Privacy Policy
Effective Date: April 25, 2026
1. Introduction
Dear User, your stories matter to us and we treat them with the care and respect they deserve. Protecting your privacy is at the heart of everything we do.
This Privacy Policy explains how We collect, use, and protect your Personal Data when you use our Services, and is designed to ensure your rights and freedoms in accordance with the General Data Protection Regulation (GDPR) and other applicable legal standards.
This Policy applies to all Users who visit or interact with our Services. It covers all Personal Data you provide to Us directly, as well as Data We may collect automatically through your use of the Services. We encourage you to read it carefully so that you fully understand how your Personal Data is handled and what rights you have in relation to it.
By continuing to use the Services, you confirm that you have read and understood this Policy, that you have the legal capacity to do so, and that you give your Consent to the collection and Processing of your Personal Data as described herein. If you do not agree with these terms, please discontinue use of the Services immediately.
For questions, additional information, or complaints, please contact Us at legal@nemosa.app.
2. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:
“Privacy Policy” means this Privacy Policy, available at nemosa.app/privacy-policy, as amended from time to time (hereinafter — “Privacy Policy,” “Policy”).
“Company” means LLC “NEMOSA”, a legal entity operating the Services at nemosa.app, which acts as the Data Controller in respect of your Personal Data (hereinafter — “Company,” “We,” “Us,” “Our”).
“Services” means all features and functionalities offered through the Platform, including the nemosa.app website and the NEMOSA mobile application (available on iOS and Android), voice transcription, AI-powered autobiographical content generation, story-sharing, and printed book ordering (hereinafter — “Services,” “Platform,” “App,” “Features,” “Functionality”).
“User” means any individual aged 18 or over who accesses or uses the Services (hereinafter — “User,” “You,” “Your”).
“Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to name, email address, voice recordings, and personal narratives (hereinafter — “Personal Data,” “Data”).
“Processing” means any operation or set of operations performed on Personal Data, including collection, recording, storage, use, disclosure, transfer, or deletion (hereinafter — “Processing,” “Process,” “Processed”).
“Data Controller” means the entity that determines the purposes and means of Processing Personal Data — in this case, the Company (hereinafter — “Data Controller,” “Controller”).
“Data Processor” means any third party that Processes Personal Data on behalf of the Company (hereinafter — “Data Processor,” “Processor,” “Third Party”).
“Consent” means a freely given, specific, informed, and unambiguous indication of the User’s agreement to the Processing of their Personal Data (hereinafter — “Consent,” “Agreement”).
“AI-Generated Content” means stories, narratives, summaries, or other content produced by artificial intelligence based on input provided by the User (hereinafter — “AI-Generated Content,” “Generated Content,” “Content”).
“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter — “GDPR,” “Regulation”).
“Cookies” means small text files placed on your device by the Services to store information about your preferences and usage (hereinafter — “Cookies,” “Tracking Technologies”).
3. Personal Data We Collect
The table below sets out the categories of Personal Data We collect, how We collect it, and how long We retain it.
| Personal Data | How We Collect It | Retention |
|---|---|---|
| Full name | Provided by User during registration | Duration of account + 30 days |
| Email address | Provided by User during registration | Duration of account + 30 days |
| Photos | Uploaded by User | Until deleted by User |
| Social account data (name, email, profile photo) | Received from third-party provider (e.g. Google, Apple, Facebook) upon social login | Duration of account + 30 days |
| Delivery details (name, address, phone number) | Provided by User when ordering a printed book | Duration of order fulfilment + applicable legal period |
| Payment information (transaction ID, payment status) | Received from third-party payment processor (e.g. Stripe); full card details are never stored by Us | As required by applicable financial law |
| Voice / audio recordings | Recorded by User via the App and transmitted to a third-party transcription service; audio is not stored by Us after transcription | Not stored; deleted immediately after transcription |
| Device information (device type, OS, browser) | Collected automatically | Duration of account + 30 days |
| Usage data (features used, session duration, interactions) | Collected automatically via analytics tools | Anonymised after 90 days |
| Cookies and tracking data | Collected automatically via Cookies | As per Cookie Policy (nemosa.app/cookie-policy) |
4. How We Use Your Personal Data
We use the Personal Data We collect for the following purposes. Where relevant, We have indicated the legal basis on which each Processing activity is carried out.
To provide and operate the Services. We use your Personal Data to create and manage your account, deliver the core features of the App, generate AI-powered autobiographical content from your stories and voice recordings, and fulfil physical book orders where requested. (Legal basis: performance of a contract.)
