Privacy Policy

Last updated: May 2, 2026

Nowadays ("we", "our", or "the app") is built with privacy as a core principle. This policy explains what data the app accesses and how it is used.

Data We Access

Nowadays requests access to the following on-device data:

• Calendar Events (via Apple EventKit and optionally Google Calendar API) — event titles, dates, times, locations, and calendar names. Used to build your on-device knowledge graph.
• Photo Library — creation dates and GPS metadata are read to match photos to calendar events. Photos are analysed on-device using Apple Vision framework. Photos are never uploaded.
• Location (When In Use) — optionally, to show place names for photos taken nearby.

Data Storage

Calendar and photo data is processed entirely on your device by default. Photos, raw note bodies, attendee names, and full street addresses are not transmitted to any server we operate. AI features are off by default; if you explicitly enable the optional beta AI feature during onboarding or in Settings → AI, structured event metadata (event titles, times, venue names, project codes) is sent to a server we operate that forwards to Anthropic's Claude API — see the "AI Features" section below for the exact list of fields and the bring-your-own-key alternative that keeps AI fully on-device.

The following data is stored exclusively on your iPhone:

• All calendar events (from Apple Calendar and Google Calendar)
• All photos and photo metadata
• The knowledge graph (projects, venues, observations)
• Your notes and file attachments
• Location name lookups (reverse geocoding) are performed using Apple's on-device CoreLocation framework.
• Your Anthropic API key and Google OAuth tokens, if provided, are stored securely in your device's Keychain and are never transmitted to us.

Data Protection

Sensitive data handled by Nowadays — including Google Calendar OAuth tokens, your optional Anthropic API key, and the on-device knowledge graph derived from your calendar — is protected by the following mechanisms:

• Encryption at rest. The local knowledge graph (Core Data) is stored on your device with iOS Data Protection (NSFileProtectionComplete), which encrypts the underlying files with a key derived from your device passcode. The data is inaccessible while the device is locked.
• Secure credential storage. Google OAuth tokens (access and refresh) and the Anthropic API key, if you provide one, are stored in the iOS Keychain with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly attribute. They are available only while the device is unlocked, are never included in iCloud or iTunes backups, and cannot be migrated to another device.
• Encryption in transit. Every network request the app makes — to accounts.google.com, oauth2.googleapis.com, www.googleapis.com, nowadays.newofficeworks.com (for the beta feature flag), our Cloudflare Worker (*.workers.dev, only if the beta AI feature is enabled), and (only if you have provided your own Anthropic API key) api.anthropic.com — uses HTTPS with TLS 1.2 or higher, enforced by iOS App Transport Security. The app contains no ATS exceptions.
• OAuth 2.0 with PKCE. Google sign-in uses the OAuth 2.0 Authorization Code flow with Proof Key for Code Exchange (PKCE, S256), which protects the authorization code from interception. The app never sees your Google password.
• Least-privilege scope. Only the read-only https://www.googleapis.com/auth/calendar.readonly scope is requested. The app has no ability to create, modify, or delete events.
• Server-side revocation on disconnect. Tapping Disconnect Google Calendar in Settings sends the refresh token to Google's revocation endpoint (https://oauth2.googleapis.com/revoke) before clearing local credentials, so the grant is revoked at Google's servers, not just on the device.
• No third-party SDKs. The app contains no analytics, advertising, attribution, or crash-reporting SDKs. The only network services the app contacts are the Google APIs (described above), Anthropic's Claude API (only if the beta AI feature is enabled or you have provided your own Anthropic API key), and Cloudflare's Workers infrastructure (only if the beta AI feature is enabled — Cloudflare hosts the proxy that forwards requests to Anthropic).
• Complete deletion on uninstall. Deleting the Nowadays app removes the Core Data store, all cached events and photo metadata, and all Keychain entries scoped to the app's bundle identifier (com.newofficeworks.Nowadays). If you used the beta AI feature, the proxy server retains a per-device App Attest hash and anonymous usage counters (call counts, token totals, timestamps); these auto-expire after 60 days of inactivity and contain no calendar content, photos, attendee data, or other personal information.
• Incident notification. If we become aware of a security incident affecting user data handled by Nowadays, we will notify affected users at the contact address below and via the App Store update notes.

