Privacy Policy

NLife App ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. By using NLife App, you agree to the practices described in this policy.

1. Who we are

NLife App is operated by Nudge Lifestyle (Julie Herhold Larsen), Ellavænget 22, 5270 Odense N, Denmark. Contact us at: info@nlifeapp.com

NLife App is registered as a data controller under applicable Danish and EU data protection legislation.

2. What NLife App is — and is not

NLife App is a wellness and lifestyle tracking tool designed for healthy adults. It is not a medical device and does not collect or process data for medical, clinical, or diagnostic purposes. Data logged in the app is used solely to support personal lifestyle habit awareness and general wellness nudges.

3. Data we collect

We collect two types of data:

• Personal data: email address, account password (encrypted with bcrypt), and information you provide in your profile — age, height, weight, gender, health conditions, and lifestyle habits (smoking, exercise, work type, etc.).
• Usage data: what you log in the app — meals, drinks, toilet visits, physical signs, sleep times, and custom registrations — along with timestamps. Images submitted for food scanning are processed via OpenAI's API and are not stored permanently by us.
• Consent record: a timestamped record confirming that you accepted these terms at account creation.

3a. Special category health data (GDPR Article 9)

Some data collected by NLife App constitutes special category data under Article 9 of the GDPR — specifically data relating to health, including: menstrual cycle and hormonal status, physical symptoms, sleep patterns, dietary habits, and any custom health-related entries you create.

We process this data on the basis of your explicit consent, which you provide at account creation. This data is used solely to personalise your experience and generate pattern insights within the app. It is never sold in identifiable form.

You may withdraw your consent at any time by deleting your account (Settings → Delete account). Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

4. Legal basis for processing (GDPR)

We process your personal data on the following legal bases:

• Contract performance: to provide the NLife App service you have signed up for
• Explicit consent (Article 9): for processing special category health data as described in section 3a above
• Consent: for optional data collection (e.g. food image analysis) and for sharing anonymised data with third parties
• Legitimate interest: to improve the app and prevent fraud
• Legal obligation: where required by applicable law

5. How we use your data

• To provide and personalise the NLife App service
• To generate pattern analysis and nudges based on your logs
• To generate PDF lifestyle reports at your request
• To send transactional emails (account confirmation, password reset)
• To improve the app based on aggregated, anonymised usage data
• To maintain a record of your consent to our Terms of Use and Privacy Policy

6. Sale of anonymised data

We may sell or share anonymised and aggregated usage data with third parties — for example, to organisations researching lifestyle patterns, consumer habits, or public health trends.

We will never sell or share data that can identify you personally. This means your name, email address, home address, phone number, and any other directly identifying information will never be sold, rented, or disclosed to third parties for commercial purposes.

Before any anonymised data is sold or shared, it is processed to remove or obfuscate all personal identifiers in accordance with applicable data protection legislation.

7. Data storage and international transfers

Your data is stored on servers located in the European Union (Hetzner, Germany). If you use NLife App from outside the EU, your data may be transferred to and processed in the EU in accordance with applicable data protection laws, including the GDPR.

We take appropriate technical and organisational measures to protect your data during any transfer, including encryption in transit (HTTPS/TLS).

8. Data retention

We retain your personal data for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, unless we are legally required to retain it for a longer period.

Anonymised, aggregated data may be retained indefinitely as it cannot be linked back to you.

Consent records are retained for a minimum of 5 years to comply with applicable legal requirements.

9. Your rights (GDPR)

As a user in the EU or EEA, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to access: request a copy of the personal data we hold about you
• Right to rectification: correct inaccurate data
• Right to erasure: request deletion of your personal data ("right to be forgotten"). You can delete all your data directly in the app under Settings → Delete all my data.
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to certain types of processing, including the sale of anonymised data
• Right to restrict processing: request that we limit how we use your data
• Right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@nlifeapp.com. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet): www.datatilsynet.dk.

9a. California residents — CCPA rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete: request deletion of your personal information (you can do this directly in the app under Settings → Delete all my data)
• Right to opt out of sale: we may share anonymised, aggregated data with third parties. If you do not want your data included, you can opt out in the app under Settings → Data sharing, or contact us at info@nlifeapp.com with the subject "CCPA opt-out request"
• Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA rights

To exercise your California rights, contact us at info@nlifeapp.com. We will respond within 45 days.

10. Cookies

Our website uses cookies. See our Cookie Policy for details. The NLife App itself does not use browser cookies — data is stored locally on your device via encrypted app storage.

11. Third-party services

NLife App uses the following third-party services which may process data on our behalf:

• OpenAI: for image recognition (food scanning). Images submitted for scanning are sent to OpenAI's API and processed according to OpenAI's Privacy Policy. We do not store food scan images on our servers.
• Google (sign-in): if you choose to sign in with Google, Google's privacy policy applies to that authentication process.
• Hetzner Online GmbH: our hosting provider. Servers are located in the EU. Hetzner processes data as a data processor on our behalf.

12. Business transfer

In the event that NLife App or the associated business is sold, merged, acquired, or otherwise transferred to a third party, your account data and usage history may be transferred to the new owner as part of that transaction. Any such transfer will be subject to applicable data protection legislation, including the GDPR.

You will be notified via the email address associated with your account before any such transfer takes effect. You will have the opportunity to delete your account if you do not wish your data to be transferred to a new owner. The new owner will be required to honour the privacy commitments described in this Policy or to obtain fresh consent from you.

13. Children

NLife App is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at info@nlifeapp.com and we will delete the data promptly.

14. Security

We take the security of your data seriously. Measures include: password hashing with bcrypt, HTTPS/TLS encryption for all data in transit, JWT-based session tokens, and access controls on our database. Despite these measures, no system is completely secure and we cannot guarantee absolute security.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of NLife App after changes constitutes acceptance of the updated policy. The date at the top of this page indicates when this policy was last revised.

16. Contact and data controller

Questions about this Privacy Policy or requests to exercise your rights? Contact us at:

Nudge Lifestyle (Julie Herhold Larsen)
Ellavænget 22, 5270 Odense N, Denmark
info@nlifeapp.com