← Nibble

Privacy Policy

Last updated April 11, 2026

1. The short version

We collect the minimum needed to run Nibble: your mobile number, your name, and what you do inside the app (which modules you complete, what practice prompts you type). We don't sell your data. We don't run ad networks. Your practice prompts go to Anthropic's Claude API to generate responses — that's the core of the product.

2. What we collect

  • Account data. Mobile number (used as your login identity), name, role (founder / user / admin), account creation timestamp.
  • Waitlist data. Name, mobile, what you want to use AI for, submission timestamp, approval status.
  • Learning progress. Modules completed, lessons seen, XP, streak, bookmarks, card views. This is what the app needs to render your personal feed and leaderboard.
  • Practice loop data. The prompts you type into INTERACTIVE lessons, plus token counts and latency for the Claude API call. We store these to show you your history, to improve lessons, and to debug problems.
  • Technical logs. Standard server logs (IP addresses, timestamps, user-agents) used to fight abuse and debug issues.

3. What we DON'T collect

  • Location data, contacts, microphone, camera, or any other device permission.
  • Any tracking cookies other than our own session cookie (which is strictly necessary to keep you logged in).
  • Payment data (we haven't enabled payments yet; when we do, Razorpay handles card / UPI info, not us).

4. Who sees your data

A small number of vendors power Nibble. Each one only sees what it needs:

  • Neon (Postgres hosting). Stores your account, progress, and practice call logs. Data lives in their US-East region.
  • Anthropic (Claude API).Receives your practice prompts so Claude can respond. Anthropic's privacy policy applies to what they do with it. We send the minimum needed — your prompt and a tutor system prompt — and nothing that personally identifies you.
  • Railway (app hosting). Runs the Nibble server.
  • Telegram (admin alerts). Notifies the admin of new signups and waitlist submissions. Only the admin Telegram chat sees this.

5. How long we keep your data

As long as your account is active. If you delete your account, we remove your account data and learning progress within 30 days. Aggregate usage stats (module completion rates, session counts, etc.) that don't identify you may be kept longer for product analysis.

6. Your rights

  • Access.Email us and we'll send you a copy of your data.
  • Correction.If anything is wrong, tell us and we'll fix it.
  • Deletion. Ask us to delete your account and we will, within 30 days.
  • Withdrawal of consent. You can stop using Nibble at any time.

7. Security

We run on HTTPS end-to-end. Sessions are issued as HMAC-signed HttpOnly cookies, rate-limited against brute force, and origin-checked to prevent CSRF. Your mobile number is the only personally-identifying field we store. No passwords — we use a shared cohort passcode as an anti-bot measure, not as a security primitive.

8. Children

Nibble is not intended for users under 16. If you're a parent or guardian and believe your child has created an account, contact us and we'll delete it.

9. Changes

We'll update this policy occasionally. Material changes will be announced in-app. The “last updated” date at the top tells you when it last changed.

10. Contact

Questions about privacy? Email chaithanya@nibble.app.

See also

Terms of Use · Join the waitlist