Google Calendar (Optional)

If you connect your Google account, Nowadays requests read-only access to your Google Calendar data:

• We request only the calendar.readonly scope — we cannot modify, delete, or share your Google Calendar data.
• Authentication uses OAuth 2.0 with PKCE — Nowadays never sees your Google password.
• Events fetched from Google Calendar are stored only on your device in the same on-device knowledge graph as Apple Calendar events.
• No Google user data is sent to any third-party server.
• OAuth tokens are stored in your device's Secure Keychain.
• You can disconnect Google Calendar at any time from Settings, which revokes the token and deletes all stored credentials from the device.

Nowadays' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

AI Features (Optional)

Nowadays includes optional AI-powered features (AI Notes for events, calendar-import insight on first launch, and search reflection). These are powered by the Anthropic Claude API and are entirely opt-in. AI features are off by default — you choose how AI works during onboarding and can change your choice at any time in Settings → AI. Three modes are available.

Beta — App-managed (opt-in)

If you explicitly enable the beta during onboarding or in Settings → AI, structured event metadata is sent to a server we operate (a Cloudflare Worker), which forwards it to Anthropic's Claude API to generate AI Notes and onboarding insights. You do not need to provide your own API key. This mode is off by default.

• What is sent: calendar event titles, times, venue names, project codes, connected calendar source labels (e.g. "Google Calendar (you@example.com)"), aggregated photo descriptions extracted on-device by Apple's Vision framework, and short text excerpts from attached PDF documents (truncated to ≤800 characters).
• What is NOT sent: raw photos, raw note bodies, full attendee email lists, full street addresses, or anything not listed above.
• Server-side retention: the proxy server logs only per-device quota counters, token counts, latency, and HTTP status codes. Payload content (the structured metadata sent to Anthropic) is not retained beyond the request lifetime.
• Identity: requests are bound to your device via Apple App Attest (a hardware-backed attestation primitive). We do not collect, store, or have access to any user identifier (no name, email, account ID, or advertising identifier). The App Attest device hash is per-device, not per-user, and cannot be linked to your identity by us.
• Beta usage limits: 20 AI Note generations per device per 30 days, 6 calls per minute, $20/month total spend cap across all beta users. If a limit is reached, the app surfaces an explainer and offers to switch to bring-your-own-key mode.
• Where the data goes: your device → our Cloudflare Worker → Anthropic's API. No fourth-party processor.

Bring-your-own key (fully on-device)

If you provide your own Anthropic API key in Settings → AI, AI features call Anthropic directly from your device. No Nowadays-operated server is involved.

• You provide your own Anthropic API key, stored in the iOS Keychain.
• API requests go directly from your device to api.anthropic.com over TLS. No data passes through any Nowadays-operated server in this mode.
• Photos are never transmitted in either mode. On-device Vision framework extracts text descriptions and only those descriptions are sent.

No AI (default)

If you do not enable the beta and do not provide an Anthropic API key, no AI feature operates and no data is sent externally. Nowadays runs entirely on your device.

Please refer to Anthropic's Privacy Policy for details on how Anthropic handles API requests in either mode.

Third-Party Services

• Google Calendar API — used only when you explicitly connect your Google account. Subject to Google's Privacy Policy.
• Anthropic Claude API — used either via Nowadays' beta proxy (default) or directly from your device when you provide your own API key. Subject to Anthropic's Privacy Policy.
• Cloudflare Workers — Nowadays' beta AI proxy runs on Cloudflare's serverless platform. Cloudflare may receive standard HTTP routing metadata (IP address, timestamp, request size) as part of normal traffic delivery. Subject to Cloudflare's Privacy Policy.
• Netlify — Nowadays' static website (privacy policy, terms, beta feature flag) is hosted on Netlify. Netlify may receive standard HTTP routing metadata when the app fetches the feature flag. Subject to Netlify's Privacy Policy.

No other third-party analytics, advertising, tracking services, or SDKs are included in the app.

Children's Privacy

Nowadays is not directed at children under the age of 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date.

Contact

If you have any questions about this privacy policy, please contact us at:

nowadaysapp.ai@gmail.com