Privacy Policy

Last updated: June 10, 2026

This privacy policy applies to the Nabo app for mobile devices and web browsers, together with any related services operated by Nabo (collectively, the "Application"). Nabo is hereby referred to as the "Service Provider".

Information collection Cookies & tracking Your rights California rights AI assistant Third-party access Google Limited Use International transfers Opt-out Retention Children Security Breach notification Changes Your consent Contact

Information Collection and Use

Using Nabo requires you to create an account and sign in. The content you create — notes, tasks, links, calendar events, reminders, and any images or attachments — is stored on your device and is synced to your private account whenever you are signed in and connected to the internet.

The Service Provider collects only the limited information needed to provide the Application:

Account information: your email address and the sign-in identifiers needed to create and secure your account.
Synced content: your workspace content, stored in your private account and kept in sync across your devices.
Push token (only if you enable reminders that arrive when the app is closed): a device push token used to deliver those notifications.
AI key (only if you enable the AI assistant): your own API key, stored securely on your device.

The Application does not collect your IP address, your operating system details, the pages you visit, the time you spend in the app, or any other usage-analytics or tracking data.

Cookies and tracking technologies

The Application does not use advertising cookies, pixels, SDKs for cross-site tracking, or behavioral analytics. The Nabo website stores only a small local preference (such as your light/dark theme) in your browser. You can clear or block this in your browser settings.

Your Rights

You may request access to, correction of, or deletion of your personal data held by the Service Provider. To exercise these rights, or to withdraw consent where processing is based on consent, contact the Service Provider at privacy@nabonote.com.

Your California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. The Service Provider does not sell or share your personal information. To exercise your CCPA/CPRA rights, contact the Service Provider at privacy@nabonote.com.

Artificial Intelligence

The Application offers an optional AI assistant that is turned off until you set it up. To use it, you provide your own API key from an AI provider you choose. Your AI requests and the content you ask about are sent directly from your device to your chosen provider using your key. These requests do not pass through the Service Provider, and the Service Provider does not receive, log, or store your prompts, your content, or the AI's responses. Those requests are governed by your chosen provider's own terms and privacy policy. The Service Provider does not train any AI model on your content.

The Service Provider may use your contact information only to send important service-related notices (such as security or account messages). The Service Provider does not send marketing communications and does not display advertising.

To provide certain features (such as account sync), the Application may ask you to provide personal information such as your email address. The information the Service Provider requests will be retained and used as described in this privacy policy.

Third Party Access

The Application relies on a small number of trusted third-party services to provide the features you choose to use, each under its own privacy policy:

Google — "Sign in with Google", optional Google Calendar sync, and, only if you choose it, your AI provider.
Firebase Cloud Messaging (Google) — to deliver push reminders when the app is closed.
Google Play Services.

The Service Provider does not sell your information and shares it only as necessary to provide these features, to comply with the law, or to protect rights and safety.

Limited Use of Google user data

Nabo's access to and use of information received from Google APIs (including Google Calendar data and the basic profile information from "Sign in with Google") adheres to the Google API Services User Data Policy, including its Limited Use requirements. Google user data is used only to provide and improve the features you turn on (such as two-way calendar sync); it is never sold, used for advertising, or used to train AI/ML models, and it is not transferred to others except as necessary to provide those features with your consent, for security or legal reasons, or as part of a merger or acquisition. Humans do not read this data unless you give explicit consent for a specific support issue, it is required for security or to comply with the law, or the data has been aggregated and anonymized.

International Data Transfers

The Service Provider or its third-party service providers may transfer personal data to countries outside your country of residence, including outside the European Economic Area (EEA). Where applicable law requires safeguards for international transfers, the Service Provider will use appropriate mechanisms:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions or other legally recognized transfer mechanisms
Your consent, where required and legally permitted

Data protection laws in other countries may differ from those in your jurisdiction. Where required by law, the Service Provider will apply appropriate safeguards and obtain any consent required for the transfer.

Please note that the Application utilizes third-party services that have their own Privacy Policy about handling data. Below are links to the Privacy Policies of the third-party service providers used by the Application:

The Service Provider may disclose User Provided and Automatically Collected Information:

as required by law, such as to comply with a subpoena, or similar legal process;
when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
with their trusted service providers who work on their behalf, do not have an independent use of the information disclosed to them, and have agreed to adhere to the rules set forth in this privacy statement.

Opt-Out Rights

You can stop further collection of information by signing out, disabling optional integrations (reminders, AI, Google Calendar), or uninstalling the Application. To request deletion of your personal data, to withdraw consent, or to exercise any of your rights, contact the Service Provider at privacy@nabonote.com.

Data Retention Policy

The Service Provider retains personal data only as needed for the stated purposes:

Content on your device: kept until you delete it or remove the app.
Account and synced data: kept while your account is active, so it stays available across your devices.
Deleted items: may be kept briefly so the deletion can sync to your other devices.
Data required for legal compliance: retained only as long as required by applicable law.

You may request deletion of your personal data, subject to any legal obligation to retain it. To delete your account or content, contact the Service Provider at privacy@nabonote.com. Please note that some User Provided Data may be required for the Application to function properly.

Children

The Application is not intended for children under 13 years of age, or such higher age as required by applicable law. The Service Provider does not knowingly solicit data from children or market the Application to them. In the event the Service Provider discovers that a child has provided personal information, the Service Provider will delete it. If you are a parent or guardian and you are aware that your child has provided personal information, please contact the Service Provider at privacy@nabonote.com.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. It applies reasonable safeguards, including per-user access rules for synced data, encrypted connections (HTTPS/TLS), and secure, operating-system-backed storage for sensitive items such as your AI key. No method of transmission or storage is ever 100% secure.

Data Breach Notification

If a data breach occurs that affects your personal data, the Service Provider will notify you in accordance with applicable legal requirements, including, where required, information about the nature of the breach and the steps being taken to address it.

Changes

The Service Provider may update this Privacy Policy from time to time. The Service Provider will notify you of material changes by posting the updated Privacy Policy with an effective date. Where required by law, the Service Provider will seek your consent to material changes before they take effect.

Where processing is based on consent, you provide that consent by affirmatively opting in to the relevant feature or action. You may withdraw consent at any time without affecting processing carried out before withdrawal. This privacy policy is effective as of June 10, 2026.

Contact Us

If you have any questions regarding privacy while using the Application, please contact the Service Provider via email at privacy@nabonote.com.