Features Pricing Support Nab the app
Legal

Privacy Policy

Last updated: 2026-06-04

⚠ Draft — not yet legally reviewed.

This page is a working draft authored to mirror the real Nabsy product. It is not legal advice and must be reviewed by counsel before launch or App Store / Play submission.

Summary

Nabsy is a local-first shopping-list app. Your lists, items, categories, templates, and recipes live on your device. Sync, sharing, and account-bound features are opt-in: nothing leaves your device until you sign in or share a list.

  • We do not sell your data. There is no advertising in Nabsy.
  • You can use Nabsy without an account at all — fully on-device.
  • When you do sign in, we collect the minimum needed to keep your lists in sync across your devices and let you share lists with people you invite.

What this policy covers

This policy applies to the Nabsy mobile app, the marketing website at nabsy.app, and the Nabsy sync service. It does not cover services you connect Nabsy to directly, app marketplaces, device operating systems, or other services that have their own privacy policies.

Information we collect

Stays on your device unless you sign in

By default, your lists, items, categories, folders, templates, and recipes are stored only in Nabsy's local SQLite database on your phone. We don't see them.

If you sign in

  • Account identifiers from your sign-in method, such as an opaque account id, email address if you choose to share it, and basic profile information provided during sign-in. We do not receive your password.
  • Sync data you create after signing in: lists, items, products, categories, folders, templates, recipes, members, and the activity events Nabsy emits to keep your devices consistent.
  • Device identifiers we generate or receive, such as a per-install id and a push notification token if you allow notifications, so we can deliver pushes only to your active devices.

If you share a list

  • We create a share link with a token. Anyone with the link (and a short access code when required) can join the list. We record who joined, their role, and basic activity on the list so collaborators can see what's been changed.

Subscriptions

If you subscribe to Nabsy Premium, the purchase may be processed by an app marketplace, payment processor, or subscription-management provider. We receive information needed to confirm whether your Premium entitlement is active; we do not receive your full payment-card details.

Analytics & error reporting

  • In the app: limited product events, feature usage, premium gate impressions, diagnostics, and errors to improve the product. No raw list contents leave your device for analytics.
  • On nabsy.app: privacy-conscious website analytics for traffic and performance. If you opt in via the consent banner, we may also collect product analytics for conversion and site-improvement events.

How we use information

  • To run the sync engine that keeps your lists current across your devices.
  • To deliver list invitations, share links, and member-management features.
  • To send push notifications you opt into (e.g. "Alex added 3 items to Groceries").
  • To enforce subscription entitlements and present the paywall.
  • To measure feature usage, fix bugs, and improve the product.
  • To enforce our Terms and protect against abuse.

We do not use your information to build advertising profiles. We do not sell or rent personal data.

Sharing & service providers

Nabsy uses a small number of trusted service providers to deliver the app. They receive only what they need to do their job, under contract:

  • Hosting and database infrastructure to run the sync service, store synced data, and host the marketing website.
  • App marketplaces and sign-in services for app distribution, account sign-in, and platform account features.
  • Payment and subscription services for purchase processing, subscription status, and entitlement evaluation.
  • Push notification services to deliver notifications you opt into.
  • Analytics and diagnostics services to understand feature usage, measure site performance, and diagnose errors. Optional website analytics load only after consent where required.

We may disclose information if required by law, to protect Nabsy or its users, or as part of a corporate transaction (merger, acquisition, asset sale) — in which case this policy will continue to apply or you will be notified before the change.

Data retention

  • Local data stays on your device until you delete it or uninstall the app.
  • Sync data is retained while your account is active. When you delete your account, we delete or anonymize your account data within 30 days, except where retention is required to comply with law or resolve disputes.
  • Backups may preserve a limited point-in-time window of the sync database for disaster recovery.
  • Analytics events are retained for up to 12 months in aggregated form.

Your choices & rights

Depending on where you live, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Object to or restrict certain processing.
  • Withdraw consent for optional analytics (web) or notifications (app).

You can delete your account from Settings → Account in the app. Email privacy@nabsy.app for any of the requests above.

Security

Sync data is encrypted in transit (HTTPS). Sign-in tokens are short-lived JWTs signed with a rotated server secret. Share-link codes are hashed at rest. We follow the principle of least privilege for access to production systems. No system is perfectly secure; please report security issues to security@nabsy.app.

Children

Nabsy is not directed at children under 13 (or the applicable age in your region) and we do not knowingly collect data from them. If you believe a child has given us information, contact us and we will delete it.

International transfers

Nabsy is run from infrastructure hosted in multiple regions by our service providers. By using Nabsy you understand that your data may be transferred to and processed in countries other than your own, including the United States. We rely on standard contractual clauses and provider commitments where applicable.

Changes

We may update this policy. Material changes will be announced in-app and on this page with a new "Last updated" date. Continued use after a change means you accept the updated policy.

Contact

Email privacy@nabsy.app for privacy questions or data-rights requests. For general support see /support.