To personalise your experience. We analyse your usage patterns and interactions with the Services to tailor content, recommendations, and features to your individual preferences, making your autobiographical journey more relevant and meaningful. (Legal basis: legitimate interests / consent.)
To communicate with you. We use your contact details to send transactional messages such as account confirmations, password resets, order updates, and other Service-related notifications that are necessary for the operation of your account. (Legal basis: performance of a contract.)
To send marketing communications. With your Consent, We may send you newsletters, product updates, and promotional materials about our Services. You may withdraw your Consent and opt out of marketing communications at any time by clicking the unsubscribe link in any such email or by updating your notification preferences in the App settings. (Legal basis: consent.)
To send push notifications and in-app messages. With your Consent, We may send you push notifications and in-app messages to inform you of new features, remind you to continue your stories, or share tips on getting the most from the Services. You may manage your push notification preferences at any time through your device settings or the App. (Legal basis: consent.)
To improve and develop our Services. We use aggregated and anonymised usage data to analyse how Users interact with the Services, identify areas for improvement, fix bugs, and develop new features. (Legal basis: legitimate interests.)
To ensure security and prevent fraud. We Process certain technical data to monitor for suspicious activity, protect the integrity of the Services, and safeguard Users against unauthorised access, fraud, and abuse. (Legal basis: legitimate interests / legal obligation.)
To comply with legal obligations. We may Process your Personal Data where necessary to comply with applicable laws, regulations, or enforceable governmental requests, including the laws of Ukraine and the European Union. (Legal basis: legal obligation.)
To fulfil orders. Where you order a printed physical book through the Services, We use your delivery details and payment information to process and fulfil your order and handle any related customer service queries. (Legal basis: performance of a contract.)
5. Data Retention
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, as described in this Policy, or for as long as required by applicable law. The specific retention periods for each category of Personal Data are set out in the table in Section 3 of this Policy.
When determining the appropriate retention period, We take into account the nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which We Process the Data, and whether those purposes can be achieved by other means.
Once the applicable retention period has expired, We will securely delete or anonymise your Personal Data. If full deletion is not immediately possible due to technical constraints such as backup systems, We will isolate the Data from further Processing until deletion can be completed.
You may request the deletion of your Personal Data at any time by contacting Us at legal@nemosa.app or by deleting your account through the Settings of the App. Please note that certain Data may be retained beyond the standard retention period where We are required to do so by law, or where retention is necessary for the establishment, exercise, or defence of legal claims.
6. Security of Your Personal Data
We adhere to generally accepted industry standards to protect your Personal Data both during transmission and after receipt. All Personal Data is stored in the Company’s dedicated databases used for Processing. Specifically, your Personal Data is stored in Amazon AWS cloud storage, on servers located in Stockholm, Sweden. We take all necessary measures to ensure that appropriate security safeguards are applied to your Data at all times.
Processing of Personal Data is carried out using computers and/or automated means, in accordance with procedures and methods that correspond to the purposes for which the Personal Data was collected.
We take the protection of your Personal Data very seriously and implement all commercially reasonable measures to prevent unauthorised access to your Personal Data, including Data collected in the course of your use of the Services. We strive to protect your Personal Data through a variety of means in order to preserve its confidentiality and integrity, prevent its unauthorised use or disclosure, and safeguard it against loss, misuse, alteration, and/or destruction.
Specifically, our security measures include:
- Encryption — all Personal Data is encrypted both in transit using TLS (Transport Layer Security) and at rest using industry-standard encryption protocols.
- Access controls — access to Personal Data is strictly limited to authorised personnel and contractors who require it to perform their duties, and is governed by role-based access policies.
- Security monitoring — we continuously monitor our systems for suspicious activity, vulnerabilities, and potential security incidents.
- Incident response — in the event of a Personal Data breach, We will take immediate steps to contain and remediate the incident, and will notify affected Users and relevant supervisory authorities in accordance with applicable law and within the timeframes required by the GDPR.
- Vendor security — all third-party service providers who Process Personal Data on Our behalf are required to maintain appropriate technical and organisational security measures as a condition of our agreements with them.
Privacy by Design. We consider privacy and data protection at every stage of developing new features and Services. Before introducing new Processing activities or significant changes to existing ones, We assess the potential privacy impact and implement appropriate safeguards from the outset.
Please note that no method of transmitting Data over the internet can guarantee 100% protection against information breaches. If you have reason to believe that your interaction with Us is no longer secure, please contact Us immediately at legal@nemosa.app.
7. Disclosure of Personal Data
We do not sell, rent, or share your Personal Data with unaffiliated third parties for their own marketing purposes. We may disclose your Personal Data only in the circumstances described below.
