Privacy Policy

1. Introduction

NuiDiary ("we," "us," or "our") is a mobile application and related services operated by an independent developer based in Taiwan (Republic of China). NuiDiary provides a photo diary application designed for plushie enthusiasts, enabling users to create, store, and share diary entries featuring their plushies.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the NuiDiary application and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account using Google Sign-In or Apple Sign-In, we collect:

• A unique user identifier provided by Google or Apple
• Your email address (if provided by your sign-in provider)
• Your display name (if you choose to set one)
• Authentication tokens necessary for secure access

2.2 Plushie Profiles

When you create plushie profiles within the app, we store:

• Plushie name
• Personality type and writing style preferences
• Custom personality descriptions (if provided)
• Owner nickname (how the plushie refers to you)
• Avatar and banner images you upload
• Birthday (optional)

2.3 Diary Entries

When you create diary entries, we store:

• Photos you upload
• Diary text (whether written by you or generated through our AI feature)
• Mood emoji and mood description (optional)
• Location description (optional, text only — we do not collect GPS coordinates)
• Memory tags
• Entry date and metadata (favorites, sharing status)

2.4 Subscription Information

If you subscribe to our paid plan ("Bloom"), we receive:

• Subscription status and plan type
• Purchase and expiration dates
• Product identifier

We do not receive or store your payment card details, billing address, or other financial information. All payment processing is handled by Apple App Store or Google Play Store.

2.5 Device Information

We collect minimal device information:

• Language/locale preference (to display the app in your preferred language)

We do not collect device identifiers (IDFA, GAID), hardware specifications, IP addresses for tracking purposes, or any advertising identifiers.

2.6 Usage Data

We track limited usage data necessary for service operation:

• Daily AI generation counts (for free-tier usage limits)
• Storage usage (to enforce plan storage limits)

We do not use third-party analytics services, behavioral tracking, or performance monitoring tools.

3. How We Use Your Information

We use your information for the following purposes:

• Provide the Service: Store and display your diary entries, plushie profiles, and account information
• AI Features: Process your photos and optional context (mood, location) through AI services to generate diary text when you request it
• Social Features: Enable diary sharing with friends you have accepted within the app
• Subscription Management: Verify your subscription status and apply appropriate plan limits
• Image Export: Generate formatted images from your diary entries for sharing on social media
• Notifications: Schedule local diary reminder notifications that you choose to enable on your device (you can disable these in your device settings at any time)
• Service Operation: Enforce usage limits, manage storage, and maintain service reliability and security
• Widget & Extension Features: Display your diary content in home screen widgets or app extensions on your device
• Photo Library Access: Access your photo library when you choose to select images for diary entries or save exported images to your device

Legal Basis for Processing

We process your personal information on the following legal grounds:

• Contractual Necessity: Processing required to provide the Service you signed up for (account management, diary storage, social features, subscription management)
• Consent: Processing that relies on your explicit action, such as using the AI diary generation feature or enabling local reminder notifications. You may withdraw consent at any time
• Legitimate Interest: Processing necessary for service security, fraud prevention, and core service operations such as enforcing storage and usage limits
• Legal Obligation: Processing required to comply with applicable laws and regulations

4. AI Services

NuiDiary offers an optional AI-powered diary text generation feature. When you use this feature:

• Your diary photos are sent to a third-party AI service provider for image analysis
• Contextual information you provide (plushie name, personality, mood, location description) is sent alongside the photos to generate appropriate diary text
• The AI service provider is configured to not store, retain, or use your data for model training
• We do not send your email address, real name, or other personally identifiable information to the AI service provider
• AI-generated text is returned to us and stored as part of your diary entry

AI diary text generation is entirely optional. You can always create photo-only diary entries or write your own text without using the AI feature.

5. Third-Party Services

We use the following third-party services to operate NuiDiary:

We do not use any advertising networks, third-party analytics services, crash reporting tools, or social media tracking pixels.

Our website (nuidiary.com) loads fonts from Google Fonts, which may collect your IP address when the fonts are delivered. Refer to Google's Privacy Policy for details.

