Privacy Policy
Deutsche VersionLast updated: June 26, 2026
1. Controller
Nouwell GmbH
Kaiserstr. 67, 80801 Munich, Germany
Email: info@nouwell.com
Website: https://thisisville.com
2. Summary
ville helps you nurture personal relationships: people, circles, interactions, nudges, and insights.
What we cannot read: Your meaningful content—names, notes, journal entries, circle names, profile text, and photos—is encrypted on your device and stored in our cloud only as ciphertext. We cannot decrypt it.
What we can see: For login and operations we process your email address, account identifiers, nudge metadata (counts, dates, goal IDs—not journal text), push tokens, and timezone. ville is not a fully anonymous or zero-knowledge service.
3. Scope
This policy covers the ville iOS app (com.nouwell.ville), thisisville.com, cloud sync, authentication, and optional push notifications.
4. Data we process
Account & auth (Supabase Auth)
- Email address (passwordless OTP sign-in)
- Auth user ID (UUID)
- Session / refresh tokens
- Auth provider logs related to sign-in and OTP delivery
Your email is stored in Supabase Auth (auth.users), not in encrypted profile fields.
Encrypted content (E2EE)
Encrypted with AES-256-GCM using a device data encryption key (DEK):
- People, circles, interactions, profile name
- Avatar images (encrypted before upload)
In our database we store ciphertext and cipher_version; plaintext columns are null.
Recovery phrase (16 words)
- Generated on your device during setup
- Used to derive a key wrapping your DEK (PBKDF2-SHA256, 100,000 iterations)
- Never sent to our servers
- We cannot recover it for you
- If you lose it and cannot restore via iCloud Keychain on another device, encrypted cloud data may be permanently unrecoverable
We store only a wrapped DEK and salt in user_crypto.
Nudge metadata (server-readable)
To generate server-side nudges and optional push:
- Person facts: has avatar, interaction goal ID, birthday parts, circle/interaction counts, last interaction date
- Interaction facts: timestamp, whether a journal exists, participant person IDs (UUIDs only)
- User stats: counts, timezone, preferred nudge hours
- Push device token (APNs)
This metadata does not include names, notes, or journal text.
Optional features
- Contacts import: only contacts you select in the system picker
- Camera / photo library: for avatars
- Face ID / Touch ID: handled by iOS; we do not receive biometric data
- CSV export: plaintext on your device—you control where it goes
What we do not use
No advertising networks or third-party analytics SDKs are integrated at this time.
5. Purposes & legal bases (GDPR)
| Purpose | Legal basis |
|---|---|
| Provide the app, sync, account | Art. 6(1)(b) contract |
| E2EE & recovery | Art. 6(1)(b) |
| Email OTP | Art. 6(1)(b) |
| Nudges & push (if enabled) | Art. 6(1)(b); push also Art. 6(1)(a) consent via iOS |
| Contacts / camera / photos | Art. 6(1)(a) consent via iOS |
| Security & operations (logs) | Art. 6(1)(f) legitimate interests |
6. Processors
| Provider | Role |
|---|---|
| Supabase, Inc. | Database, auth, storage, edge functions |
| AWS (via Supabase) | Infrastructure |
| Apple | App Store, APNs, iCloud Keychain, iOS |
| Resend | OTP emails via Supabase SMTP |
We use Standard Contractual Clauses where required for transfers outside the EEA.
7. Retention
Data is kept until you delete your account (Settings), subject to backup cycles and legal obligations. Server logs are retained per provider defaults (90 days).
8. Your rights
Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent—contact info@nouwell.com.
Note: We cannot export plaintext for data we only hold encrypted.
You may lodge a complaint with your supervisory authority.
9. Security
Client-side encryption, TLS, row-level security, optional app lock. Store your recovery phrase safely.
10. Children
Not directed at children under 16. We do not knowingly collect children’s data.
11. Changes
We will post updates at https://thisisville.com/privacy.
See also our Terms of Service.