Privacy Policy
Effective date: April 26, 2026
1. Information We Collect
We collect only the information needed to provide and improve the Service. Most of it is information you give us directly when you sign in or plan a trip.
Account information
When you create an account using Sign in with Apple, we receive your email address and the name you choose to share. Apple may provide a private relay email address; we use whatever Apple returns. When you sign in via magic link, we collect the email address you provide so we can send you the sign-in link.
Content you create
- Trip details (name, destination cities, dates, color)
- Itinerary items, notes, and custom categories
- Expenses, splits, and currency preferences
- Receipt photos you upload
- Flight numbers and stay information you enter
- Invitations you send and members you add to a trip
Location and place data
When you search for cities or places, we use Apple MapKit to autocomplete and resolve them. We store the place identifiers, coordinates, and metadata you select for your trip. Nawa does not continuously track your device location in the background.
AI prompts and outputs
When you use AI features (suggestions, destination discovery, plan generation), we send the relevant trip context (such as destinations, dates, group preferences, and any text you submit) to our AI provider to generate a response. We store the resulting suggestions on your trip so your group can see them.
Subscription and purchase information
Subscriptions are processed by Apple via the App Store using StoreKit. We do not receive your payment card or full billing details. Apple shares with us a transaction receipt and entitlement status (e.g. Free, Pro, trial state, renewal date) so we can unlock the right features.
Device and technical information
- App version, iOS version, device model, and language
- Push notification token (if you enable notifications)
- IP address and basic request logs from our backend
- Crash and error diagnostics needed to keep the app working
Information from third-party services
When you add a flight by flight number, we query a third-party flight data provider to pre-fill flight details and (for Pro users) provide live status updates. When you browse events as part of trip planning, we may query an event data provider to show what's on near your destination.
2. How We Use Your Information
- Create and operate your account, trips, and group collaboration
- Generate AI suggestions, destination recommendations, and itinerary content
- Sync your trip in real time with the people you invite
- Provide flight tracking, Live Activities, and Apple Wallet passes for Pro users
- Send transactional and trip-related push notifications you opt into
- Process subscriptions and verify entitlement with Apple
- Diagnose crashes, prevent abuse, and secure the Service
- Comply with legal obligations
We do not sell your personal information. We do not use your trip content or AI prompts to train third-party AI models.
3. Legal Bases (EEA / UK Users)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:
- Performance of a contract — to provide the Service you requested (account, trips, subscription).
- Legitimate interests — to keep the Service secure, fix bugs, and improve quality.
- Consent — for push notifications and certain optional features. You can withdraw consent at any time.
- Legal obligation — where we must retain or disclose data to comply with the law.
4. How We Share Your Information
We share information only with the service providers needed to run Nawa, with people you choose to collaborate with, and where required by law.
People you invite to a trip
Anyone you invite as an Owner or Editor of a trip can see the trip name, destinations, dates, itinerary items, expenses, files, and member list for that trip. They can also see your display name and profile photo.
Service providers
- Apple Inc. — Sign in with Apple, App Store / StoreKit subscriptions, Apple Push Notification service, MapKit, PassKit (Wallet), ActivityKit (Live Activities).
- Supabase — backend hosting, authentication, database, and file storage for your trip data and uploads.
- Anthropic, PBC — large language model (Claude) invoked through our AI orchestration layer (Cycls) to generate suggestions and recommendations from the prompt context we send.
- Google Firebase Cloud Messaging — delivery of push notifications to your device.
- Vercel — hosting for getnawa.app and supporting web endpoints.
- Flight data and event data providers — used to look up flight schedules, status, and local events you choose to view.
Legal and safety
We may disclose information if we believe in good faith that it is required to comply with a law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Nawa, our users, or the public.
Business transfers
If Nawa is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
5. Data Retention
We keep your information for as long as your account is active. When you delete a trip, it enters a 30-day recovery window before it is permanently removed from our systems. When you delete your account, we delete or anonymize your personal information within a reasonable period, except where we are required to keep it for legal, tax, or security reasons.
6. Your Rights and Choices
You can, at any time:
- Access and edit your profile, trips, and preferences directly inside the app under Settings.
- Control notifications per type in Settings → Notifications, or globally in iOS Settings.
- Leave or delete a trip from the trip detail screen.
- Delete your account from Settings → Account, which removes your profile and the trips you own.
- Manage or cancel your subscription from your Apple ID subscription settings on your device.
Depending on where you live, you may also have the right to request a copy of the personal information we hold about you, to correct it, to restrict or object to certain processing, to withdraw consent, and to lodge a complaint with your local data protection authority. To exercise these rights, email us at nawaf.Alotaibi22@outlook.com.
7. California Residents (CCPA / CPRA)
California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and not to be discriminated against for exercising those rights. We do not sell or "share" personal information for cross-context behavioral advertising as those terms are defined under California law. To make a request, contact us at nawaf.Alotaibi22@outlook.com.
8. Children's Privacy
Nawa is not directed to children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
9. International Data Transfers
Your information may be processed in countries other than the one in which you live. Where required, we use appropriate safeguards (such as the Standard Contractual Clauses) for transfers of personal data from the EEA, UK, or Switzerland.
10. Security
We use industry-standard technical and organizational measures to protect your information, including encryption in transit (HTTPS), encryption at rest with our backend providers, and row-level security policies that limit who can access each trip's data. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top and, where appropriate, notify you in the app or by email. Continued use of the Service after the changes take effect means you accept the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your information, email us at nawaf.Alotaibi22@outlook.com.