# Privacy Policy

**Version:** 1.2 **Effective date:** April 18, 2026 **Last updated:** May 11, 2026

---

1. Who We Are
ɳSelf ("we", "us", "our") operates the nself.org website and related services. ɳSelf is a Delaware LLC.
- Privacy contact: privacy@nself.org - Postal address: ɳSelf, LLC, 8 The Green, Suite A, Dover, Delaware 19901, USA - EU representative: To be appointed when the volume of EEA user processing triggers the Art. 27 GDPR threshold. Current primary data processing occurs in the EU (Hetzner, Germany), which reduces cross-border transfer exposure.
This policy covers all ɳSelf-operated surfaces: nself.org, docs.nself.org, install.nself.org, api.nself.org, ping.nself.org, cloud.nself.org, chat.nself.org, claw.nself.org, task.nself.org, base.nself.org, and billing and email services. ntv.nself.org is planned and not yet live; it will be covered by this policy once launched.
Self-hosted ɳSelf instances are NOT covered by this policy. If you run ɳSelf on your own infrastructure, you are the data controller for your users. We have no access to your data. The only external call the CLI makes (if telemetry is enabled) is to ping.nself.org. You can disable this entirely with `nself config set telemetry false`.
---

2. Data We Collect
### Account Data
When you create an account on cloud.nself.org or task.nself.org, we collect:
- Email address - Display name (optional) - Hashed password (bcrypt, never stored in plaintext) - Stripe customer ID (for paid plans) - License key hash (for plugin access validation)
### Usage Data (Telemetry)
If you enable telemetry in the ɳSelf CLI (`nself config set telemetry true`), we collect:
- CLI version, OS, and architecture - Command names (never arguments or content) - Install success/failure status - Opt-in error reports (stack traces with PII redacted) - Per-install UUID (rotatable via `nself config reset telemetry-id`)
Telemetry is off by default. The per-install UUID is not linked to your account unless you explicitly opt in.
### Billing Data
For paid plans, Stripe processes your payment. We receive and store:
- Last 4 digits of your payment method - Billing country and tax region - Invoice history and subscription status
We never receive or store your full card number (PAN). All payment processing is handled by Stripe (PCI DSS Level 1 certified).
### Support Data
When you contact support or file a bug report, we collect:
- Ticket contents and attached logs - Email address used for correspondence
### AI-Specific Data (Hosted ɳClaw at claw.nself.org)
If you use the hosted ɳClaw service, we process:
- Prompts and responses - Embeddings generated from your conversations - Memory graph (topics, entities, decisions extracted by the AI) - Files you upload for AI processing
This data is stored in your dedicated database partition and is never shared with other users. See Section 7 for AI-specific disclosures.
### v1.1.0 Event Types (Telemetry — opt-in)
When telemetry is enabled, v1.1.0 added the following discrete event types sent to ping.nself.org:
| Event | Fields | Not collected | Opt-out | |-------|--------|---------------|---------| | `install_completed` | CLI version, OS, arch, duration, success flag | No content, no paths | `nself config set telemetry false` | | `bundle_purchase` | Bundle name, tier (not price), country code | No payment details, no name | Same | | `clawde_activated` | Platform (desktop/mobile), CLI version | No files, no prompts | Same | | `nsentry_plugin_install` | Plugin name within ɳSentry bundle, CLI version | No server details | Same | | `license_validate` | License tier, domain hash (one-way), CLI version | No actual domain, no key | Not opt-outable (required for license enforcement); can disable telemetry globally |
Per-install UUID is rotatable at any time via `nself config reset telemetry-id`. None of these events include personal data, file paths, or content.
### ɳFamily Special-Category Data
ɳFamily is a self-hosted application. When you run ɳFamily on your own server, all data — including the following special categories — is stored exclusively in your database. ɳSelf never receives or processes it.
Data we classify as special-category under GDPR Article 9 within the ɳFamily app:
| Category | What it covers | Default state | |----------|---------------|---------------| | Medical history | Allergies, conditions, medications, surgeries, vaccinations on family member profiles | Off — explicit consent required | | Biometric data | Facial geometry, fingerprint references, voice prints from photos or in-app identification | Off — explicit consent required | | Genetic data | DNA results, hereditary markers, genetic disease information in family tree entries | Off — explicit consent required | | Children's data (COPPA / GDPR Art. 8) | Any profile data belonging to a user under 13 (US) or 16 (EU/EEA) | Off — verifiable parental consent required |
Legal basis for processing: GDPR Article 9(2)(a) — explicit consent of the data subject. Each category requires a separate opt-in action and is recorded with a timestamped audit trail. Consents expire annually and must be re-affirmed. You can revoke any consent at any time, triggering immediate deletion of stored data in that category.
---