6. Data Storage & Security

We take reasonable measures to protect your data:

• Account data and metadata are stored on Amazon Web Services (AWS); images are stored on Cloudflare R2 — both with encryption at rest
• All communications between your device and our servers use HTTPS/TLS encryption
• Authentication uses industry-standard JWT tokens with automatic token rotation
• Refresh tokens are securely hashed before storage
• Database backups are enabled with point-in-time recovery
• Access to production systems is restricted to authorized personnel only

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will:

• Notify affected users via email or in-app notification without undue delay
• Notify the relevant supervisory authority within 72 hours where required by applicable law
• Provide information about the nature of the breach, the data affected, and the measures taken to address it

7. Data Retention & Deletion

7.1 Active Accounts

Your data is retained for as long as your account remains active. You can delete individual diary entries or plushie profiles at any time within the app.

7.2 Account Deletion

You may request deletion of your entire account at any time through the app's settings. Upon requesting deletion:

• Your access to the app is disabled immediately after the deletion request is submitted
• Your account enters a 30-day grace period during which you can cancel the deletion and recover your data
• During the grace period, you may restore your account by signing in again with the same Google or Apple account and confirming restoration in the app
• After the 30-day period, all of your data is permanently and irreversibly deleted, including:
  • All diary entries and associated photos
  • All plushie profiles and images
  • Your user profile and account information
  • All friendship connections and shared diary access
  • All usage records
• Any active subscription must be cancelled separately through your App Store or Google Play account to avoid further billing

7.3 Automatic Data Expiration

Certain temporary data is automatically deleted:

• Daily usage records: deleted after 90 days
• Friend invitations: expire after 24 hours
• Temporary image uploads: cleaned up automatically

8. Data Sharing

8.1 With Other Users

If you use the Friends feature, diary entries you mark as "shared" will be visible to your accepted friends within the app. You control which entries are shared on a per-entry basis.

8.2 Exported Content

When you export diary entries as formatted images, those images are saved to your device. Any further sharing (e.g., posting to social media) is initiated by you and subject to the privacy policies of those platforms.

8.3 What We Do NOT Do

• We do not sell, rent, or trade your personal information to third parties
• We do not share your data with advertising networks
• We do not use your content for marketing purposes without your consent
• We do not provide your data to data brokers or similar entities

8.4 Legal Requirements

We may disclose your information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of NuiDiary, our users, or the public.

9. Your Rights

You have the following rights regarding your personal data:

• Access: View your personal data within the app at any time
• Correction: Edit or update your profile information, plushie details, and diary entries
• Deletion: Delete individual entries or your entire account
• Export: Export your diary entries as images through the app's export feature
• Withdraw Consent: Stop using AI features, disable notifications, or delete your account at any time
• Data Portability: Request a copy of your data by contacting us
• Restrict Processing: Request that we limit how we process your data in certain circumstances
• Object to Processing: Object to processing of your data that is based on our legitimate interests
• Lodge a Complaint: File a complaint with a data protection supervisory authority in your jurisdiction

To exercise any of these rights, you can use the in-app settings or contact us at the email address provided below.

10. Children's Privacy

NuiDiary is rated 4+ on the App Store and is designed to be suitable for all ages. The app does not contain objectionable content, and its core functionality (photo diary) does not require personal information beyond what is described in this policy.

We do not knowingly collect personal information from children under the age of 13 (or the applicable age of consent in your jurisdiction) without parental consent. If you believe a child has provided us with personal information without appropriate consent, please contact us and we will take steps to delete such information.

11. International Data Transfers

NuiDiary is operated from Taiwan and uses cloud infrastructure (AWS, Cloudflare) that may process and store data in various regions. Your data may also be processed by AI service providers based in the United States. By using the Service, you acknowledge that your data may be transferred to and processed in countries other than your country of residence, which may have different data protection laws.

We ensure that any such transfers are conducted with appropriate safeguards in place, including encryption in transit and at rest, and contractual commitments from our service providers regarding data protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you through the app or via email (if available)

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: hello@nuidiary.com