ThriveTracker Legal Center & Policies

Terms of Service

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

Scope of Agreement

By installing, accessing, or using ThriveTracker (the Android app, website, and related services — collectively, the "Services"), you agree to these Terms of Service ("Terms"). If you do not agree, do not access or use the Services. The Services are provided by NovoCreation Online LLC, a Connecticut limited liability company ("NovoCreation," "we," "us," or "our").
Eligibility and Account Responsibilities

You must be at least 16 years old and have the legal capacity to enter into agreements. By creating an account you confirm you meet this requirement. You are responsible for maintaining the confidentiality of your credentials and for all activity under your account. Notify us immediately at support@novocreation.online of any unauthorized use. You may authenticate using email/password or Google Sign-In; both flows require affirmative consent.

Your username is permanent once set and cannot be changed to prevent impersonation.
License Grant and Ownership

Subject to compliance with these Terms, we grant you a limited, revocable, non-exclusive, non-transferable license to use the Services on Android devices you own or control for personal, non-commercial purposes. All rights, title, and interest in ThriveTracker — including the ThriveTracker AI engine, on-device intent classifier, and all content — remain with NovoCreation and its licensors.
AI Features and Disclaimers

ThriveTracker includes AI-powered features including the ThriveTracker AI companion (fully on-device, powered by an open-weight language model — by default Google's Gemma 4 E2B IT, with Microsoft's Phi-4 Mini Instruct and DeepSeek R1 Distill (Qwen 1.5B base) available as alternatives — running via Google's MediaPipe Tasks GenAI / LiteRT-LM inference engine), an on-device intent classifier (TFLite), image analysis (ML Kit), and voice input (Android SpeechRecognizer). You may switch the active model from Settings → AI Model at any time. All AI processing runs locally on your device — no conversation data is sent to cloud AI services.
- Agentic actions require your confirmation. ThriveTracker AI may propose concrete actions on your behalf (creating a goal, logging a mood, starting a meditation, tracking a sobriety habit, or directing you to a screen to do something it can't). Every proposed action is shown in a confirmation dialog with editable arguments before it runs — nothing happens automatically. You can review the full history of actions the AI has taken for you in Settings → Agent Audit; this history is stored locally on your device and is wiped when you delete your account.
- Rate limits. To prevent runaway behavior, the agent layer enforces per-user rate limits (currently 8 actions per minute, 30 actions per day). These limits may change over time.
- Not a substitute for professional help. AI responses are for informational and supportive purposes only. ThriveTracker is not a medical device, mental health provider, therapist, or crisis line.
- Crisis resources. If you are in crisis, contact the 988 Suicide & Crisis Lifeline (call/text 988, US), the Crisis Text Line (text HOME to 741741), or emergency services (911).
- AI outputs may be inaccurate, incomplete, or contextually inappropriate. Do not rely on them for medical, legal, or financial decisions.
Subscription and Payments

ThriveTracker offers a paid subscription plan processed through Google Play Billing. By subscribing you authorize recurring charges via your Google Play account.
- Current pricing: Free to download. $9.99/month after a 7-day free trial (subject to change with 30-day notice).
- Subscriptions renew automatically. Cancel anytime in Google Play → Subscriptions before the renewal date to avoid the next charge.
- Refund requests are handled by Google Play's refund policy. Contact us at support@novocreation.online for additional assistance.
- Payment card data is handled entirely by Google Play and is never stored on our servers.
Acceptable Use

You agree not to: violate any applicable laws; submit unlawful, harmful, or deceptive content; attempt unauthorized access to the Services or other users' data; interfere with service performance or security; reverse-engineer proprietary components; use automated scraping or data collection without written consent; or misuse AI features to generate harmful content.
Integrations and Third-Party Services

The Services integrate with third-party platforms including YouTube, Spotify, and Google services. Your use of those platforms is governed by their own terms. We are not responsible for third-party content or availability.
Service Changes and Availability

We may modify, suspend, or discontinue features. We provide reasonable advance notice of material changes. We are not liable for losses arising from temporary unavailability.
Disclaimers and Limitation of Liability

The Services are provided "as is" without warranties of any kind. To the maximum extent permitted by applicable law we disclaim implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We are not liable for indirect, incidental, or consequential damages. Our total liability for any claim will not exceed the greater of USD $50 or the amount you paid in the preceding 12 months.
Governing Law

These Terms are governed by the laws of the State of Connecticut, USA, without regard to conflict-of-law principles. Disputes shall be resolved in the state or federal courts in New Haven County, Connecticut.
Contact

Questions about these Terms? Contact legal@novocreation.online.

