Privacy Policy
Last updated: July 2026 · Applies to: Nestward (iOS) — pre-release
1. Our Privacy Model — No Server
Nestward has no backend operated by MARS Studio. Your data is stored locally on your device (Apple's Core Data) and, so that you can coordinate with others, mirrored through your own Apple iCloud using Apple's CloudKit:
- Your private data lives in your personal iCloud database, scoped to the app.
- When you invite people to a group, that group's data is shared through Apple's CKShare into a shared iCloud zone that only invited members can access.
MARS Studio cannot read, access, or retain any of this data. There is no MARS Studio account, no MARS Studio login, and no MARS Studio database holding your information.
2. Information We Collect
With one narrow exception — the moderation reports described below — MARS Studio does not collect any personally identifiable information. Specifically:
- No account registration — your identity is simply your Apple ID, handled by Apple's iCloud.
- No name, email, phone number, or contacts are collected by us.
- No analytics, telemetry, or third-party tracking SDKs are included in the app.
- No advertising identifiers (IDFA) are collected.
- No device identifiers, push tokens, or fingerprints are collected by us.
Moderation reports (the one exception)
If you report a chat message or block a member, Nestward sends a moderation report to MARS Studio so we can act on it. The report contains: the reported message text, the display name of the member involved, anonymised Apple/iCloud user-record identifiers for the reporter and the reported member, and the circle's internal identifier. Reports are stored in the app's public CloudKit database (readable by MARS Studio, not by other users), are used solely to review the report — we act within 24 hours, removing offending content and, for repeated or serious offences, the responsible member — and are retained for up to 90 days before deletion. Reports are never used for advertising, profiling, or any other purpose, and are disclosed in the app before you send one.
3. Data You Create (on your device & in your iCloud)
The information you enter to coordinate with your group is stored on your device and synced through your iCloud to the members you invite. This can include:
- Groups & members — the family or friends group you create and the people in it.
- Tasks & calendar — to-dos, assignments, and events you add.
- Money — bills, budgets, allowances, and shared expenses you record (organisational only).
- Places & travel — saved places, trips, itineraries, and packing lists.
- Location sessions — only while you are actively sharing (see Section 4).
- Group chat & activity — text messages and the "who did what" activity feed.
- Wellness check-ins — an optional elder-care "I'm OK" status (current state only; see Section 6).
- Vault items — logins, cards, and documents you store, which are end-to-end encrypted and can be optionally shared with chosen family members (see Section 7). Subscription cost figures you attach to a login are stored as ordinary budget data, not encrypted, so your Money tab can total them.
This data is shared only with the members of the groups you create, through your iCloud, and is permanently removed when you delete it, leave or delete the group, or delete the app and clear its iCloud data.
4. Location Sharing — Presence, Not Tracking
Location sharing is entirely optional and designed around consent and transparency:
- You choose when to share, and with which group. Family sharing is ongoing presence; Friends sharing is time-boxed and expires automatically.
- A clear sharing indicator is visible whenever your location is being shared.
- You can pause or stop sharing at any time. While paused, your position is not shared — your circle sees only that you paused (and, for teens, the short mood note you chose), never a location. A teen pauses with a mood note rather than being silently tracked.
- Your location is shared only with members of your group, through your iCloud — it is never sent to MARS Studio or any third party.
5. Notifications
Nestward uses local notifications for reminders, task nudges, arrival alerts, and check-in alerts — scheduled and posted on your device. Family-wide arrival alerts use Apple's CloudKit mechanism to wake a fellow member's device, which then posts the alert locally; no notification content passes through any MARS Studio server (we have none). Notifications are under your control in iOS Settings.
5a. Trip Weather (MET Norway)
When you open a trip that has a destination, Nestward shows a small weather summary for that destination. To fetch it, the app sends the destination's place coordinates only (e.g. the latitude/longitude of "Kyoto") to the Norwegian Meteorological Institute's public forecast service (api.met.no), credited in-app as "Weather data from MET Norway". No name, account, identifier, or device location is attached to the request — it is the same anonymous lookup anyone can make in a browser, governed by MET Norway's privacy policy. If the service is unreachable, the trip simply shows no forecast; nothing else is affected.
6. Children's Privacy
Nestward is designed for families and is operated under adult control. We take children's privacy seriously:
- A child profile cannot broadcast location until a parent or guardian provides verifiable parental consent on the device.
- We do not collect any information from children (or anyone) — there is no MARS Studio server.
- There is no behavioural profiling of any member, child or adult.
- The elder-care wellness check-in records only a current "I'm OK" status; it is never historised, scored, or used to profile anyone.
Family organisers are responsible for the participation of children in their group. If you believe a child has used the app without appropriate consent, contact nw-privacy@marsstudio.app.
7. The Encrypted Vault (End-to-End)
Logins, cards, and documents you store in Nestward's vault are encrypted on your device with a key that is held only in your device's iOS Keychain. The encrypted contents may sync through iCloud like other group data, but the key never leaves your device — so the synced ciphertext is undecryptable by other members and by MARS Studio. If you lose access to your device and your Keychain, vault contents cannot be recovered by anyone, including us — this is a deliberate privacy property, not a defect.
Sharing a vault item (optional). You may choose to share a specific vault item with specific family members. When you do, its secret is re-encrypted individually for each chosen member's device using end-to-end encryption — only their device can open it, and MARS Studio still cannot. Sharing is confirmed member-by-member with a one-time safety-number check, is limited to your family circle, and can be revoked at any time; after you revoke, new changes are hidden from that member. Nothing is shared until you explicitly choose it.
Subscription cost figures are not encrypted. If you mark a login as a paid subscription, the cost details you enter (amount, billing cadence, and renewal date) are stored as ordinary budget data — not inside the encrypted secret — so your Money tab can total them across the household. The linked login itself (username, password, 2FA) stays end-to-end encrypted as above. As with all Nestward data, these figures live only on your device and in your own iCloud; they are subject to the same per-item visibility controls and are hidden from children and teens.
8. Biometric Protection (Face ID / Touch ID)
Nestward offers optional Face ID / Touch ID / passcode gates for opening the app and for viewing financial information, handled entirely by Apple's on-device LocalAuthentication framework. The app does not collect, store, or transmit your biometric data — Face ID / Touch ID data never leaves Apple's Secure Enclave, and the app receives only a success or failure result. The app also shields its contents in the iOS app switcher.
9. Analytics & Crash Reporting
Nestward includes no third-party analytics or crash SDKs (no Firebase, Mixpanel, Amplitude, Sentry, Crashlytics, etc.). If you opt in to share analytics with Apple at the iOS level (iOS Settings > Privacy & Security > Analytics & Improvements), Apple may share aggregated, anonymised crash logs with us via App Store Connect — governed by Apple's privacy policy and independent of the app.
10. Advertising
Nestward contains no advertisements and uses no advertising identifiers (IDFA).
11. iCloud & CloudKit (Apple)
Because Nestward stores and syncs your data through your own iCloud, Apple's iCloud and CloudKit terms and privacy policy apply to that storage and transport: apple.com/legal/privacy. Both your private database and the shared (CKShare) zones are controlled by Apple IDs — yours and those of the members you invite.
12. European Users (GDPR), California Users (CCPA/CPRA) & Indian Users (DPDP)
Lawful basis & data location. All personal data you create in Nestward stays on your device and in your own iCloud (private and the shared zones you create). MARS Studio neither receives nor processes that data on any server, so there is no MARS Studio-side processing to assign an Art. 6 lawful basis to.
Your rights. European users have the right to access, rectify, erase, restrict, port, and object (GDPR Art. 15–22); California users have equivalent rights to know, delete, correct, and limit (CCPA/CPRA); Indian users have equivalent rights under the Digital Personal Data Protection Act 2023. Because your data lives only on your device and in your iCloud, you exercise the right to erasure directly — delete the data or the group in-app, and delete the app and clear its iCloud data. Questions: nw-privacy@marsstudio.app (we respond within 30 days).
We do not sell or share your personal information for cross-context behavioural advertising or any other purpose. There is no "Do Not Sell or Share My Personal Information" flow because none exists. MARS Studio is a small independent developer; the nature of our (non-)processing falls below the GDPR thresholds requiring a Data Protection Officer or EU representative (Art. 27, Art. 37).
13. Deleting Your Data
You are always in control:
- Delete individual items, leave a group, or delete a group in-app. Deleting a group you own also stops its iCloud share so former members lose access.
- Deleting the app and clearing its iCloud data (iOS Settings > [your name] > iCloud > Manage Account Storage) removes your copy entirely.
- Two things survive in-app deletion: moderation reports already sent to us (deleted on their own 90-day schedule; email nw-privacy@marsstudio.app for earlier erasure) and history entries attributed to you inside circles organised by others (their copy, in their iCloud).
14. Changes to This Policy
If we make material changes, we will update the "Last updated" date above and, where the change is material, surface a notice in the app. Continued use after changes constitutes acceptance of the updated policy.
15. Contact
Questions about this policy? Contact us at nw-privacy@marsstudio.app or write to MARS Studio, marsstudio.app.