Privacy Policy

1. Introduction

Nivi ("we," "our," or "us") operates the Nivi mobile application and the website at niviapps.com (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

Nivi is built so that your data is designed to be accessible only by you. Your personal vault data — assets, liabilities, responsibilities, memories, beneficiary details, and documents — is protected with advanced end-to-end encryption. We do not have access to read or decrypt your vault contents.

2. Information We Collect

2.1 Account Information

When you create an account, we collect and store:

• Email address — for login, account recovery, and transactional notifications
• Phone number — for SMS verification and two-factor authentication
• Password — securely hashed; we never store your password in readable form
• Device information — device model, operating system, and push notification token for delivering notifications
• Session data — authentication tokens and session metadata for keeping you logged in

2.2 Encrypted Vault Data

The following data is protected with advanced end-to-end encryption before being sent to our servers. We do not have the ability to decrypt or read this data:

• Space (vault) names and descriptions
• Asset details (bank accounts, insurance policies, property, crypto holdings, etc.)
• Liability details (loans, credit cards, mortgages, etc.)
• Responsibility details (bills, subscriptions, rent, etc.)
• Memory content (letters, journal entries, photo albums, video messages, milestones, voice notes)
• Beneficiary personal information (name, email, phone, address, government IDs, photos)
• Attached documents and photos (encrypted before upload to storage)

2.3 Security Credentials

Your vault password protects all your data. We never see or store your password. Encrypted security credentials are stored on our server to enable multi-device access, but they can only be unlocked by you. If you lose your password, we cannot recover your data — only your appointed custodians can help restore access.

2.4 Biometric Data

• Face Verification: When you or your beneficiaries register a face for verification, the photo is processed to generate a unique identity marker. The photo itself is not stored after processing. Only an anonymous identifier is retained for future matching.
• Device Biometrics: FaceID / TouchID authentication is handled entirely by your device. We never receive or store your biometric data.

2.5 Usage and Diagnostic Data

We collect minimal usage data:

• Last activity timestamp (for inactivity monitoring — a core feature you configure)
• Audit logs of security-relevant actions (login, password change, device registration)
• Error logs for diagnosing crashes (no personal data is included)

3. How We Use Your Information

• Provide the Service: Authenticate your identity, store your encrypted data, deliver push notifications, and facilitate the custodian voting and beneficiary handover processes.
• Security: Detect unauthorized access, enforce rate limits, and maintain audit trails.
• Communication: Send account verification codes, security alerts, check-in reminders, and custodian/beneficiary notifications via email, SMS, or push notification.
• Inactivity Monitoring: Track your last activity timestamp to trigger the custodian voting process when your configured inactivity threshold is exceeded.

4. Third-Party Services

We use the following third-party services to operate Nivi:

• Cloud Infrastructure Provider — Stores encrypted file attachments and provides identity verification services. Only encrypted data is stored; photos used for verification are processed transiently and not retained.
• Push Notification Service — Delivers push notifications to your device. No vault data is included in notifications.
• Email Service Provider — Sends transactional emails (verification codes, security alerts, reminders). Only your email address and notification content are shared.
• Messaging Service Provider — Sends messages for phone verification and two-factor authentication. Only your phone number and verification code are shared.

None of these services have access to your vault data, password, or security credentials.

5. Data Storage and Security

• Encryption at rest: All vault data is protected with advanced end-to-end encryption before it is stored on our servers. Your security credentials are stored securely on your device.
• Encryption in transit: All communication between the app and our servers is protected with industry-standard transport security.
• Custodian protection: Your vault can be protected by independent custodians. Custodians do not know who the other custodians are. A minimum number of custodians must cooperate to restore access.
• Server location: Our servers are hosted on secure cloud infrastructure.
• Access controls: Server access is restricted to essential personnel only. No employee can decrypt your vault data.

6. Data Retention

• Active accounts: Your data is retained as long as your account is active.
• Deleted accounts: When you delete your account, all associated data (encrypted vault data, account information, identity markers, attachments) is permanently deleted within 30 days.
• Audit logs: Security audit logs may be retained for up to 12 months after account deletion for fraud prevention and legal compliance.

7. Your Rights

You have the right to:

• Access your personal data — your vault data is always accessible through the app (since only you can decrypt it).
• Delete your account and all associated data through the app settings.
• Export your decrypted data from the app at any time.
• Withdraw consent for optional communications.
• Restrict processing — contact us to request limitations on how we process your account data.

8. Children's Privacy

Nivi is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Cookies and Tracking

The Nivi mobile app does not use cookies or third-party tracking pixels. The niviapps.com website uses no analytics or tracking scripts. We do not track your behavior across other websites or apps.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or by email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

• Email: support@niviapps.com