Privacy Policy

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

Overview

This Privacy Policy explains how ThriveTracker, a product of NovoCreation Online LLC, collects, uses, stores, and protects your personal information when you use the Android app and related website.

Privacy-first design: The majority of your personal data — wellness logs, goals, tasks, finances, mood entries, sleep records, meditation sessions, and ThriveTracker AI memories — is stored locally on your device using Android KeyStore-backed encryption and a local Room database. Cloud sync (Firebase Firestore) is used only for account management and backup. All AI processing is on-device; no conversation data is sent to cloud AI services.
Data Controller

NovoCreation Online LLC acts as the data controller for personal data processed through the Services. Contact: privacy@novocreation.online.
Information We Collect

3a. Data You Provide — Stored On-Device
- Wellness: mood entries, sleep records, activity logs, meal plans (including favorites), sobriety habits, and meditation session data.
- Goals & Productivity: goals, sub-tasks, milestones, achievements, focus sessions, and tasks.
- Finance: transactions, budget categories, amounts, notes you enter manually, and stock watchlist symbols.
- Learning: courses, study sessions, and personal notes.
- ThriveTracker AI memory: conversation history and behavioral patterns used to personalize the AI companion. This data is stored locally and never transmitted to any server.
- Agent audit log: every action ThriveTracker AI has proposed and you have confirmed (e.g. "Create goal: Learn Spanish", "Log mood 4/5"), along with the policy decision and the execution result. Stored locally on your device, visible to you in Settings → Agent Audit, and wiped when you delete your account or clear app data.
All of the above is stored in an encrypted local database on your Android device. It is not transmitted to our servers unless you explicitly use a cloud backup feature. The in-app data export feature is entirely on-device — your export file is never uploaded to or seen by our servers.

3b. Account and Authentication Data — Stored in Firebase
- Display name, email address, and profile photo (if provided).
- Firebase Authentication UID and Google Sign-In account tokens (if Google Sign-In is used).
- Username (set once, permanent, stored in Firestore).
- ThriveTracker AI configuration: AI companion personality settings and behavior preferences you configure.
- Achievement and streak metadata (aggregated, not raw logs).
3c. Subscription Data — Handled by Google Play

Subscription payments are processed entirely by Google Play Billing. We receive only your subscription status and expiry timestamp from Google Play. We never see or store payment card information.

3d. Third-Party Integration Data
- YouTube Data API: Used to surface learning content recommendations. We send your search queries to YouTube; YouTube's privacy policy applies.
- Spotify: Used for study music and learning features. OAuth tokens are stored locally on-device only. Spotify's privacy policy applies.
- Stock data: Ticker symbols from your watchlist are sent to a market data API to retrieve quotes. No personal identifiers are sent.
3e. Diagnostic and Analytics Data
- Firebase Crashlytics: Crash reports and stack traces (device model, OS version, app version). No personally identifiable information is intentionally included.
- Firebase App Check: Device attestation token to prevent API abuse. This does not identify you personally.
How We Use Your Information
- Deliver and personalize the Services (AI companion responses, goal tracking, wellness insights).
- Authenticate your account and keep it secure (Firebase Auth, App Check).
- Verify subscription status via Google Play Billing.
- Detect and respond to crashes and reliability issues (Crashlytics).
- Comply with legal obligations and enforce our policies.
Legal Bases for Processing (GDPR)
- Contract — to deliver the Services you requested.
- Consent — for optional analytics and marketing; withdrawable at any time.
- Legal obligation — compliance with applicable laws.
- Legitimate interests — security monitoring and fraud prevention.
Sharing Information

We do not sell your personal information. We share data only with:
- Firebase (Google): Auth, Firestore database, App Check, Crashlytics, Remote Config.
- Google Play Billing: Subscription status verification.
- YouTube / Spotify: Feature-specific queries per your usage.
- Law enforcement or legal process: Only when required by law or to protect our legal rights.
Data Security
- On-device data: encrypted via Android KeyStore-backed encryption.
- Firebase Firestore: encrypted at rest and in transit by Google.
- Firebase App Check enforced in production to block unauthorized API calls.
- No plain-text credentials stored anywhere in the app.
International Transfers

Your data may be processed in the United States (Firebase/Google). Where required, we rely on Standard Contractual Clauses or equivalent safeguards for transfers from the EEA, UK, or Switzerland.
Your Privacy Rights

Depending on your jurisdiction you may have the right to access, correct, delete, port, or restrict processing of your personal data. See the Delete My Data tab for step-by-step account deletion instructions.

