📄 Legal

Privacy Policy

nodeApp is built to forget. This document explains what that means in practice.

Effective: April 26, 2026

The short version: We collect the minimum data needed to run a private group, store it only while the group is active, and hard-delete it 24 hours after the group expires. We do not sell, share, or analyze your data for advertising. There is no archive.

1.Who we are

"nodeApp" (the "App", "we", "our", "us") is owned and operated by Sulieman Vidal. Contact us at hello@nodeapp.us.

2.Information we collect

Account information. When you sign up, we collect:

Email address (required) and password (hashed)
Date of birth, used solely to confirm you are 18 or older
Optional username and display name

Group content. While a group is active, we store:

Group name, HQ location (one address), event dates, and lifecycle settings
Tasks you create or are assigned, including titles, locations, time windows, and assignee lists
Messages and images posted to group chat or per-task threads
Invite tokens, including expiration time, max uses, and optional passcode hash

Location. The App requests location access only with the "While Using the App" permission. Your live location is shared with your group only after you tap "Arrived at HQ" and toggle live location on. The App does not collect location while it is closed.

Device data. Anonymous crash reports and device model identifiers (e.g., "iPhone 14") to diagnose technical issues. No advertising identifiers (IDFA) are collected.

3.How we use information

To run your group. Tasks, chat, location-sharing, and lifecycle countdown are powered directly by the data above.
To enforce age and group rules. The 18+ requirement and single-active-group rule are checked using your account data.
To keep service running. Crash reports help us fix bugs.

We do not use your data for advertising, profiling, or training machine-learning models.

4.Data retention & deletion

Hard delete is the default. When a group's lifecycle ends, all group content is set to read-only. Twenty-four hours later, every photo, message, task, and recorded location is removed at the database level. There is no archive, no legal hold, no recovery process.

Group expiry: read-only at T=0, hard delete at T+24h
Manual delete: 1-hour grace period with countdown, then hard delete
Account deletion: requestable any time via hello@nodeapp.us; account and any orphaned content removed within 7 days

5.Sharing & disclosure

We do not sell, rent, or trade your personal data. Your group content is visible only to members of that specific group, governed by their role (Leader vs. Follower).

We may disclose data only when legally compelled by a valid court order or subpoena. Even then, we will challenge overbroad requests and notify you where legally permitted.

6.Your rights

Access. Email hello@nodeapp.us to request a copy of your account data.
Correction. Edit your profile inside the App, or email us.
Deletion. Delete your account from inside the App or email us.
Withdraw consent. Revoke location permission in iOS Settings any time.

If you reside in California (CCPA) or the EU/UK (GDPR), you have additional rights including the right to portability and the right to lodge a complaint with a regulator.

7.Children's privacy

nodeApp is intended for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, contact hello@nodeapp.us and we will delete it.

8.Security

We use TLS 1.2+ for all data in transit and AES-256 for data at rest. Passwords are hashed with bcrypt. No security system is perfect; you use the App at your own risk.

9.Changes to this policy

If we materially change this policy, we will notify you in-app and update the effective date above. Continued use of the App after a change constitutes acceptance of the updated policy.

10.Contact

Questions, requests, or concerns: hello@nodeapp.us