple ID identifier on file.

17.4 Other US states (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, and others)

If you reside in a US state with a comprehensive privacy law, you generally have rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of targeted advertising, sale, and certain forms of profiling. We do not engage in targeted advertising, sale, or profiling that produces legal effects. To exercise any state-law right, email [email protected].

17.5 Morocco (Law n° 09-08)

If you are in Morocco, you have the rights of information, access, rectification, and opposition under Law n° 09-08. You may also lodge a complaint with the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel).

17.6 Brazil (LGPD)

Data subjects in Brazil have the rights established under Articles 17–22 of the LGPD, including confirmation, access, correction, anonymisation, blocking, deletion, portability, information about sharing, and revocation of consent.

We respond to verifiable rights requests within 30 days (or sooner where required by law). We may need to ask for additional information to verify your identity. Where you exercise your rights through an authorised agent, the agent must demonstrate that you have authorised them to act.

Némos is rated 4+ on the App Store but is not directed at children. The App is intended for users aged 13 and older (16 or older in the EEA, where the digital-consent age in your country is 16). We do not knowingly collect personal data from children below the applicable digital-consent age without verifiable parental or guardian consent.

If you are a parent or guardian and you believe your child has provided personal data to us without your consent, please contact [email protected] and we will delete that data. We comply with the US Children's Online Privacy Protection Act (COPPA) and Article 8 GDPR.

We protect personal data with administrative, technical, and physical safeguards proportionate to the risk:

• TLS 1.2+ for all data in transit;
• Encryption at rest, including MMKV-level encryption on-device, iOS Data Protection (NSFileProtectionComplete or stronger by default) for files in the App sandbox, and Apple-managed encryption for CloudKit;
• Apple Keychain for credentials and tokens; device biometrics gate App Lock;
• App Attest (Apple's DeviceCheck attestation service) on sensitive API requests to verify the request originates from a genuine instance of the App;
• Least-privilege access controls and audit logging on our infrastructure;
• TLS pinning on selected API endpoints;
• Regular dependency and code audits.

No system can be guaranteed 100% secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by law, and notify affected users without undue delay where the breach is likely to result in a high risk.

Until the App is available on the App Store, it is distributed through Apple's TestFlight programme as a pre-release beta. Beta versions may contain bugs, may collect additional diagnostic data, and may be discontinued at any time. Apple's TestFlight terms apply in addition to this Privacy Policy.

The App allows you to save content from third-party websites, services, and apps. Those services have their own privacy practices. We are not responsible for them and recommend you review their policies before saving sensitive content.

We do not subject you to decisions based solely on automated processing — including profiling — that produce legal or similarly significant effects on you. AI features in the App help you organise your library; they do not make decisions about your rights, eligibility, or access to services.

We honour the Global Privacy Control (GPC) browser signal as a valid request to opt out of any sale or sharing of personal information. Because the App and the website do not sell or share personal information, GPC has no incremental effect, but the signal is treated as authoritative for any future processing that could be regarded as sale or sharing.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" and "Effective date" lines at the top of this page;
• Notify you in-App or by email at least 30 days before the changes take effect, where the change is material and where we have your contact information;
• Where required by law, obtain your renewed consent before the new processing begins.

If you do not agree to the updated policy, you must stop using the App and may exercise your rights under section 17.

For privacy questions, rights requests, or to report a concern:

If you are in the EEA, the UK, or Switzerland and you are not satisfied with our response, you have the right to lodge a complaint with your local data-protection authority. If you are in Morocco, you may lodge a complaint with the CNDP at cndp.ma.