§1 The Short Version
| 🔒 Your thoughts are private | We treat your journal entries as deeply personal and protect them accordingly |
| 🚫 We don't sell your data | Ever. Not to advertisers, not to data brokers, not to anyone |
| 🎯 We collect the minimum | Only what's necessary to make Narro work for you |
| 🗑️ You can delete everything | Anytime, with one tap |
| 🌍 You have rights | Access, export, correct, or delete your data |
§2 Information We Collect
2.1 Information You Provide
| Category | Examples | Why we collect it |
|---|---|---|
| Account info | Email, name, password (hashed), date of birth | To create and secure your account |
| Profile info | Display name, profile photo, preferences | To personalize your experience |
| Your Content | Journal entries, thoughts, reflections, voice recordings | To provide the core Service and AI insights |
| Communications | Emails, support tickets, feedback | To respond to you and improve the Service |
| Payment info | Subscription status, transaction history | To process subscriptions (payment details handled by Apple) |
2.2 Information Collected Automatically
| Category | Examples |
|---|---|
| Device info | Device model, OS version, app version, language, time zone |
| Usage data | Features used, session duration, screens viewed, in-app actions |
| Diagnostics | Crash logs, performance metrics, error reports |
| Identifiers | Anonymous device identifiers, advertising ID (only if you allow tracking) |
2.3 Information From Third Parties
If you sign in with Apple, Google, or another identity provider, we receive basic profile info (e.g., name, email) as authorized by you.
2.4 What We Do NOT Collect
- Precise geolocation (unless explicitly enabled by you)
- Contacts, photos, or microphone data (without your permission)
- Health or biometric data (unless you provide it in your entries)
- Sensitive personal data outside what you choose to share in your entries
§3 How We Use Your Information
We use your information to:
- Provide the Service — store your entries, generate AI insights, sync across devices
- Personalize — tailor recommendations, themes, and content to your preferences
- Improve — analyze usage patterns (in aggregate) to make Narro better
- Communicate — respond to support requests, send important updates
- Secure — detect fraud, prevent abuse, protect users
- Comply with law — meet legal obligations and respond to lawful requests
§4 AI Processing of Your Content
When you save an entry in Narro:
- Your entry is encrypted in transit and sent to our servers
- The content is processed by an AI model to generate insights (emotions, themes, suggested actions)
- The insights are returned to your device and stored alongside your entry
- We may use trusted third-party AI providers to perform this analysis. The specific providers may evolve over time; we will keep this Policy updated to reflect the providers we rely on.
Our Commitments
- Any third-party AI providers we use are subject to terms that restrict using your data for their own model training, to the maximum extent permitted by those providers' policies
- Where possible, we strip or anonymize identifying information before sending content to AI providers
- AI providers process data only to return the requested analysis to us
Limitations
AI-generated insights are not always accurate. See our Terms of Service for disclaimers.
§5 How We Share Information
We share information only in these limited circumstances:
5.1 Service Providers
We share data with trusted vendors who help operate the Service. The specific vendors may change over time as the product evolves. Typical categories include:
| Category of provider | Purpose |
|---|---|
| Cloud hosting | Storing your account data and entries securely |
| AI processing | Generating insights from your entries |
| Analytics | Understanding aggregate, anonymized usage |
| Crash reporting | Diagnosing app errors and improving stability |
| Email delivery | Sending account-related and transactional emails |
| Authentication | Letting you sign in (e.g., Apple Sign-In) |
All providers are bound by data-protection terms.
5.2 Legal Requirements
We may disclose information if required by law, subpoena, court order, or to protect the rights, safety, or property of Narro or others.
5.3 Business Transfers
If Narro is acquired or merged, your information may transfer to the new owner — but it will remain subject to this Privacy Policy.
5.4 With Your Consent
We share information only if you explicitly direct us to (e.g., exporting an entry to another app).
