Privacy Policy

Last updated: April 6, 2026

Data controller

Nabbit is responsible for the processing of your personal data as described in this policy. You can reach us at support@getnabbit.app.

Overview

Nabbit is designed with privacy as its core principle. Your data belongs to you and stays on your device. We do not collect, store, or sell your personal information.

What data is stored

All items you save in Nabbit (addresses, phone numbers, WiFi passwords, dates, amounts, and custom categories) are stored locally on your iPhone using SQLite. This data never leaves your device unless you explicitly choose to share it.

• Saved items (text, type, source app, sender, tags)
• Custom categories (name, color)
• App preferences (onboarding status, Today tab opt-in)

Cloud services

Nabbit uses the Claude API (by Anthropic) for two optional features:

• Smart classification: When you manually add an item, the text is sent to Claude to detect its type (date, address, phone, etc.) and generate a short title. This is optional and only happens when you tap "Save" in the add sheet.
• Today tab: If you opt in, item metadata may be sent to Claude to determine what's relevant for today.

Before any text is sent to the API, Nabbit's sanitizer removes sensitive information including credit card numbers, personal identification numbers, and passwords. Raw text is never sent — only sanitized metadata when possible.

We do not store any data on external servers. Claude API processes requests in real-time and does not retain your data.

Legal basis for processing

Under the GDPR, we process your data on the following legal bases:

• Contract performance: Storing your items locally and providing search functionality — this is the core service you use the App for.
• Legitimate interest: Smart classification of items via the Claude API, to automatically detect the type of information you save.
• Consent: The Today tab feature, which you explicitly opt in to. You can withdraw consent at any time in Settings.

International data transfers

When you use features powered by third-party APIs, your data may be transferred to the United States:

• Anthropic (Claude API): Sanitized item metadata for classification and the Today tab.
• Google (Gemini Live API): Audio data for voice features (Pro/Pro+ plans).

These transfers are protected by the service providers' data processing agreements and EU Standard Contractual Clauses (SCCs). Only sanitized data is sent — never raw text containing sensitive information.

Voice features

If you use the Voice feature (Pro/Pro+ plans), audio is sent to Google's Gemini Live API for processing. Audio is processed in real-time and is not stored by Nabbit or retained by Google beyond the session.

Siri integration

Nabbit integrates with Siri Shortcuts to allow voice-activated search. Siri processes your voice command on-device. Nabbit only receives the search query text, not your audio.

Share Extension

When you share text to Nabbit from another app, the text is processed locally on your device to extract information. No data is sent to any external service during this process.

Data we do NOT collect

• We do not collect analytics or usage data
• We do not use tracking or advertising frameworks
• We do not create user accounts or profiles
• We do not access your contacts, photos, or other apps
• We do not sell or share your data with third parties

How to delete your data

You can delete individual items by swiping left on any item in the library. To delete all data at once, go to Settings > Data > Delete all data. This permanently removes all saved items and categories from your device.

Since no data is stored externally, deleting data from the app removes it completely.

Your rights under GDPR

If you are in the EU/EEA, you have the following rights regarding your personal data:

• Access: Request a copy of the data we process about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (you can also do this directly in the App).
• Restriction: Request that we limit how we process your data.
• Data portability: Request your data in a machine-readable format.
• Objection: Object to processing based on legitimate interest.

Since all your data is stored locally on your device, most of these rights are already in your hands. To exercise any of these rights, contact us at support@getnabbit.app.

You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY) — imy.se.

Children's privacy

Nabbit is not directed at children under 13, in accordance with the Swedish implementation of GDPR Article 8. We do not knowingly collect information from children.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

If you have questions about this privacy policy, contact Nabbit at support@getnabbit.app.