Privacy Policy
سياسة الخصوصية
Last updated: 6 June 2026
Nasy is a personal CRM operated by The Collective Mind FZE (“Nasy”, “we”, “us”), a Free Zone Establishment registered in the United Arab Emirates. This policy explains what personal data we collect when you use the Nasy mobile app and website, why we collect it, who we share it with, and the choices and rights you have. By using Nasy you agree to this policy.
1. Data you give us
- Account data: your name, email address, password (stored only as a salted hash, never in plain text), and optionally your phone number.
- Contact records you create: names, phone numbers, emails, companies, roles, relationships, tags, categories, notes, logged interactions, reminders, events, and any documents or images you attach. This is the core content of your private network and belongs to you.
- Your card: the details you choose to publish on your shareable contact card / QR code.
- Billing data: if you subscribe to Pro, payment is processed by Stripe. We never see or store your full card number; we retain only a subscription status, billing-event ledger, and renewal dates.
2. Data collected automatically
- Technical data: basic device, app-version, and request information needed to operate the service securely and diagnose errors.
- Usage counters: we count metered actions (e.g. AI generations, documents) to enforce free-tier limits.
Nasy does not sell your data, does not show third-party advertising, and does not track you across other apps or websites.
3. Camera, contacts, and other device permissions
- Camera: used only when you choose to scan a business card or QR code to add a contact. Images are processed to extract contact details; we do not access your camera in the background.
- Photos / files: used only for items you explicitly pick to attach to a contact or to your card.
- Notifications: used to deliver the reminders you set.
Each permission is requested at the moment you first use the relevant feature, and you can decline or revoke it in your device settings.
4. How we use your data
- To provide the core CRM: storing and syncing your contacts, reminders, and notes.
- To generate AI assistance you request — briefings, draft messages, summaries, and contact enrichment.
- To send transactional email such as sign-in links and payment receipts.
- To process subscriptions and prevent abuse.
- To keep the service secure, debug problems, and comply with law.
5. AI features
When you use an AI feature (such as generating a briefing, drafting a message, or enriching a contact), the relevant content is sent to Google’s Gemini API to produce the result. This processing happens only when you trigger the feature. We do not use your content to train our own models.
6. Service providers we share data with
We share the minimum data necessary with the following processors, each acting on our behalf under their own security and privacy commitments:
- Railway — cloud hosting and the PostgreSQL database that stores your data.
- Resend — sending transactional email (sign-in links, receipts).
- Stripe — payment processing for Pro subscriptions.
- Google (Gemini API) — generating the AI results you request.
- Proxycurl — optional public-profile enrichment, only when you add a LinkedIn URL to a contact.
- Google / Microsoft — only if you connect a calendar or email integration, and only with the scopes you authorise.
7. International transfer and storage
Nasy serves the GCC, but our infrastructure and processors operate cloud regions that may be located outside your country of residence. By using Nasy you consent to your data being processed and stored on this infrastructure. We require every processor to protect your data with appropriate technical and organisational measures.
8. Retention
We keep your data for as long as your account is active. When you delete your account, we delete your personal content within 30 days, except where we must retain limited records (for example, billing records) to meet legal and accounting obligations.
9. Your rights and deletion requests
You can access and edit your contacts and account details inside the app at any time. You may request a copy of your data, correction, or full deletion of your account by emailing support@nasy.app from your account email address. We will respond within 30 days. Deleting your account removes your contacts, notes, reminders, documents, and card.
10. Security
Connections are encrypted in transit (HTTPS/TLS). Passwords are stored only as salted hashes. Access to production systems is restricted. No system is perfectly secure, but we work to protect your data and will notify you of a material breach as required by law.
11. Children
Nasy is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy as the product evolves. We will revise the “Last updated” date above and, for material changes, notify you in the app or by email.
13. Contact
The Collective Mind FZE, United Arab Emirates. For any privacy question or request, email support@nasy.app.