Legal

Privacy Policy

Last updated: July 2026  ·  Applies to: Nestward (iOS) — pre-release

The short version: Nestward keeps your family's life in your family's hands. MARS Studio runs no server and never sees your data — everything lives on your device and in your own Apple iCloud, shared only with the people you personally invite. The single exception: if you report a chat message or block someone, that report (and only that report) comes to us for moderation review (Section 2). No account to create, no email collected, no ads, no analytics, no trackers, no data brokers. Location is presence, not surveillance — you control it, it's always clearly indicated, and time-boxed shares expire on their own. Your document vault is end-to-end encrypted; its key never leaves your device.

1. Our Privacy Model — No Server

Nestward has no backend operated by MARS Studio. Your data is stored locally on your device (Apple's Core Data) and, so that you can coordinate with others, mirrored through your own Apple iCloud using Apple's CloudKit:

MARS Studio cannot read, access, or retain any of this data. There is no MARS Studio account, no MARS Studio login, and no MARS Studio database holding your information.

2. Information We Collect

With one narrow exception — the moderation reports described below — MARS Studio does not collect any personally identifiable information. Specifically:

Moderation reports (the one exception)

If you report a chat message or block a member, Nestward sends a moderation report to MARS Studio so we can act on it. The report contains: the reported message text, the display name of the member involved, anonymised Apple/iCloud user-record identifiers for the reporter and the reported member, and the circle's internal identifier. Reports are stored in the app's public CloudKit database (readable by MARS Studio, not by other users), are used solely to review the report — we act within 24 hours, removing offending content and, for repeated or serious offences, the responsible member — and are retained for up to 90 days before deletion. Reports are never used for advertising, profiling, or any other purpose, and are disclosed in the app before you send one.

3. Data You Create (on your device & in your iCloud)

The information you enter to coordinate with your group is stored on your device and synced through your iCloud to the members you invite. This can include:

This data is shared only with the members of the groups you create, through your iCloud, and is permanently removed when you delete it, leave or delete the group, or delete the app and clear its iCloud data.

4. Location Sharing — Presence, Not Tracking

Location sharing is entirely optional and designed around consent and transparency:

5. Notifications

Nestward uses local notifications for reminders, task nudges, arrival alerts, and check-in alerts — scheduled and posted on your device. Family-wide arrival alerts use Apple's CloudKit mechanism to wake a fellow member's device, which then posts the alert locally; no notification content passes through any MARS Studio server (we have none). Notifications are under your control in iOS Settings.

5a. Trip Weather (MET Norway)

When you open a trip that has a destination, Nestward shows a small weather summary for that destination. To fetch it, the app sends the destination's place coordinates only (e.g. the latitude/longitude of "Kyoto") to the Norwegian Meteorological Institute's public forecast service (api.met.no), credited in-app as "Weather data from MET Norway". No name, account, identifier, or device location is attached to the request — it is the same anonymous lookup anyone can make in a browser, governed by MET Norway's privacy policy. If the service is unreachable, the trip simply shows no forecast; nothing else is affected.

6. Children's Privacy

Nestward is designed for families and is operated under adult control. We take children's privacy seriously:

Family organisers are responsible for the participation of children in their group. If you believe a child has used the app without appropriate consent, contact nw-privacy@marsstudio.app.

7. The Encrypted Vault (End-to-End)

Logins, cards, and documents you store in Nestward's vault are encrypted on your device with a key that is held only in your device's iOS Keychain. The encrypted contents may sync through iCloud like other group data, but the key never leaves your device — so the synced ciphertext is undecryptable by other members and by MARS Studio. If you lose access to your device and your Keychain, vault contents cannot be recovered by anyone, including us — this is a deliberate privacy property, not a defect.

Sharing a vault item (optional). You may choose to share a specific vault item with specific family members. When you do, its secret is re-encrypted individually for each chosen member's device using end-to-end encryption — only their device can open it, and MARS Studio still cannot. Sharing is confirmed member-by-member with a one-time safety-number check, is limited to your family circle, and can be revoked at any time; after you revoke, new changes are hidden from that member. Nothing is shared until you explicitly choose it.

Subscription cost figures are not encrypted. If you mark a login as a paid subscription, the cost details you enter (amount, billing cadence, and renewal date) are stored as ordinary budget data — not inside the encrypted secret — so your Money tab can total them across the household. The linked login itself (username, password, 2FA) stays end-to-end encrypted as above. As with all Nestward data, these figures live only on your device and in your own iCloud; they are subject to the same per-item visibility controls and are hidden from children and teens.

8. Biometric Protection (Face ID / Touch ID)

Nestward offers optional Face ID / Touch ID / passcode gates for opening the app and for viewing financial information, handled entirely by Apple's on-device LocalAuthentication framework. The app does not collect, store, or transmit your biometric data — Face ID / Touch ID data never leaves Apple's Secure Enclave, and the app receives only a success or failure result. The app also shields its contents in the iOS app switcher.

9. Analytics & Crash Reporting

Nestward includes no third-party analytics or crash SDKs (no Firebase, Mixpanel, Amplitude, Sentry, Crashlytics, etc.). If you opt in to share analytics with Apple at the iOS level (iOS Settings > Privacy & Security > Analytics & Improvements), Apple may share aggregated, anonymised crash logs with us via App Store Connect — governed by Apple's privacy policy and independent of the app.

10. Advertising

Nestward contains no advertisements and uses no advertising identifiers (IDFA).

11. iCloud & CloudKit (Apple)

Because Nestward stores and syncs your data through your own iCloud, Apple's iCloud and CloudKit terms and privacy policy apply to that storage and transport: apple.com/legal/privacy. Both your private database and the shared (CKShare) zones are controlled by Apple IDs — yours and those of the members you invite.

12. European Users (GDPR), California Users (CCPA/CPRA) & Indian Users (DPDP)

Lawful basis & data location. All personal data you create in Nestward stays on your device and in your own iCloud (private and the shared zones you create). MARS Studio neither receives nor processes that data on any server, so there is no MARS Studio-side processing to assign an Art. 6 lawful basis to.

Your rights. European users have the right to access, rectify, erase, restrict, port, and object (GDPR Art. 15–22); California users have equivalent rights to know, delete, correct, and limit (CCPA/CPRA); Indian users have equivalent rights under the Digital Personal Data Protection Act 2023. Because your data lives only on your device and in your iCloud, you exercise the right to erasure directly — delete the data or the group in-app, and delete the app and clear its iCloud data. Questions: nw-privacy@marsstudio.app (we respond within 30 days).

We do not sell or share your personal information for cross-context behavioural advertising or any other purpose. There is no "Do Not Sell or Share My Personal Information" flow because none exists. MARS Studio is a small independent developer; the nature of our (non-)processing falls below the GDPR thresholds requiring a Data Protection Officer or EU representative (Art. 27, Art. 37).

13. Deleting Your Data

You are always in control:

14. Changes to This Policy

If we make material changes, we will update the "Last updated" date above and, where the change is material, surface a notice in the app. Continued use after changes constitutes acceptance of the updated policy.

15. Contact

Questions about this policy? Contact us at nw-privacy@marsstudio.app or write to MARS Studio, marsstudio.app.