Privacy Policy

1. Introduction

NuiDiary ("we," "us," or "our") is a mobile application and related services operated by an independent developer based in Taiwan (Republic of China). NuiDiary provides a photo diary application designed for plushie enthusiasts, enabling users to create, store, and share diary entries featuring their plushies.

Some NuiDiary features can be used locally on your device without signing in. Account-based features such as cloud sync, friends, purchases, and account restoration require sign-in with Google or Apple.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the NuiDiary application and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account using Google Sign-In or Apple Sign-In, we collect:

• A unique user identifier provided by Google or Apple
• Your email address (if provided by your sign-in provider)
• Your display name (if you choose to set one)
• Authentication tokens necessary for secure access

2.2 Plushie Profiles

When you create plushie profiles within the app, we store:

• Plushie name
• Personality type and writing style preferences
• Custom personality descriptions (if provided)
• Owner nickname (how the plushie refers to you)
• Avatar and hero images you upload
• Birthday (optional)

2.3 Diary Entries

When you save diary entries to your account, we store:

• Photos you upload
• Diary text you write or save
• Mood emoji and mood description (optional)
• Location description (optional, text only — we do not collect GPS coordinates)
• Memory tags
• Entry date and metadata (favorites, sharing status)

2.4 Subscription Information

If you subscribe to our paid plan ("Bloom"), we receive:

• Subscription status and plan type
• Purchase and expiration dates
• Product identifier

We do not receive or store your payment card details, billing address, or other financial information. All payment processing is handled by Apple App Store or Google Play Store.

2.5 Device and Local Data

We collect or store limited device and local app data needed to operate the Service:

• Language/locale preference (to display the app in your preferred language)
• Reminder settings you choose on your device
• Guest plushie drafts, local-only diary entries, and cached images stored on your device
• Access and refresh tokens stored securely on your device when you sign in
• Locally stored app state and preferences needed for offline or guest use

We do not collect device identifiers (IDFA, GAID), hardware specifications, IP addresses for tracking purposes, or any advertising identifiers.

2.6 Usage Data

We track limited usage data necessary for service operation:

• Storage usage (to enforce plan storage limits)
• Temporary upload records, invite expiry records, and similar operational metadata needed to run the Service
• Feature usage counters where applicable to your app version and plan

We do not use third-party analytics services, behavioral tracking, or performance monitoring tools.

3. How We Use Your Information

We use your information for the following purposes:

• Provide the Service: Store and display your diary entries, plushie profiles, account information, and local guest-mode data needed for the app to function
• Automated Safety Review: Review cloud-uploaded diary photos to help detect prohibited or unsafe content before storage
• Social Features: Enable diary sharing, friend connections, and greetings with users you have accepted within the app
• Subscription Management: Verify your subscription status and apply appropriate plan limits
• Image Export: Generate formatted images from your diary entries for sharing on social media
• Notifications: Schedule local diary reminder notifications that you choose to enable on your device (you can disable these in your device settings at any time)
• Service Operation: Enforce usage limits, manage storage, and maintain service reliability and security
• Photo Library Access: Access your photo library when you choose to select images for diary entries or save exported images to your device

Legal Basis for Processing

We process your personal information on the following legal grounds:

• Contractual Necessity: Processing required to provide the Service you signed up for (account management, diary storage, social features, subscription management)
• Consent: Processing that relies on your explicit action, such as granting photo-library permissions or enabling local reminder notifications. You may withdraw consent at any time through your device settings or app settings where applicable
• Legitimate Interest: Processing necessary for service security, fraud prevention, and core service operations such as enforcing storage and usage limits
• Legal Obligation: Processing required to comply with applicable laws and regulations

4. AI-Assisted Diary Writing

If you choose to use AI-assisted diary writing, we may send the photos you select and any text or instructions you provide to OpenAI to generate draft diary text for you.

• This processing happens only when you choose an AI writing feature
• We send the selected photo content, your prompt details, and the technical access information needed to generate the draft
• We do not intentionally include your email address or display name as part of the AI writing request

Photos that remain only on your device in guest or local-only use are not sent to OpenAI. Uploading or syncing photos stores them in your account; they are sent to OpenAI only if you choose an AI writing feature.

5. Third-Party Services

We use the following third-party services to operate NuiDiary:

We do not use any advertising networks, third-party analytics services, crash reporting tools, or social media tracking pixels.

Our website (nuidiary.com) loads fonts from Google Fonts, which may collect your IP address when the fonts are delivered. Refer to Google's Privacy Policy for details.

6. Data Storage & Security

We take reasonable measures to protect your data:

• Account data and metadata are stored on Amazon Web Services (AWS); images are stored on Cloudflare R2 — both with encryption at rest
• All communications between your device and our servers use HTTPS/TLS encryption
• Authentication uses industry-standard JWT tokens with automatic token rotation
• Refresh tokens are securely hashed before storage
• Database backups are enabled with point-in-time recovery
• Access to production systems is restricted to authorized personnel only

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

If we become aware of a data breach affecting personal data, we will investigate, take reasonable mitigation steps, and notify affected users or authorities where required by applicable law.