Encrypted export. To exercise your right to data portability, open Settings → Privacy Center → Export everything (encrypted). The app gathers every record stored on your device (profile, goals, habits, mood / sleep / activity / meditation logs, finance, learning sessions, AI memory, and the AI Agent Audit log), encrypts it with AES-256-GCM using a key derived from a passphrase you choose (PBKDF2-HMAC-SHA256, 600,000 iterations, random per-export salt), and hands the encrypted file to Android's share sheet so you can save or send it wherever you want. The encryption happens entirely on-device. NovoCreation Online LLC never sees the plaintext export or the passphrase — we cannot recover either if you lose the password, so store it somewhere safe.

To open the file on a computer, use our browser-based decryption tool: Thrivetracker Decrypt. The tool runs entirely in your browser via the Web Crypto API — your file and password are never uploaded to a server. The file format (thrivetracker-export-v1) is open and documented, so a developer with the passphrase can also decrypt it with a short script.
Children's Privacy

ThriveTracker is not intended for users under 16. We do not knowingly collect data from children. Contact us at privacy@novocreation.online if you believe we have collected such data and we will delete it.
Policy Updates

We will notify you of material changes via the app or email. Continued use after changes become effective constitutes acceptance.
Contact

Privacy questions: privacy@novocreation.online

Data Retention Policy

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

ThriveTracker follows a data minimization approach. Personal data is retained only as long as necessary to operate the Services, meet legal obligations, and serve legitimate interests. Retention periods are reviewed annually.

On-Device Data (Your Android Device)

Wellness logs, mood entries, sleep records, activity data, meal plans, sobriety tracking, and meditation sessions are stored in an encrypted local Room database. This data persists until you uninstall the app, factory reset your device, or delete your account.
ThriveTracker AI memory and conversation history: stored locally, retained until account deletion or manual clear.
Goal and task data: retained on-device indefinitely while your account is active.
Finance records (transactions, budgets): retained on-device indefinitely while your account is active.

Firebase Account Data (Cloud)

Firebase Authentication UID, display name, email, and Google Sign-In tokens: retained while your account is active. Deleted within 30 days of a verified account deletion request.
Firestore user profile, ThriveTracker AI config, and achievement metadata: deleted within 30 days of account deletion.

Transactional Email Data (Resend)

Recipient email address, subject line, and delivery status of transactional emails (welcome, password reset, account notices) are retained by our email provider Resend for up to 30 days for delivery monitoring, then automatically purged.
Email body content is not retained by Resend beyond delivery.
Edge compute logs from our Cloudflare Workers (used for password reset, transactional email orchestration, account deletion, and on-device AI model download proxy) are retained for up to 7 days for security monitoring and abuse prevention. Cloudflare also receives standard request metadata at the network edge — IP address, approximate city-level geolocation, ASN, TLS metadata — the same metadata any internet service receives. We do not query, store, or log this metadata in application code.

Subscription Data (Google Play)

Subscription status and expiry timestamps are retained while your account is active and deleted within 30 days of account deletion.
Google Play Billing transaction records are managed by Google. Payment card data is never stored by us.

Crash and Diagnostic Data (Firebase Crashlytics)

Raw crash reports are retained for 90 days by Firebase Crashlytics to investigate reliability issues.
Aggregated reliability metrics may be retained for up to 13 months.

Backups

Encrypted cloud backups follow a 30-day rotating deletion schedule.
Anonymized records retained for security audits may be held for up to 7 years after account closure.

Retention questions: privacy@novocreation.online

GDPR Compliance Notice

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

This notice explains how NovoCreation Online LLC complies with the EU General Data Protection Regulation (GDPR 2016/679), the UK GDPR, and related data laws for users in the EEA, United Kingdom, and Switzerland.

Data Minimization & Purpose Limitation

The vast majority of personal data (wellness, goals, finances, mood, AI memory) is stored locally on your device and never transmitted to our servers. All AI processing is fully on-device.
Cloud-stored data (Firebase) is limited to account identifiers, configuration, and aggregate metadata required to deliver the Services.

Lawful Bases for Processing

Article 6(1)(b) – Contract: Account management, subscription status verification (Google Play), and core feature delivery.
Article 6(1)(a) – Consent: Optional analytics, marketing emails. Consent is granular and withdrawable at any time without penalty.
Article 6(1)(f) – Legitimate Interests: Security monitoring (Firebase App Check, Crashlytics), fraud prevention.
Article 6(1)(c) – Legal Obligation: Retaining records for legal compliance.

Special Category Data

Wellness and mood data may constitute special category health data under Article 9. This data is processed solely on-device under your control and is never transmitted to or stored on our servers. The in-app data export feature is entirely on-device — your encrypted export file goes directly to the Android share sheet and is never uploaded to our servers. We rely on Article 9(2)(a) — explicit consent for this processing.

International Data Transfers

Processing partners (Google/Firebase) are based in the United States. We rely on Standard Contractual Clauses (SCCs) and supplementary safeguards (encryption, access controls, vendor risk assessments) for transfers from the EEA/UK/Switzerland.

Data Subject Rights

You may exercise the following rights at any time:

Access (Art. 15): Request a copy of personal data we hold — use in-app "Export Data" or email us.
Rectification (Art. 16): Correct inaccurate account data via Settings or by contacting us.
Erasure (Art. 17): Delete your account and associated cloud data. See the Delete My Data tab. On-device data is cleared when you uninstall the app.
Restriction (Art. 18): Request processing restriction while a dispute is resolved.
Portability (Art. 20): Receive your data in a structured, machine-readable format via the in-app export feature.
Objection (Art. 21): Object to processing based on legitimate interests.
Withdraw Consent: Withdraw consent for analytics or marketing at any time.

We respond within one month (extendable by two months for complex requests). You may also lodge a complaint with your local supervisory authority.

Privacy Governance

Annual data protection reviews and privacy-by-design planning.
Third-party processor due diligence and contractual safeguards (DPAs in place with Firebase/Google).
Breach response meeting Articles 33 and 34 notification obligations.

NovoCreation Online LLC — Data Protection Contact

Email: privacy@novocreation.online

EU representative inquiries: eu-privacy@novocreation.online

UK representative inquiries: uk-privacy@novocreation.online

California Consumer Privacy Act (CCPA) Notice

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

This CCPA Notice supplements the Privacy Policy for California residents under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA").

Categories of Personal Information Collected (Past 12 Months)

Identifiers: Name, email address, Firebase Authentication UID, Google Sign-In account ID, device identifiers.
Personal Records: Goals, tasks, wellness data, mood entries, sleep logs, activity data, meal plans, finance entries — stored on-device only.
Health or Medical Data (Sensitive): Mood tracking, sobriety milestones, sleep quality logs. Stored on-device only; not transmitted to our servers.
Commercial Information: Google Play subscription status and expiry timestamp.
Internet/Network Activity: Crash reports (Crashlytics).
Audio/Visual Data: Profile photos if you upload one. Voice input is processed locally by the Android SpeechRecognizer and is not stored.
Inferences: AI-generated behavioral patterns and insights, processed locally on your device by the ThriveTracker AI engine.

Sensitive Personal Information

We collect health-related data (mood, sleep, sobriety) that qualifies as sensitive personal information under the CPRA. This data is processed on-device only and is used solely to deliver the wellness features you request. You may limit its use via in-app settings.

Purposes for Collection and Use

We collect and use personal information to operate the Services, verify subscriptions, deliver AI features, provide customer support, maintain security, and comply with legal obligations. We do not "sell" personal information as defined under the CCPA.

Sharing Personal Information

We share information only with service providers acting on our behalf: Firebase (Google), Google Play Billing, Cloudflare (Workers — edge compute for password reset, transactional email orchestration, and proxied model download), and Resend (transactional email delivery). HuggingFace hosts the open-weight language model files which are downloaded once at first use (the request is proxied through our Worker — HuggingFace does not see your account or device identifiers). YouTube and Spotify are used for optional features per your usage. All are bound by contractual confidentiality obligations.

California Consumer Rights

Right to Know: Request access to the personal information we collected, disclosed, or used in the preceding 12 months.
Right to Delete: Request deletion of personal information, subject to statutory exceptions. See the Delete My Data tab.
Right to Correct: Request correction of inaccurate personal information.
Right to Limit: Limit our use of sensitive personal information to necessary service delivery.
Right to Opt Out: Opt out of the sale or sharing of personal information. (We do not sell data.)
Right to Non-Discrimination: You will not be discriminated against for exercising these rights.

Submit requests to privacy@novocreation.online or use in-app privacy controls. We respond within 45 days (extendable by 45 days when reasonably necessary).

Authorized Agents

You may authorize an agent to submit requests on your behalf. We require proof of authorization and may verify your identity directly.

