Privacy Policy

Our Principles

These principles guide how we handle your privacy:

• We disclose data only when required by law or for safety. We access or share personal data only under a lawful obligation or when we have genuine concerns about violations of our Terms of Service or this Privacy Policy.
• We do not sell your personal information. We do not share your data with advertisers or data brokers for their marketing purposes.
• We collect only what is necessary. Any data we collect is used to operate NFCore, fix issues, and improve your experience — nothing more.
• We cannot see your data. NFCore stores all tag data locally on your device. We do not have access to your scanned tags, written data, or tag library.

1. Scope

This Privacy Policy describes how Echo Persona LLC, located at 2201 Menaul Blvd NE Ste A, Albuquerque, New Mexico 87107-1711, United States ("we," "us," or "our"), collects, uses, discloses, and protects information when you use:

• The NFCore iOS application and any related services (collectively, the "Service");
• Our website at nfcore.app;
• Any related customer support, communications, marketing, surveys, and events.

This policy applies worldwide. Some regions grant additional rights and require extra disclosures; see Section 15 (Regional Disclosures) for details. For privacy-specific inquiries, you may reach us at privacy@nfcore.app.

By using the Service you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

2. Definitions

• User Content: content you create, store, or transmit through the Service, such as NFC tag data, custom templates, and tag library entries.
• Personal Data / Personal Information: information that identifies, relates to, or could reasonably be linked to an identifiable individual.
• Processing: any operation performed on Personal Data — collecting, recording, storing, using, sharing, deleting, or otherwise handling it.
• Controller / Business: the entity that determines the purposes and means of processing Personal Data. For this Service, that is Echo Persona LLC.
• Processor / Service Provider: a party that processes Personal Data on behalf of the Controller / Business.

3. Information We Collect

We collect the minimum information necessary to operate the Service. The NFCore iOS app is built to collect as little data as possible — in practice, almost everything stays on your device.

A. Information You Provide

• Contact details: name and email address if you contact us, submit a support request, or sign up for updates.
• Feedback and correspondence: information you share when you contact support, respond to surveys, leave App Store reviews, or otherwise interact with us.
• Transaction information: when you purchase a subscription, payment is processed by Apple through In-App Purchase. We may receive limited transaction data (such as confirmation that a purchase occurred, subscription tier, and expiry date) but never your payment card details.
• User Content (tag data): NFCore is designed so that all content you store — scanned tags, written data, templates, and library entries — remains on your device. We do not have access to this content.
• Device permissions: if you grant permission, we may access NFC, camera (for QR codes), or other device features necessary for functionality. You can revoke any permission at any time in your device settings.

B. Information Collected Automatically

The NFCore iOS app does not automatically collect usage data, crash logs, analytics events, device identifiers, or IP addresses. The following limited collection applies to our website or is performed independently by Apple — not by us:

• No app telemetry: the NFCore iOS app contains no analytics SDKs, telemetry, or background usage-reporting code. We do not receive any data about how you use the app.
• Apple crash diagnostics (Apple, not us): Apple may independently collect crash reports and device diagnostics in accordance with Apple's Privacy Policy and your device settings.
• Website analytics: our website uses Vercel Web Analytics for aggregated traffic metrics and Google Analytics 4 (Google LLC) to understand how visitors use the site. Google Analytics may use cookies or similar storage; how Google uses data is described in Google's Privacy Policy. We do not use these tools to build individual advertising profiles from the NFCore app.

C. Information from Third Parties

• We do not receive data from advertising networks. NFCore is subscription-based and does not display ads.
• Apple App Store: purchase verification data and fraud-prevention signals.

4. iOS Device Permissions

NFCore may request the following iOS permissions. Each is used only for the stated purpose and can be revoked at any time in your device's Settings app.

• NFC: required to scan, read, and write NFC tags. This is the core functionality of the app.
• Camera: used optionally for scanning QR codes that may contain tag data or URLs.
• Notifications: used to deliver optional service announcements and feature updates.

You can disable any permission at any time by going to Settings > Privacy & Security on your iOS device. Disabling a permission may affect the corresponding feature but will not affect the rest of the app.

5. How We Use Information

We use information to:

• Provide and operate the Service — enable features, authenticate users, process subscriptions, and deliver support.
• Maintain safety and security — prevent fraud and abuse, detect suspicious activity, enforce our policies, and protect users.
• Improve and develop — reviewing support feedback and guiding product decisions to make NFCore better.
• Customer support — respond to requests, troubleshoot issues, and provide service updates.
• Billing and transactions — process subscription payments through Apple, manage subscription status.
• Marketing and communications — send service messages, product updates, and newsletters. You can opt out at any time.
• Legal compliance — comply with applicable laws, respond to lawful requests, and establish or defend legal claims.

6. Legal Bases (EEA/UK and Similar Jurisdictions)

If you are in the European Economic Area, United Kingdom, or a jurisdiction with similar requirements, our legal bases for processing include:

• Contract: processing necessary to deliver the Service you have requested (account operation, feature delivery, subscription management).
• Legitimate interests: security, fraud prevention, service improvement, and customer support, where not overridden by your data protection rights.
• Consent: for specific device permissions, certain marketing communications, and certain cookies.
• Legal obligation: to comply with tax, accounting, regulatory, and law-enforcement requirements.

7. How We Share Information

We may share Personal Data as follows:

• Service providers / processors: companies that help us operate the Service, including hosting and infrastructure, customer support tooling, and email delivery. They process data only as needed to provide services to us and under contractual obligations to protect it.
• Legal, compliance, and safety: to comply with applicable law, legal process, or governmental requests; to enforce our Terms of Service; to respond to claims; or to protect the rights, property, or safety of Echo Persona LLC, our users, or the public.
• Corporate transactions: in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
• With your direction: when you choose to share content or direct us to disclose information to a third party.