Personnel and Service Providers. We engage trusted employees, contractors, and third-party service providers to help Us operate and improve our Services. These may include cloud hosting providers, payment processors, transcription services, analytics platforms, email delivery services, and printing and shipping partners (for physical book orders). All such parties are permitted to use your Personal Data solely for the purpose of providing the specific service they perform on Our behalf, and are contractually required to maintain appropriate standards of confidentiality and security.
Analytics and Performance Monitoring. We may use third-party analytics and attribution services, including Google Analytics, Google Firebase, Amplitude, and AppsFlyer, to understand how Users interact with our Services, monitor performance, measure the effectiveness of our marketing campaigns, and improve functionality. These services may collect information such as device identifiers, usage patterns, session data, and approximate location. To learn how each provider Processes your Personal Data, please refer to their respective privacy policies:
- Google Analytics & Firebase: policies.google.com/privacy
- Amplitude: amplitude.com/privacy
- AppsFlyer: appsflyer.com/legal/privacy-policy
Content Visible to Other Users. Please note that certain information you include in your profile or stories may be visible to other Users of the Services, where you have chosen to share such Content. You are responsible for the Personal Data you choose to make visible to others through the Services.
Business Transfers. In the event of a merger, acquisition, reorganisation, or sale of assets, your Personal Data may be transferred to the acquiring entity. In such cases, We will notify you and ensure that your Personal Data remains subject to protections consistent with this Policy.
Legal Compliance and Public Safety. We reserve the right to disclose your Personal Data where required by applicable law, regulation, court order, or governmental authority, including the laws of Ukraine and the European Union. We may also disclose Personal Data where We reasonably believe it is necessary to protect the rights, property, or safety of the Company, our Users, or the public, or to assist in the investigation of criminal activity.
With Your Consent. We may share your Personal Data with third parties in any other circumstances where you have given Us your explicit Consent to do so.
No Sale and No AI Model Training. We do not sell or rent your Personal Data, nor do We share it with data brokers. We do not use your stories, voice recordings, photos, or any other Personal Data to train generalised AI or machine learning models for Our own benefit or for the benefit of third parties. Any service providers that Process Personal Data on Our behalf are contractually prohibited from using your Personal Data or Content to train their own generalised AI models, except to the strictly limited extent necessary to provide the services We have engaged them to perform.
8. Your Rights
We respect your right to control your Personal Data. Depending on your jurisdiction, you may have some or all of the rights described below. To exercise any of these rights, please contact Us at legal@nemosa.app. We will respond to your request within 30 calendar days.
Right of Access. You have the right to know whether We are Processing your Personal Data, and to request a copy of the Personal Data We hold about you, including information about the sources of collection, the purposes of Processing, and the third parties to whom your Data may have been disclosed.
Right to Rectification. You have the right to request that We correct any inaccurate or incomplete Personal Data We hold about you.
Right to Erasure (“Right to Be Forgotten”). You may request that We delete your Personal Data where there is no longer a legitimate reason for Us to Process it, where you have successfully objected to Processing, where your Data has been unlawfully Processed, or where deletion is required by applicable law. Please note that in certain circumstances We may be unable to fulfil an erasure request, for example where We are required to retain Data to comply with a legal obligation. We will inform you of any such reasons at the time of your request. We are unable to delete de-identified, anonymised, or aggregated data from our databases.
Right to Restriction of Processing. You may request that We temporarily limit the Processing of your Personal Data, for example while We are verifying the accuracy of your Data or considering an objection you have raised.
Right to Data Portability. You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to request that We transmit it directly to another data controller where technically feasible.
Right to Object. You have the right to object to the Processing of your Personal Data where such Processing is based on Our legitimate interests, including profiling. You also have the right to object at any time to the Processing of your Personal Data for direct marketing purposes, in which case We will cease such Processing immediately.
Right to Withdraw Consent. Where We rely on your Consent as the legal basis for Processing, you may withdraw that Consent at any time. Withdrawal of Consent will not affect the lawfulness of any Processing carried out prior to the withdrawal. Please note that withdrawing Consent may affect your ability to use certain features of the Services, and We will inform you of this at the time of withdrawal.
Right to Lodge a Complaint. If you believe that your Personal Data has been Processed in violation of applicable law, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. Users in Ukraine may contact the Ukrainian Parliament Commissioner for Human Rights. Users in the EEA may contact their national data protection authority, details of which are available at edpb.europa.eu. Users in the UK may contact the Information Commissioner’s Office at ico.org.uk.
Authorised Agents. You may authorise a representative to exercise your rights on your behalf. We may require verification of both your identity and your representative’s authority before Processing such a request.