7. Data Retention & Deletion

7.1 Active Accounts

Your account data is retained for as long as your account remains active. You can delete individual diary entries in the app. Plushie deletion may be unavailable while diary entries still reference that plushie.

Guest-mode and other local-only content remains on your device until you delete it, clear app data, or remove the app.

7.2 Account Deletion

You may request deletion of your entire account at any time through the app's settings. Upon requesting deletion:

A public account deletion request page is also available at nuidiary.com/delete-account.

• Your access to the app is disabled immediately after the deletion request is submitted
• Your account enters a 30-day grace period during which you can cancel the deletion and recover your data
• During the grace period, you may restore your account by signing in again with the same Google or Apple account and confirming restoration in the app
• After the 30-day period, your data is deleted from our active systems, including your diary entries and associated photos, plushie profiles and images, account information, friendship connections, shared diary access, and usage records
• Limited residual copies may remain for a short period in encrypted backups or service-provider recovery systems before deletion or overwrite
• Any active subscription must be cancelled separately through your App Store or Google Play account to avoid further billing

7.3 Automatic Data Expiration

Certain temporary data is automatically deleted:

• Daily usage records: deleted after 90 days
• Friend invitations: expire after 24 hours
• Temporary image uploads: cleaned up automatically

7.4 Subscription Expiration & Excess Data

If your paid subscription ("Bloom") expires or is not renewed, your account reverts to the free plan. Your existing content (diary entries, photos, plushie profiles) is preserved and remains accessible.

If your stored data exceeds the free plan storage limit at the time of downgrade, the excess data will be retained for a grace period of 90 days. Storage usage is calculated based on the size of images after processing (cropping, resizing, and compression), not the original file size.

Before the grace period ends, we will attempt to notify you through app push notifications, email, in-app notices, or other official communication channels. If your storage usage still exceeds the free plan limit after the grace period, we may delete excess image files (beginning with the oldest) to bring your account within the limit. Diary text, metadata, and tags are not affected.

For full details on notification methods and your responsibilities, please see the Subscriptions & Payments section of our Terms of Service.

7.5 Inactive Accounts

Accounts that remain inactive (no sign-in activity) for an extended period may be deleted, including all associated data (diary entries, photos, plushie profiles, and account information). Accounts with an active paid subscription are not subject to inactivity deletion. We will attempt to notify you at least 60 days before any such deletion. Signing in at any time resets the inactivity period.

For full details, please see the Account Termination section of our Terms of Service.

8. Data Sharing

8.1 With Other Users

If you use the Friends feature, accepted friends may see the diary entries you mark as "shared", as well as limited related account and social information needed for that feature to work. This may include your display name or email fallback, your plushie names and avatars, and greeting activity within the app. You control which diary entries are shared on a per-entry basis.

8.2 Exported Content

When you export diary entries as formatted images, those images are saved to your device. Any further sharing (e.g., posting to social media) is initiated by you and subject to the privacy policies of those platforms.

8.3 What We Do NOT Do

• We do not sell, rent, or trade your personal information to third parties
• We do not share your data with advertising networks
• We do not use your content for marketing purposes without your consent
• We do not provide your data to data brokers or similar entities

8.4 Legal Requirements

We may disclose your information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of NuiDiary, our users, or the public.

9. Your Rights

You have the following rights regarding your personal data:

• Access: View your personal data within the app at any time
• Correction: Edit or update your profile information, plushie details, and diary entries
• Deletion: Delete individual entries or your entire account
• Export: Export your diary entries as images through the app's export feature
• Withdraw Consent: Disable notifications, revoke device permissions, stop using cloud features, or delete your account at any time
• Data Portability: Request a copy of your data by contacting us
• Lodge a Complaint: File a complaint with a data protection supervisory authority in your jurisdiction

To exercise any of these rights, you can use the in-app settings or contact us at the email address provided below.

10. Children's Privacy

NuiDiary is rated 4+ on the App Store and is designed to be suitable for all ages. The app does not contain objectionable content, and its core functionality (photo diary) does not require personal information beyond what is described in this policy.

We do not knowingly collect personal information from children under the age of 13 (or the applicable age of consent in your jurisdiction) without parental consent. If you believe a child has provided us with personal information without appropriate consent, please contact us and we will take steps to delete such information.

11. International Data Transfers

NuiDiary is operated from Taiwan and uses cloud infrastructure (AWS, Cloudflare) that may process and store data in various regions. Your data may also be processed by service providers located outside your country, including providers in the United States. By using the Service, you acknowledge that your data may be transferred to and processed in countries other than your country of residence, which may have different data protection laws.

We ensure that any such transfers are conducted with appropriate safeguards in place, including encryption in transit and at rest, and contractual commitments from our service providers regarding data protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• May notify you through the app, this website, or email where appropriate

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected]