Privacy

Working draft · last updated 23 May 2026

This is a working draft we’re publishing early so our approach is clear. It is not final and is pending legal review; we’ll finalise it before nooklet is generally available.

nooklet holds a private journal of your child’s voice and words. It lives on your device. The privacy posture isn’t a setting bolted on afterwards. It’s how the product is built.

Who this is from

nooklet is operated by Kristaps Karlsons, an individual (“nooklet”, “we”). For privacy questions or to exercise your rights, contact privacy@nooklet.life. Because your data is stored on your own device under keys we do not hold, the most effective controls live in the app itself. See “Your rights” below.

What we handle, and where it lives

  • Your family’s journal. Your child’s voice recordings, words and transcripts, photos, profile, routines, soundboard, places, your notes, and mood or regulation logs. This lives on your device. If you turn on family sync, entries are end-to-end encrypted before they leave the device.
  • Insights derived on your device. Patterns, observations, and the search/index data nooklet builds from your journal stay on your device and are not synced by default.
  • Connection information. To connect your devices, the relay handles temporary technical information (such as IP addresses, timing, and connection paths) and short-lived pairing and discovery tokens. See “Family sync” below.
  • Backups. If you enable backups, nooklet writes an encrypted bundle to your own iCloud or Google Drive. We do not receive or store it.
  • Weather context (optional). Only if you turn it on, nooklet looks up weather using your location truncated to about a kilometre. No journal content is sent.
  • Diagnostics and support (optional). If you opt in, crash reports help us fix problems. They never contain your journal content or your keys. Support conversations contain whatever you choose to send us.

Family sync and the relay

Family sync, when you turn it on, sends encrypted entries to your other devices and to anyone you’ve paired in. nooklet connects your devices through a relay so they can find each other across networks.

The relay never sees your journal or your keys. It handles temporary technical information needed to connect your devices (such as IP addresses, timing, and connection paths), and we do not keep sync access logs. That technical information is still personal data, which is why we keep it to a minimum and for as short a time as possible (see “How long things are kept”).

Removing a device stops it from getting new entries. Copies it already has stay with that device. Sharing data with another device can’t be undone after the fact.

Your child’s data

Even though you operate the app, your child is the person most of this data is about. You control it from your device: you can read it, edit it, export it, or delete it at any time. When you share an export with a professional, it carries a reminder that it contains your child’s voice, words, and photos.

AI runs on your device

nooklet’s on-device features are opt-in and run entirely on your device. Where AI is used, it offers suggestions, clearly labelled as AI. It does not diagnose, screen, score, or predict. We don’t train AI on your child’s voice or anyone else’s, and we never combine data across families.

Backups

Backup bundles are encrypted on your device and stored in your own iCloud or Google Drive; nooklet does not receive or store them. A few things to know:

  • Old encrypted backups in your iCloud or Drive may still contain entries you deleted in the app; manage those in your iCloud or Drive settings.
  • Your cloud provider may keep deleted backups in its own trash for a while; we don’t control that.
  • Your recovery phrase never reaches us. If you lose it, no one at nooklet can reset it.

Other services we use

  • Connection relay: operated for nooklet to connect your devices. Handles connection information only, never journal content or keys.
  • Weather (Open-Meteo): queried only if you enable weather context, with coarse location and no account.
  • Crash diagnostics and support tooling: used only with your opt-in, and configured never to receive content or keys.

Joining the beta (this website)

If you sign up on this site, we collect your email address and which option you ticked (the Android beta, the iPhone waitlist, or both). The lawful basis is your consent. We use MailerLite (Lithuania, EU) to store the list and send these emails; it acts as our processor, with EU data residency and a data-processing agreement. We use double opt-in, so you confirm your address by email before we send anything, and every email has an unsubscribe link. We don’t use this list for anything else, and you can ask us to remove you at any time at privacy@nooklet.life.

How long things are kept

  • Your journal stays until you delete it. Deleting an entry records a deletion that propagates to your paired devices; the underlying data is then cleaned up once your devices have acknowledged it or a safety window has passed.
  • Connection information is kept as briefly as possible; most of it only in memory for the minutes a connection or pairing is active. Operational logs that may include IP addresses are kept for no more than 7 days.
  • On-device insights remain on your device until you delete the app or its data.

Your rights

Under the GDPR and similar laws you have rights over this data. Because it lives on your device under your keys, most are exercised in the app:

  • Access & portability: export a portable archive from Settings on a paired device.
  • Correction: edit any entry, place, or routine on a paired device.
  • Deletion: delete entries or the whole family from your devices.
  • Pause: pause sync on a device without deleting anything.
  • Withdraw consent: family sync, weather, and diagnostics are each opt-in and individually revocable.
  • Complain: you can lodge a complaint with a data-protection supervisory authority. In Latvia, the Datu valsts inspekcija (dvi.gov.lv).

We can’t service access or deletion by email alone: the data is encrypted under keys we don’t hold, and the authoritative action lives on your own paired device. This protects you in situations like a contested-authority dispute.

Where data is processed

Journal content stays on your devices. Connection information is processed by the relay, which is hosted in the EEA.

Changes

We’ll update this page as the product and our practices develop, and note the date at the top. Material changes will be surfaced in the app.

Contact

Questions? privacy@nooklet.life.