We do NOT:
- ❌ Sell your personal data
- ❌ Share your data for cross-context behavioral advertising
- ❌ Provide your journal content to advertisers, marketers, or data brokers
§6 Data Retention
| Type of data | Retention period |
|---|---|
| Account data | Until you delete your account |
| Journal entries | Until you delete them or your account |
| Usage logs | Up to 90 days |
| Crash & diagnostic logs | Up to 30 days |
| Support communications | Up to 2 years |
| Payment records | As required by tax law (typically 7 years) |
When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law.
§7 Your Rights & Choices
Depending on where you live, you may have these rights:
7.1 Universal Rights (All Users)
- Access — Request a copy of the data we hold about you
- Export — Download your entries in a portable format (JSON / Markdown)
- Correct — Update inaccurate information
- Delete — Remove your data or account
- Opt out — Disable analytics, notifications, or marketing emails
7.2 GDPR Rights (European Economic Area, UK, Switzerland)
In addition to the above:
- Right to restrict or object to processing
- Right to data portability
- Right to lodge a complaint with a supervisory authority
- Withdraw consent at any time
Lawful bases we rely on: consent, contract performance, legitimate interests, and legal obligations.
7.3 California Rights (CCPA/CPRA)
California residents may:
- Request disclosure of categories and specific pieces of information collected
- Request deletion of personal information
- Opt out of "sale" or "sharing" (we don't do either, but you may still request confirmation)
- Be free from discrimination for exercising your rights
To exercise your rights, contact us at narro.app@gmail.com.
7.4 Other Jurisdictions
If you reside in a region with similar privacy laws (e.g., Brazil's LGPD, India's DPDP Act, Canada's PIPEDA), you have equivalent rights. Contact us to exercise them.
§8 How to Exercise Your Rights
| Action | How |
|---|---|
| Delete your account | Email narro.app@gmail.com (in-app deletion is on the roadmap and will be available soon) |
| Export your data | Email narro.app@gmail.com with the subject "Data Export Request" |
| Update info | Email narro.app@gmail.com or update from within the app where available |
| Submit a request | Email narro.app@gmail.com with your request and the email address tied to your account |
We aim to respond within 30 days (or sooner if required by law).
§9 Security
We implement industry-standard safeguards to protect your data:
- 🔐 Encryption in transit (TLS 1.3) and at rest (AES-256)
- 🔑 Strong password hashing (bcrypt/Argon2)
- 🚪 Strict access controls — only authorized personnel can access systems
- 🛡️ Regular security audits and penetration testing
- 📋 Incident response plan in case of a breach
If a data breach materially affects you, we will notify you and relevant authorities as required by law.
§10 Children's Privacy
Narro is not directed to children under 17. We do not knowingly collect personal information from anyone under that age. If we discover that we have collected information from a child under 17, we will delete it promptly.
Parents or guardians who believe their child has provided us with personal data may contact narro.app@gmail.com.
§11 International Data Transfers
Narro is operated from India, and we may transfer your information to countries other than your own — including the United States and other countries where our service providers are located.
When we transfer personal data internationally, we rely on safeguards such as:
- Standard Contractual Clauses approved by the European Commission, where applicable
- Data-protection terms in our agreements with service providers
- Compliance with applicable cross-border transfer laws
§12 Cookies & Tracking (Web Only)
Our website narro.in uses:
- Essential cookies — required for the site to function
- Analytics cookies — Google Analytics with IP anonymization (you may opt out)
We do not use third-party advertising cookies. The Narro mobile app does not use cookies but may use anonymous device identifiers for diagnostics.
You can manage cookie preferences via your browser settings.
§13 Tracking & App Tracking Transparency (iOS)
Narro respects Apple's App Tracking Transparency (ATT) framework. We do not track you across other companies' apps and websites. We will only request ATT permission if a feature genuinely requires it — and we do not at this time.
§14 Third-Party Links
Narro may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies before sharing information with them.
§15 Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top
- Notify you via the App or email at least 14 days before the change takes effect
Your continued use after the effective date constitutes acceptance of the updated Policy.
§16 Contact Us
For privacy questions, requests, or concerns:
If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.
§17 Accessibility
This Privacy Policy is available on our website. If you need it in another format (e.g., large print, audio), email narro.app@gmail.com.