Get Started

Privacy Policy

Last updated: December 8, 2025 • Nanornia AB (Nanornia AB, Sävar, Sweden)

This Privacy Policy explains how Nid, operated by Nanornia AB ("we", "us", or "our"), collects, uses, and protects personal data when you use the Nid mobile app, desktop app, or website. By using Nid you accept the practices described below.

1. Who we are

Nanornia AB ("Nanornia", "we", "us"), registered in Sweden, Sävar, operates Nid. Nanornia AB is the data controller for personal data processed through Nid, except where an organization uses Nid and acts as the data controller for its workspace data. Our hosting infrastructure and backend are provided by Appwrite, which acts as a data processor on our behalf.

2. Information we collect

We collect the information necessary to provide and improve Nid. This includes:

  • Account & identity: name, email, authentication IDs (Apple, Google, Facebook), optional profile photo.
  • Team & workspace data: organization and team membership, invitations, and contacts you import to invite teammates.
  • Content data: inventory items, lists, categories, recipes (Kitchen module), uploaded files and images, and team messages. Team messages are stored on our servers and are not end-to-end encrypted.
  • Billing & payments: we record payment history and invoices. Payment details (credit cards) are handled by third parties (Stripe and RevenueCat); we do not store card numbers.
  • Device & usage: device type, OS version, basic app usage metrics, and diagnostic/error logs for security and quality improvements.

We do not collect geolocation information. We do not currently process or store prompts or outputs from AI features.

3. How we use your data

We use personal data to:

  • Provide and operate Nid (syncing inventories and lists, managing teams, storing files and messages).
  • Process payments and subscriptions through Stripe and RevenueCat and provide invoices.
  • Authenticate users, maintain security, and detect fraud or abuse.
  • Improve and develop features (aggregated analytics; analytics integrations are planned but not finalized).
  • Send transactional and service emails (invitations, receipts, workspace notifications).

4. Legal bases for processing

Under applicable data protection laws (including the GDPR), we rely on:

  • Contractual necessity: to provide the service you signed up for.
  • Legitimate interests: to secure and improve our services.
  • Legal obligations: to comply with tax and accounting laws.
  • Consent: for optional features such as profile photos and contact imports.

5. How we share data

We only share data with third parties when necessary to run Nid. Key categories include:

  • Hosting: Appwrite (backend, storage, authentication).
  • Payments & subscriptions: Stripe and RevenueCat.
  • Transactional email: external providers to deliver receipts and system emails.

All vendors act under data processing agreements and process data only on our instruction. We do not sell personal data or share it with advertisers.

6. International transfers & storage

Your data is stored on Appwrite-managed infrastructure. If data is transferred outside the EU/EEA, we employ appropriate safeguards such as Standard Contractual Clauses or other GDPR-compliant measures.

7. Retention of data

We retain personal data only as long as necessary:

  • Accounts inactive and without an active subscription may be deleted after 2 months.
  • Billing and tax records are retained in accordance with Swedish legal requirements.
  • Workspace content (messages, files, lists) is retained while the workspace exists unless deleted by users or admins.

8. Security

We implement reasonable technical and organizational measures, including encrypted transport (HTTPS/TLS), access controls, secure hosting via Appwrite and vendor security requirements. While we strive to protect data, no system is completely invulnerable.

9. Children

We do not set a minimum age for Nid. By using the service you represent that you have the legal right to do so. If we learn that we have collected personal data from a minor who cannot legally consent, we will promptly delete that data.

10. Your choices & rights

If you are in the EU/EEA you have rights including access, correction, deletion, portability, restriction, and objection. You may also withdraw consent where processing is based on consent. To exercise these rights, contact us (see below). We may ask for information to verify your identity before fulfilling requests.

11. Contact

Questions or requests about this policy or your data: privacy@getnid.com

12. Changes to this policy

We may update this policy from time to time. Material changes will be posted here and reflected by the "Last updated" date at the top.