Privacy Policy

Effecitve Date: April 15, 2026

Last Updated: March 2, 2026

Our Commitment

We never sell your data. Everything is encrypted and private. Your trust is the foundation of NeedOrWant.

1. Introduction

Welcome to NeedOrWant. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our mobile application.

Controller Information:

John Andres

Brussels, Belgium

Email: privacy@needorwant.app

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

2. Data We Collect

2.1 Information You Provide Directly

Account Information:
  • Email address (if using email sign-up).
  • Name (optional).
  • Password (encrypted, never stored in plain text).
  • Authentication tokens (for Google/Apple Sign-In).
Profile Information:
  • Spending personality type (from onboarding quiz).
  • Savings goals and preferences.
  • Custom categories and settings.
Purchase Analysis Data:
  • Product descriptions you submit (text, photos, URLs, voice).
  • Purchase outcomes you report (bought/skipped, regret/satisfaction).
  • Journal entries and notes.
  • Wishlist items (Pro tier).
Communications:
  • Support inquiries and feedback.
  • Survey responses.
  • Email preferences.

2.2 Information Collected Automatically

Usage Data:
  • Features used and frequency.
  • App open/close events.
  • Screen views and navigation patterns.
  • Time spent in app.
  • Analysis request timestamps.
  • Streak and achievement progress.
Device Information:
  • Device type, model, and operating system.
  • App version.
  • Unique device identifiers (anonymized).
  • Mobile network information.
  • Language and region settings.
Technical Data:
  • IP address (anonymized).
  • Error logs and crash reports.
  • Performance metrics.

2.3 Information from Third Parties

Authentication Providers (Google, Apple):
  • User ID, email address, profile picture (if you choose social sign-in).
Payment Processors (App Store, Play Store):
  • Subscription status and tier.
  • Purchase history and renewal dates.
  • We do NOT receive your payment card information.

3. How We Use Your Data

We process your personal data for the following purposes:

3.1 Providing the Service (Legal Basis: Contract Performance)

  • Creating and managing your account.
  • Processing purchase analysis requests through AI.
  • Generating personalized verdicts and recommendations.
  • Tracking purchase outcomes and savings.
  • Delivering push notifications (with your consent).
  • Providing customer support.

3.2 Improving the Service (Legal Basis: Legitimate Interest)

  • Analyzing usage patterns to improve features.
  • Training and improving AI models.
  • Fixing bugs and technical issues.
  • Conducting product research and development.
  • A/B testing new features.

3.3 Business Operations (Legal Basis: Legitimate Interest)

  • Processing subscription payments and renewals.
  • Preventing fraud and abuse.
  • Enforcing Terms of Service.
  • Analyzing business performance.

3.4 Communications (Legal Basis: Consent / Legitimate Interest)

  • Sending transactional emails (account, subscription, security).
  • Sending optional marketing emails (with explicit consent).
  • Push notifications for streaks, outcomes, achievements (with consent).

3.5 Legal Compliance (Legal Basis: Legal Obligation)

  • Complying with GDPR and other regulations.
  • Responding to legal requests from authorities.
  • Protecting our legal rights.

4. How We Share Your Data

4.1 Service Providers (Data Processors)

We share data with trusted third-party processors who assist in providing the Service:

MongoDB Atlas

Database hosting

Data: All user data

Location: EU region

OpenAI / Anthropic / Google

AI analysis

Data: Purchase descriptions (anonymized)

Location: USA (SCCs and equivalent safeguards)

Clerk

Authentication

Data: Email, user ID

Location: USA (GDPR-compliant)

RevenueCat

Subscription management

Data: User ID, subscription status

Location: USA (GDPR-compliant)

PostHog

Analytics

Data: Usage data (anonymized)

Location: EU region

Sentry

Error tracking

Data: Error logs, device info (anonymized)

Location: USA (GDPR-compliant)

SendGrid

Email delivery

Data: Email address, name

Location: USA (GDPR-compliant)

Data Processing Agreements: All processors have signed Data Processing Agreements (DPAs) ensuring GDPR compliance.

4.2 What We Never Share

  • We never sell your personal data to third parties.
  • We never share your data for advertising purposes.
  • We never share your full purchase history with AI providers (only individual anonymized requests).

4.3 Legal Requirements

We may disclose data if required by law, court order, or to:

  • Comply with legal obligations.
  • Protect our rights, property, or safety.
  • Prevent fraud or security threats.
  • Enforce our Terms of Service.

4.4 Business Transfers

If NeedOrWant is acquired or merged, your data may be transferred to the new owner. We will notify you and ensure continued protection of your data.

5. Data Retention

We retain data as follows:

  • Account data – Until you delete your account + 30 days.
  • Purchase analysis history – Until you delete your account + 90 days.
  • Usage analytics – 24 months (anonymized after 12 months).
  • Financial records – 7 years (legal requirement).
  • Support communications – 2 years.
  • Marketing consent records – 3 years after withdrawal.

After the retention period, data is securely deleted or anonymized beyond recovery.

6. Your Rights Under GDPR

As an EU resident, you have the following rights:

6.1 Right to Access

Request a copy of all personal data we hold about you.

6.2 Right to Rectification

Correct inaccurate or incomplete data (can be done in-app under Settings).

6.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. Some data may be retained for legal compliance.

6.4 Right to Restriction

Request limitation of processing in certain circumstances.

6.5 Right to Data Portability

Receive your data in a machine-readable format (JSON export available in Pro tier).

6.6 Right to Object

Object to processing based on legitimate interests or for direct marketing.

6.7 Right to Withdraw Consent

Withdraw consent for marketing emails or push notifications at any time.

Exercising Your Rights

Email: privacy@needorwant.app

We will respond within 30 days.

7. Data Security

7.1 Technical Safeguards

  • Encryption in transit: TLS/SSL for all data transmission.
  • Encryption at rest: AES-256 encryption for stored data.
  • Password security: Bcrypt hashing with salt.
  • Access controls: Role-based access, least privilege principle.
  • Secure infrastructure: EU-based servers (MongoDB Atlas EU region).

7.2 Organizational Measures

  • Regular security audits and vulnerability testing.
  • Incident response procedures.
  • Employee confidentiality agreements.
  • Data minimization practices.

15. Contact Us

Data Protection Officer (DPO)

  • John Andres
  • Email: privacy@needorwant.app
  • Address: Brussels, Belgium

General Support

By using NeedOrWant, you acknowledge that you have read and understood this Privacy Policy.