Privacy Policy

1. Who We Are

Next2Me is a relationship management platform designed to help you nurture the connections that matter most. We're operated by NoteIQ, Inc.

Contact: privacy@next2me.pro

2. What We Collect

Information You Provide

• Account Information: Name, email, password (encrypted)
• Profile Information: Date of birth (for age verification), preferences
• Relationship Data: Names and information about people you add
• Memories & Notes: Text, voice recordings, and other content you create
• Communication Preferences: How and when you want to hear from us

Information Collected Automatically

• Usage Data: How you interact with the app (anonymized)
• Device Information: Browser type, operating system (for compatibility)
• Log Data: IP address, access times (for security)

Special Categories of Data

With your explicit consent, we may process:

• Biometric Data: Voice characteristics for Voice-to-Timeline features (Guardian tier only)
• Health-Adjacent Information: If you choose to record memories about health topics

Important: Biometric data is only collected with explicit, separate consent and can be deleted at any time within 24 hours.

3. How We Use Your Data

To Provide the Service

• Store and organize your relationships and memories
• Send you reminders and nudges (with your permission)
• Sync across your devices
• Process voice notes and create transcriptions

To Improve the Service

• Understand how features are used (anonymized analytics)
• Fix bugs and improve performance
• Develop new features based on user needs

What We DON'T Do

• ❌ Sell your personal data
• ❌ Show you targeted advertising
• ❌ Share your data with data brokers
• ❌ Train AI models on your personal content without consent
• ❌ Access your data without a legitimate reason

4. AI and Your Data

Next2Me uses AI to help you nurture relationships. Here's how:

AI Nudges (All Tiers)

Our AI analyzes your interaction patterns to suggest when to reach out to someone. This is not clinical advice—just gentle reminders from a system designed to help you love well.

Full AI Features (Cultivator & Guardian Tiers)

With your consent, the AI can:

• Learn your relationship rhythms
• Anticipate when someone might need attention
• Suggest conversation starters based on shared history

Voice-to-Timeline (Guardian Tier)

This feature uses voice analysis (biometric data) to create oral histories. It requires separate, explicit consent and complies with BIPA and similar laws.

5. Your Rights

You have the right to:

Access

Request a copy of all data we have about you (Article 15 GDPR).

Rectification

Correct any inaccurate information (Article 16 GDPR).

Erasure ("Right to be Forgotten")

Request deletion of your data. We'll complete deletion within 30 days (Article 17 GDPR).

Data Portability

Export your data in a machine-readable format (JSON, CSV, PDF) (Article 20 GDPR).

Withdraw Consent

Change your mind about any optional data processing at any time. No penalty, no questions asked.

Object to Processing

Object to certain types of processing, including profiling (Article 21 GDPR).

6. Children's Privacy

We take children's privacy seriously.

• Users must be at least 13 years old (COPPA compliance)
• Users 13-17 require verifiable parental consent
• We never knowingly collect data from children under 13
• Parents can review, delete, or refuse further collection of their child's data

7. Data Security

We protect your data with:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits
• Access controls and authentication
• Secure data centers with SOC 2 compliance
• Incident response procedures

While no system is 100% secure, we follow industry best practices and will notify you promptly if a breach affects your data.

8. Data Retention

9. International Transfers

Your data may be processed in the United States. We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) for EU/UK transfers
• Data Processing Agreements with all vendors
• Privacy Shield successor frameworks where applicable

10. Third-Party Services

We use limited third-party services:

• Cloud hosting: Railway (data processing agreement in place)
• Email delivery: For transactional emails only
• Payment processing: Stripe (they have their own privacy policy)

We do not use third-party analytics, advertising, or social media tracking.

11. Succession and Legacy

Guardian tier users can designate a successor to receive their digital legacy. This involves:

• Your explicit consent for succession transfer
• Clear trigger conditions you define
• Optional legal verification requirements
• Ability to exclude specific relationships or content

We recommend consulting an estate attorney for comprehensive digital estate planning.

12. Changes to This Policy

If we make material changes, we will:

• Email you at least 30 days before changes take effect
• Highlight what changed and why
• Give you the option to export your data or close your account

13. Contact Us

For privacy questions or to exercise your rights:

• Email: privacy@next2me.pro
• Data Protection Officer: dpo@next2me.pro
• Mail: NoteIQ, Inc., Attn: Privacy, [Address]

We aim to respond to all requests within 30 days.

14. Legal Bases for Processing (GDPR)