End User License Agreement (EULA)

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

This EULA governs your use of the ThriveTracker Android application, website, and any updates (collectively, the "Software"). Installing or using the Software means you accept these terms.

1. License Grant

NovoCreation Online LLC grants you a limited, non-exclusive, non-transferable, revocable license to install and use the Software on Android devices you own or control for personal productivity purposes. You may not rent, lease, sublicense, or resell the Software.

2. Eligibility

You must be at least 16 years old. If acting on behalf of an organization, you represent you have authority to bind it.

3. Acceptable Use

You agree to use the Software lawfully and as documented. You must not: attempt unauthorized access to the Services or other users' data; interfere with security or integrity; reverse-engineer or decompile proprietary components (except where law permits); submit harmful or deceptive content; or misuse the AI or crisis detection systems.

4. AI and Crisis System Use

ThriveTracker includes an on-device intent classifier (TFLite), the ThriveTracker AI companion (powered by an open-weight language model selected by the user — currently Microsoft's Phi-4 Mini Instruct (MIT), Google's Gemma 4 E2B IT (Apache 2.0), or DeepSeek R1 Distill on Qwen base (MIT) — all running fully offline on your device), ML Kit image analysis, and Android voice input. These features are for personal wellness support only and are not a substitute for professional mental health care or emergency services. In a crisis, contact 988 (US) or emergency services immediately.

5. Intellectual Property

ThriveTracker, the ThriveTracker AI engine, the on-device intent classifier model, all app assets, and this documentation are owned by NovoCreation Online LLC. You may not remove proprietary notices, copy, or create derivative works without written permission.

6. Third-Party Services

The Software relies on the following third-party services, each governed by its own terms:

Firebase (Google) Auth, Firestore, App Check, Crashlytics, Remote Config

Google Play Billing Subscription payment processing

MediaPipe Tasks GenAI (Google) On-device LLM inference runtime

Gemma 4 E2B IT (Google, Apache 2.0) Default on-device language model weights

Phi-4 Mini Instruct (Microsoft, MIT) Optional on-device language model weights

DeepSeek R1 Distill / Qwen (DeepSeek, MIT) Optional alternative on-device language model weights

ML Kit (Google) On-device image analysis

YouTube Data API Learning content recommendations

Spotify Study music & learning audio

Google Sign-In OAuth2 authentication option

Cloudflare Workers Edge compute proxy: password reset, transactional email, account deletion, on-device AI model download. Worker URL is delivered via Firebase Remote Config so we can rotate endpoints without an app release.

HuggingFace Origin host for the open-weight on-device AI model weights downloaded once at first use. HuggingFace sees only our Cloudflare Worker's outbound IP, not yours.

Resend Transactional email delivery (welcome, password reset, account notices)

7. Privacy and Data

Your use of the Software is also governed by our Privacy Policy. On-device data is encrypted via Android KeyStore. Cloud data is protected by Firebase security rules and Firebase App Check.

8. Termination

This EULA remains effective until terminated. We may suspend access for EULA or Terms violations. You may terminate by uninstalling the Software and deleting your account. Sections 3–6, 10, and 11 survive termination.

9. Updates

Updates may install automatically via Google Play. Continued use after an update constitutes acceptance of any updated terms.

10. Disclaimer of Warranties

THE SOFTWARE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THRIVETRACKER AND ITS AFFILIATES ARE NOT LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES. OUR TOTAL LIABILITY WILL NOT EXCEED THE GREATER OF USD $50 OR THE AMOUNT YOU PAID IN THE PRECEDING 12 MONTHS.

12. Open-Source Model Attribution

ThriveTracker downloads and runs open-weight language models on your device. We do not modify these models; the weights are used as published by their original authors. The current models and their license terms:

Phi-4 Mini Instruct — Copyright © Microsoft Corporation. Licensed under the MIT License. Source: litert-community/Phi-4-mini-instruct on HuggingFace.
Gemma 4 E2B IT — Copyright © Google LLC. Licensed under the Apache License 2.0. Source: litert-community/gemma-4-E2B-it-litert-lm on HuggingFace.
DeepSeek R1 Distill Qwen 1.5B — Copyright © DeepSeek (distillation) and Alibaba (Qwen base). Licensed under the MIT License. Source: litert-community/DeepSeek-R1-Distill-Qwen-1.5B on HuggingFace.
MediaPipe Tasks GenAI — Copyright © Google LLC. Licensed under the Apache License 2.0. Used as the on-device inference runtime.