We do not sell your Personal Information. We do not share it with data brokers or advertisers.

8. Analytics and Tracking

Analytics

Our website uses Vercel Web Analytics and Google Analytics 4. Vercel Web Analytics provides aggregated page metrics. Google Analytics 4 may use cookies or similar technologies and processes data under Google's Privacy Policy. The NFCore iOS app contains no analytics SDK and collects no crash reports, usage events, or telemetry whatsoever.

No Advertising or Ad Tracking

NFCore is entirely subscription-based. We do not display advertisements, use advertising SDKs, or collect advertising identifiers (IDFA).

Do Not Track / Global Privacy Control

We respect Global Privacy Control (GPC) signals where legally required. We do not engage in cross-site tracking.

9. Data Retention

We keep Personal Data only as long as necessary for the purposes described in this policy:

• Tag data: stored exclusively on your device. Deleted when you delete it or when you uninstall the app. We never possess tag data.
• Support correspondence: retained for as long as necessary to resolve your issue and for a reasonable period afterward, then deleted.
• Billing records: subscription and transaction records are retained as required by applicable tax and accounting laws (typically 3–7 years).
• Website analytics: retention for Vercel Web Analytics and Google Analytics follows each provider's product settings and documentation (you may opt out of cookies via your browser where applicable).

10. Security

We employ administrative, technical, and organizational safeguards designed to protect your Personal Data:

• On-device storage: all tag data is stored locally on your device. We never receive or store your tag data.
• Encryption in transit: all communications between the app, our website, and any backend services use TLS 1.2 or later.
• Access controls: internal access to any user-related data (such as support correspondence) is limited to personnel who need it.

No method of electronic transmission or storage is completely secure. If you believe the security of your information has been compromised, please contact us immediately at support@nfcore.app.

11. Your Choices and Controls

You may control:

• Device permissions: revoke NFC, camera, or notification permissions at any time in iOS Settings.
• Tag data deletion: delete individual tags or your full library from within the app at any time.
• Marketing communications: opt out using the unsubscribe link in any message.
• Data deletion requests: contact us at privacy@nfcore.app to request deletion of any personal data we hold.

12. Individual Rights Requests

Depending on your location, you may have the right to:

• Access: request a copy of the Personal Data we hold about you.
• Correct: request correction of inaccurate Personal Data.
• Delete: request deletion of your Personal Data, subject to legal exceptions.
• Restrict or limit processing: request that we limit how we use your data.
• Object to processing: object to our processing of your data in certain circumstances.
• Data portability: receive your Personal Data in a structured, commonly used, machine-readable format.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

How to Submit a Request

Email privacy@nfcore.app with the subject line "Privacy Rights Request" and include: the email address associated with your interactions with us, your country or state of residence, and the right you wish to exercise. We will respond within the timeframes required by applicable law.

13. Children's Privacy

The Service is not directed to children under the age of 13 (or under 16 in jurisdictions where a higher age of consent applies). We do not knowingly collect Personal Data from children below the applicable age. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at privacy@nfcore.app.

14. International Data Transfers

Echo Persona LLC is based in the United States. Your Personal Data may be collected, used, and stored in the United States or other countries where we or our service providers operate.

For transfers of Personal Data from the European Economic Area, United Kingdom, or Switzerland to countries not deemed to have adequate data protection, we rely on lawful transfer mechanisms including European Commission Standard Contractual Clauses (SCCs).

15. Regional Disclosures

A. European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

Controller: Echo Persona LLC, 2201 Menaul Blvd NE Ste A, Albuquerque, New Mexico 87107-1711, United States. Contact: privacy@nfcore.app.

Your rights under the GDPR include: access, rectification, erasure, restriction of processing, data portability, objection to processing, and the right not to be subject to solely automated decision-making. You have the right to lodge a complaint with your local supervisory authority.

B. California, United States (CCPA / CPRA)

If you are a California resident, you may have the following rights:

• Right to know / access: request information about the categories and specific pieces of Personal Information we have collected.
• Right to delete: request deletion of your Personal Information, subject to certain exceptions.
• Right to correct: request correction of inaccurate Personal Information.
• Right to opt out of sale or sharing: we do not sell your Personal Information.
• Non-discrimination: we will not discriminate against you for exercising your privacy rights.

C. Other Jurisdictions

If you reside in Brazil (LGPD), Australia (Privacy Act 1988), Canada (PIPEDA), or another jurisdiction with applicable data protection laws, please contact us at privacy@nfcore.app to exercise your rights.

16. App-Specific Data Practices

On-Device Storage

All tag data — including scanned tags, written data, templates, and your tag library — is stored locally on your device. We never receive, possess, or have access to this data.

On-Device Processing

All NFC operations, data parsing, and tag management run entirely on your device. No tag content is sent to external servers for processing.

17. Apple App Store and Platform Disclosures

• App Privacy nutrition labels: this Privacy Policy is consistent with the privacy declarations we submit to Apple in App Store Connect.
• No ad tracking: NFCore does not use the Identifier for Advertisers (IDFA) and does not track users across other apps or websites.
• Third-party SDKs: the NFCore iOS app does not include third-party advertising, analytics, or tracking SDKs.
• In-App Purchases: subscription payments are processed by Apple. We receive transaction receipts but never your payment card details.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will provide additional notice as appropriate — for example, through an in-app notification or a prominent notice on our website.

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.