Privacy Policy

Last updated: 21 June 2026

Nova ("we", "us", "the app") is operated by Shashank Tiwari, Delhi, India. This policy explains what personal information we collect when you use the Nova mobile app, why we collect it, who we share it with, and what controls you have. We aim for plain language; if anything is unclear, email support@nova.app.

1. Who this policy applies to

Anyone who installs, signs into, or interacts with the Nova Android app. Nova is intended for users 18 years and older. We do not knowingly collect data from anyone under 18 — if you believe a child has created an account, contact us and we will delete it.

2. What we collect

• Account info — your email address, display name, and (if you sign in with Google) profile photo. Collected when you create an account.
• Date of birth / age — collected during onboarding to enforce the 18+ requirement and gate adult-mode content.
• Chat content — the messages you send to characters and the AI-generated responses. Stored so your conversations persist across sessions and so the AI can maintain memory.
• Subscription / payment info — handled entirely by Google Play Billing and RevenueCat. We see your purchase status (active subscription tier, expiry) but not your card details.
• Device + diagnostic data — device model, OS version, crash reports, app version, IP address, and an anonymous device identifier. Used to diagnose bugs and prevent abuse.
• Advertising identifier — Android's Advertising ID, used by Google AdMob to serve reward ads when you opt to earn bonus messages.

3. Why we collect it

• To create and authenticate your account.
• To generate personalised AI responses based on your chat history and chosen character.
• To enforce the daily message quota and process subscriptions.
• To verify your age for adult-mode content.
• To diagnose crashes and improve the app.
• To serve reward ads (only when you choose to watch one).
• To detect and prevent abuse, fraud, or violations of our Terms.

4. Third parties we share with

We share the minimum data each service needs to do its job:

• Google Sign-In — verifies your Google identity when you sign in. We receive your email and name; we do not get access to anything else in your Google account.
• Google Gemini (AI provider) — receives the prompt for each chat turn (system prompt + character prompt + recent messages) and returns a response. Messages are sent over HTTPS and are not used by Google to train its models for accounts on the API.
• Google Play Billing / RevenueCat — handles subscription purchases and verification. We never see your payment method.
• Google AdMob — serves reward ads. AdMob may collect your Advertising ID and approximate location to personalise ads. You can reset or opt out of ad personalisation in your Android settings.
• Firebase Crashlytics / Analytics — receives crash reports and aggregated usage events. Reports include device model, OS version, and stack traces; they do not include chat content.
• Hosting infrastructure — our backend runs on a dedicated server we operate. Conversation data is stored in our own PostgreSQL database; it is not shared with any third party beyond the services above.

We do not sell your personal data, ever. We do not run a programmatic ad exchange that profiles you across apps.

5. How long we keep your data

• Account + chat history — kept while your account is active. Deleted within 30 days of you deleting your account.
• Crash reports — retained for 90 days by Firebase.
• Subscription records — retained for 7 years (Indian tax / consumer protection requirements).

6. Your rights

You can, at any time:

• Access the data we hold about you — email support@nova.app for an export.
• Delete your account — Profile → Settings → Delete Account inside the app. This triggers a permanent purge of your chats, profile, and subscription history (within 30 days).
• Correct profile information directly in the app.
• Withdraw consent for adult content (Profile → Content mode → Safe).
• Opt out of ad personalisation via your Android settings (Settings → Privacy → Ads → Delete advertising ID).

If you are an EU/EEA or UK resident, GDPR gives you the rights above plus the right to lodge a complaint with your local data-protection authority. If you are a California resident, CCPA gives you the right to know, delete, and opt out of "sale" (which we do not do).

7. Adult content

Nova includes a clearly-labelled Adult mode that is off by default. Switching to Adult mode requires confirming you are at least 18 years old. The characters and conversations in Adult mode are fictional AI-generated personas; no real individuals are depicted. Adult content is not shown anywhere in the app unless you have explicitly enabled Adult mode.

8. Security

All traffic between the app and our backend is encrypted with TLS 1.2+. Passwords are hashed with Argon2 (we never store plaintext). Access tokens use RSA-signed JWTs. We hold a copy of our signing keys offline. No system is perfectly secure — if you suspect your account has been compromised, change your Google password immediately and email us.

9. Children

Nova is for users 18 and older. We do not knowingly collect data from anyone under 18. If we learn that a child has created an account, we will delete the account and any associated data.

10. Changes to this policy

We may update this policy as the app evolves. Material changes (new categories of data collected, new third parties, expanded retention) will be announced in the app at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact

Questions about this policy or how we handle your data?
Email support@nova.app
Postal: Shashank Tiwari, Delhi, India