Privacy Policy

Last updated: 2026-05-03

1. Who we are

NooWoo is a privacy-first personal finance application developed and operated by Yair Goldenberg, an individual based in Israel ("we", "us", "our"). The contact for privacy matters is privacy@noowoo.app.

2. Scope

This Privacy Policy applies to the NooWoo mobile application ("App") for iOS and Android, and to the noowoo.app website ("Website"). It explains what information we collect (and do not collect), how we use it, and your rights.

3. What we collect — and what we do not

We do not operate any backend servers that store your personal or financial data. Specifically:

• We do not have a user account system. The App does not require sign-up, sign-in, or any registration. We do not know your email address, name, or identity.
• We do not see your financial data. All data you enter into the App (assets, liabilities, income, expenses, balances, categories) is stored only in a local database on your device. It is never transmitted to NooWoo's servers, because we have no servers.
• We do not collect analytics, telemetry, or usage data. The App does not include any analytics SDK, crash reporting service, or remote logging.

The limited information that does flow to third parties on our behalf is described in Section 12 (Third-Party Services).

4. How we use information

Because we do not collect personal information, this section is intentionally short. We do not profile users, build behavioral models, sell data, or serve advertising — we have no data to do so with.

The Website (noowoo.app) is served via Cloudflare Pages. Cloudflare's edge servers maintain access logs (including IP addresses) for security and abuse prevention; these logs are subject to Cloudflare's own privacy policy and we do not access or analyze them.

5. Sharing of information

We do not share, sell, rent, or disclose your personal or financial data to anyone, because we do not have it.

If we are ever compelled by valid legal process (such as a court order in Israel) to disclose information, we can only disclose what we have, which for App users is essentially nothing.

6. Data retention

• App data: retained on your device for as long as you keep the App installed. Uninstalling the App or using the App's "Reset App Data" function deletes the local database.
• Backups: if you create an encrypted backup using the App's backup feature, the backup file is written to your own cloud storage (e.g., your iCloud Drive or Google Drive folder) under your control. NooWoo does not retain a copy. Only you hold the passphrase to decrypt it.
• Website logs: Cloudflare retains edge access logs per Cloudflare's standard retention.

7. Your rights

Because we do not hold your personal data on our servers, the typical "right to access," "right to deletion," and "right to portability" requests under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar laws have no NooWoo-side data to act on.

To exercise rights against the data on your own device:

• Access / portability: use the App's Export function (Settings → Backup → Export) to obtain a copy of your data.
• Deletion: use Settings → Reset App Data, or uninstall the App.

If you have questions or believe we hold data we shouldn't, contact privacy@noowoo.app.

8. Children

The App is not directed at children under 13 years of age (or under 16 in jurisdictions where that age applies under GDPR). We do not knowingly collect personal information from children. If you believe a child has been provided data through any indirect means, contact privacy@noowoo.app.

9. Security

• On-device data is stored using your device's standard SQLite implementation, protected by your device's OS-level sandboxing and (optionally) by your device's biometric lock if you enable the App's biometric gate.
• Backups are encrypted on your device using AES-256-GCM with a key derived from your passphrase via a memory-hard key derivation function (Argon2). Backup files cannot be decrypted without the passphrase, which we do not see and cannot recover.
• Subscription transactions are processed by Apple (App Store) or Google (Google Play); we never see your payment details.

No system is perfectly secure. If you suspect a security issue, contact privacy@noowoo.app.

10. International transfers

Because we do not transfer your data internationally — we do not transfer your data anywhere; see Section 3 — this section is informational only. The Website is served from Cloudflare's global edge network; HTTP requests for the Website may be routed through Cloudflare points of presence outside Israel.

11. Cookies and tracking on the website

The noowoo.app website does not set cookies, does not use any analytics service, and does not embed any third-party tracking pixel.

12. Third-party services

Three third-party services may receive limited data when you use the App. Each has its own privacy policy.

• Apple App Store / Google Play Billing — process subscription purchases. They handle payment information; we receive only an anonymous transaction identifier and the product purchased.
• RevenueCat — manages subscription state across devices and handles receipt validation. RevenueCat may receive a pseudonymous user identifier (not your name or email) and the device model. RevenueCat's privacy policy: https://www.revenuecat.com/privacy
• Expo Updates — checks for App updates. Sends device OS version, App version, and approximate region (inferred from IP) to Expo's servers. Expo's privacy policy: https://expo.dev/privacy

13. Changes to this policy

We may update this Privacy Policy as the App evolves. The "Last updated" date at the top of this page shows when the most recent change was made. Material changes will be communicated through an in-App notice or a notice on the Website. Continued use of the App after a change indicates acceptance of the updated policy.

14. Contact

• General privacy questions: privacy@noowoo.app
• General support: support@noowoo.app