Appeals. If you are not satisfied with Our response to your request, you may contact Us again setting out the reasons for your concern, and We will conduct a further review.
9. International Data Transfers
As a Ukrainian company using internationally operating service providers, your Personal Data may be transferred to and Processed in countries outside of Ukraine or the European Economic Area (EEA). Such transfers may occur in connection with cloud storage, analytics, attribution, payment processing, speech recognition and transcription, artificial intelligence content generation, and other operational services that We engage to operate and improve our Services.
We ensure that all such transfers are carried out in accordance with applicable data protection law. Where Personal Data is transferred outside of Ukraine or the EEA to a country that does not provide an equivalent level of data protection, We rely on one or more of the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy decisions issued by the European Commission in respect of the recipient country;
- Other legally recognised transfer mechanisms under the GDPR and applicable Ukrainian law.
You may request further information about the safeguards We have in place for international transfers by contacting Us at legal@nemosa.app.
10. Age Limitations
Our Services are designed for a general adult audience and are intended for use by individuals aged 18 or over only. We do not knowingly collect Personal Data from individuals under the age of 18, and We do not permit minors to create an Account or use the Services.
If you submit any Content that includes images or recordings of a child, you confirm that you have obtained the necessary Consent from that child’s parent or legal guardian to do so, and that such Content is shared solely for personal autobiographical purposes.
If We become aware that Personal Data has been collected from an individual under the age of 18, We will take immediate steps to delete such Data and suspend or terminate the associated Account. Parents or legal guardians who believe their child has registered or submitted Personal Data through our Services are welcome to contact Us at legal@nemosa.app.
11. Cookies and Tracking Technologies
We use Cookies and similar tracking technologies to operate and improve our Services. Cookies are small text files placed on your device when you visit a website or use an application. They allow the Services to recognise your device and store certain information about your preferences or past interactions.
We currently use analytics Cookies to understand how Users interact with our Services, measure performance, and identify areas for improvement. We also use essential Cookies that are necessary for the basic functioning of the Services, such as maintaining your session and remembering your login state.
You can control and manage Cookies through your browser settings or through the opt-out mechanisms provided by our third-party analytics providers. Please note that disabling essential Cookies may affect your ability to use certain features of the Services.
For full details on the Cookies and tracking technologies We use, including a complete list of Cookies, their purposes, durations, and instructions on how to manage your preferences, please refer to our Cookie Policy.
12. Third-Party Links and Services
Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by Us. This Policy applies solely to Personal Data collected and Processed by Us through our Services and does not extend to any third-party platforms.
We have no control over and accept no responsibility for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party platforms you visit or use before providing them with your Personal Data.
Third-party login providers. If you choose to register or log in using a third-party account such as Google or Apple, We will receive limited Personal Data from that provider as permitted by your settings with them. Your use of third-party login services is subject to the applicable third-party’s privacy policy, and We are not responsible for how such providers Process your Personal Data.
Third-party service providers operating under the hood. The operation of our Services involves the use of various third-party technology providers, including cloud infrastructure, speech recognition and transcription, artificial intelligence content generation, analytics, attribution, and payment processing services. While you may not interact with these providers directly, their Processing of your Personal Data is governed by the terms of our agreements with them and is subject to the safeguards described in the International Data Transfers section of this Policy.
No endorsement. Any links to third-party websites or services appearing within our Services do not constitute an endorsement or recommendation by Us. We are not responsible for the availability, accuracy, or content of such third-party platforms.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, the Services We offer, or applicable legal requirements. We will notify you of any material changes by posting the updated Policy on our website and within the App, and where appropriate, by sending you a notification via email or in-app message.
The updated Policy will display the revised effective date at the top of the document. We encourage you to review this Policy periodically to stay informed about how We protect your Personal Data.
Where changes are material and require your Consent under applicable law, We will seek your Consent before the changes take effect. Your continued use of the Services following notification of non-material changes constitutes your acceptance of the updated Policy. If you do not agree with the changes, you must discontinue use of the Services.
14. Legal Framework
This Policy is developed and operates in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Law of Ukraine “On Personal Data Protection” No. 2297-VI dated June 1, 2010, as well as other applicable regulatory acts and internationally recognised standards for the protection of Personal Data. In the event of any conflict between these frameworks, We apply the standard that affords the greater level of protection to your Personal Data.
15. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or the Processing of your Personal Data, please contact Us at legal@nemosa.app. We are committed to addressing your enquiry promptly and in any event within 30 calendar days of receipt.
If you are contacting Us to exercise any of your rights as described in the “Your Rights” section of this Policy, please include your full name and the email address associated with your account so that We can verify your identity and process your request efficiently.