The MIT License terms (paraphrased): permission is granted, free of charge, to any person obtaining a copy of the software to use it without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies, subject to the inclusion of the above copyright notice. The software is provided "as is", without warranty of any kind.

For the full text of each license and any model card details, see the linked HuggingFace pages. We will update this section as new models are added to or removed from the Software.

13. Governing Law

This EULA is governed by the laws of the State of Connecticut, USA. Disputes shall be resolved exclusively in the state or federal courts in New Haven County, Connecticut.

14. Contact

legal@novocreation.online

Delete My Data

Last updated: May 27, 2026 (export server language corrected; on-device export clarified across all sections)

Account deletion is permanent. All cloud-stored account data (Firebase Auth, Firestore profile, ThriveTracker AI config, achievements) will be deleted within 30 days and cannot be recovered. On-device data (wellness logs, goals, finance, AI memory) is removed when you uninstall the app.

Option 1 — Delete Directly in the App (Recommended)

Open the ThriveTracker app on your Android device.
Tap your profile icon in the top right, or navigate to the Profile tab in the bottom navigation bar.
Tap Settings (gear icon).
Scroll down to the Account section and tap Delete Account.
Read the confirmation message and tap Confirm Delete.
Your account and all associated cloud data will be permanently deleted within 30 days. You will be signed out immediately.

Option 2 — Delete via the Website

Go to the Delete Account page on this website.
Sign in with the account you want to delete.
Follow the on-screen confirmation steps.
Deletion will be processed within 30 days.

Option 3 — Email Request

If you cannot access the app or website, email privacy@novocreation.online with the subject line "Account Deletion Request". Include the email address associated with your account. We will verify your identity and process the deletion within 30 days.

What Gets Deleted

Firebase Authentication account (email, password, Google Sign-In token).
Firestore profile data (display name, username, ThriveTracker AI config, achievements).
All cloud-backed app data within 30 days of request.
On-device data: automatically removed when you uninstall ThriveTracker.

What Is Retained After Deletion

Google Play transaction records — managed by Google; their retention policy applies.
Aggregated, de-identified analytics — cannot be linked back to you.
Data required by law or to resolve active disputes.

Export your data first. Before deleting, use Settings → Privacy Center → Export everything (encrypted) in the app to download an encrypted copy of all your data. The export is processed entirely on-device and never uploaded to our servers.

Data Deletion Contact

Email: privacy@novocreation.online

Response time: within 30 days of identity verification

NovoCreation Online LLC — Made by Jerome A. Stevens

Terms of Service

Scope of Agreement

Eligibility and Account Responsibilities

License Grant and Ownership

AI Features and Disclaimers

Subscription and Payments

Acceptable Use

Integrations and Third-Party Services

Service Changes and Availability

Disclaimers and Limitation of Liability

Governing Law

Contact

Privacy Policy

Overview

Data Controller

Information We Collect

3a. Data You Provide — Stored On-Device

3b. Account and Authentication Data — Stored in Firebase

3c. Subscription Data — Handled by Google Play

3d. Third-Party Integration Data

3e. Diagnostic and Analytics Data

How We Use Your Information

Legal Bases for Processing (GDPR)

Sharing Information

Data Security

International Transfers

Your Privacy Rights

Children's Privacy

Policy Updates

Contact

Data Retention Policy

On-Device Data (Your Android Device)

Firebase Account Data (Cloud)

Transactional Email Data (Resend)

Subscription Data (Google Play)

Crash and Diagnostic Data (Firebase Crashlytics)

Backups

GDPR Compliance Notice

Data Minimization & Purpose Limitation

Lawful Bases for Processing

Special Category Data

International Data Transfers

Data Subject Rights

Privacy Governance

California Consumer Privacy Act (CCPA) Notice

Categories of Personal Information Collected (Past 12 Months)

Sensitive Personal Information

Purposes for Collection and Use

Sharing Personal Information

California Consumer Rights

Authorized Agents

End User License Agreement (EULA)

1. License Grant

2. Eligibility

3. Acceptable Use

4. AI and Crisis System Use

5. Intellectual Property

6. Third-Party Services

7. Privacy and Data

8. Termination

9. Updates

10. Disclaimer of Warranties

11. Limitation of Liability

12. Open-Source Model Attribution

13. Governing Law

14. Contact

Delete My Data

Option 1 — Delete Directly in the App (Recommended)

Option 2 — Delete via the Website

Option 3 — Email Request

What Gets Deleted

What Is Retained After Deletion