Privacy Policy
Last updated: 15 July 2026
Nodds ("we", "us") is a health-data assistant: you connect wearables, blood reports, and other sources, and ask questions grounded in your own data. This policy explains what we collect, why, and what we do with it — in plain language, because it's your health data.
What we collect
- Account basics. When you sign in with Google we receive your name, email address, and profile picture. We use these to create and identify your account.
- Health and wearable data. When you connect a device (Garmin, Oura, Fitbit, …), we retrieve your activity, sleep, heart-rate, and related data from that provider through our data infrastructure, and use it to answer your questions.
- Blood reports. If you upload a lab report (PDF or image), we process it to extract biomarker results so you can view them and ask about them.
- Google Calendar (optional). If you explicitly connect Google Calendar, we receive read-only access to your events and use them solely to answer your questions (for example, relating schedule load to your sleep). We fetch events on demand; we store only the encrypted access credential, never a copy of your calendar. Disconnecting removes the credential.
- Location (optional). If you set up the Weather connector, we store the location you choose so weather, air-quality, and pollen answers work without asking where you are.
- Conversations. Your chats are saved so you can revisit and continue them. You can delete any conversation in the app.
- Usage and payments. We track per-account usage counts for the free tier and billing. Payments are processed by Stripe — we never see or store your card number.
- Analytics. We use PostHog to understand how the product is used (pages viewed, features clicked). Analytics events do not include your health data.
How answers are generated
When you ask a question, relevant portions of your connected data (for example, recent sleep records, extracted biomarkers, calendar events, or weather for your saved location) are sent to a large-language-model provider (currently OpenAI) to generate the answer. This data is sent for processing only — we do not permit it to be used to train third-party models under our API agreements.
Google user data — Limited Use
Nodds' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: Google Calendar data is used only to provide the features you asked for, is never sold, is never used for advertising, and is never read by humans except with your explicit consent, for security, or where required by law.
What we never do
- We do not sell your data — health or otherwise — to anyone.
- We do not use your data for advertising.
- We do not share your health data with third parties beyond the service providers needed to run the product (hosting, model inference, payments, analytics), each bound by their own data-protection obligations.
Storage and security
Account data lives in a managed Postgres database. API keys and connector credentials (such as your Google Calendar token) are stored encrypted (AES-256-GCM); a database leak alone would not expose usable credentials. Traffic is encrypted in transit (HTTPS). Wearable data is retrieved on demand from the data platform rather than copied into our application database.
Your controls
- Disconnect any device, calendar, or location from the Connectors page at any time.
- Delete conversations from the chat's History menu.
- Revoke Nodds' Google access entirely at myaccount.google.com/permissions.
- Request deletion of your account and all associated data by emailing privacy@nodds.ai. We action deletion requests within 30 days.
Not medical advice
Nodds provides information grounded in your data. It is not a medical device and does not provide medical advice, diagnosis, or treatment. Always consult a qualified clinician about health concerns.
Children
Nodds is not directed at children and is not intended for anyone under 16.
Changes
If this policy changes materially, we'll note the new date above and, for significant changes, tell signed-in users in the product.