3. Purposes and Lawful Bases
| Purpose | Data used | Lawful basis (GDPR Art. 6) | |---------|-----------|---------------------------| | Provide the service you signed up for | Account, usage, AI data | Performance of contract (Art. 6(1)(b)) | | Process payments and manage subscriptions | Billing data | Performance of contract (Art. 6(1)(b)) | | Detect and prevent fraud and abuse | IP addresses, usage patterns | Legitimate interest (Art. 6(1)(f)) | | Product improvement via analytics | Anonymized telemetry (opt-in only) | Consent (Art. 6(1)(a)) | | Send transactional emails (password reset, billing) | Email address | Performance of contract (Art. 6(1)(b)) | | Comply with tax and legal obligations | Billing records, account data | Legal obligation (Art. 6(1)(c)) | | Send newsletter (opt-in only) | Email address | Consent (Art. 6(1)(a)) | | Store special-category health / biometric / genetic data in ɳFamily (self-hosted) | Medical history, biometric, genetic data | Explicit consent (GDPR Art. 9(2)(a)) |
We do not sell your data. We do not share it with advertisers. We do not use it for training AI models.
---

4. Retention Schedule
| Data type | Retention period | Justification | |-----------|-----------------|---------------| | Account data | Until you delete your account + 30-day grace period | Service continuity | | Billing records | 7 years after last transaction | Tax law compliance | | Application logs | 90 days hot storage, 1 year cold storage | Debugging, security | | Telemetry data | 24 months rolling | Product improvement | | Database backups | 35 days, then purged | Disaster recovery | | AI memory (hosted ɳClaw) | User-controlled; default retain until user deletes | User preference | | AI prompts/responses (hosted) | Configurable; default 90 days for cloud users | Service operation | | Support tickets | 3 years after resolution | Quality assurance |
When you delete your account, we initiate a deletion cascade. After the 30-day grace period, all your data is permanently removed from active systems. Backups containing your data are purged within 35 days. See our [Right to Delete](/legal/right-to-delete) documentation for the full cascade.
---

5. Sharing and Sub-Processors
We share data with third-party service providers ("sub-processors") only as necessary to operate our services. See our [Sub-Processor List](/legal/subprocessors) for the current list, which includes:
- Hetzner: Server hosting (Germany) - Vercel: Frontend hosting (global CDN) - Cloudflare: DNS and DDoS protection (global) - Stripe: Payment processing (USA) - Elastic Email: Transactional email (EU) - OpenAI: LLM inference for hosted ɳClaw (USA, opt-in, zero-retention API) - Anthropic: LLM inference for hosted ɳClaw (USA, opt-in, zero-retention API) - Groq: LLM inference for hosted ɳClaw (USA, opt-in)
We notify cloud.nself.org users by email at least 30 days before adding a new sub-processor. You may object within 30 days of notification by contacting privacy@nself.org.
We do not sell personal data to any third party. We do not share data with advertisers.
---

6. Cookies
We use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.
---

7. AI-Specific Disclosures
This section applies to users of hosted AI services (ɳClaw at claw.nself.org, AI features in task.nself.org, and any future AI-powered ɳSelf services).
### Model providers
We use the following third-party model providers for AI inference:
- OpenAI (GPT-4, GPT-4o) : via zero-retention API - Anthropic (Claude) : via zero-retention API - Groq (Llama, Mixtral) : fast inference - Self-hosted models (Llama via Ollama) : no external data transfer
### Training data policy
We do not train on your data. Your prompts, responses, uploaded files, and memory graphs are never used to train any model, whether ours or a third party's. All third-party providers are configured with zero-retention / no-training API settings where available.
### Opt-out of third-party providers
You can disable third-party model providers entirely and use only self-hosted models. In the hosted ɳClaw settings, set your preferred provider to "Self-hosted only." This means your prompts never leave our servers (Hetzner, Germany).
### Data handling for AI features
- Prompts and responses are retained per your account settings. Default: 90 days for cloud users. You can change this to any duration or set it to "delete immediately after response." - Embeddings are stored in your database partition for semantic search and memory features. They are deleted when you delete the source content. - Memory graph (topics, entities, decisions) is derived from your conversations and stored in your partition. You can view, edit, and delete any memory entry. - Uploaded files are processed in memory, stored in your object storage bucket, and deleted when you remove them.
### Automated decision-making
The AI features in ɳSelf do not make automated decisions with legal or similarly significant effects on you. The AI is a tool that assists you. You control what it remembers and what it forgets.
---

8. Your Rights Under GDPR
If you are in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:
- Access (Art. 15) : Request a copy of your personal data - Rectification (Art. 16) : Correct inaccurate data - Erasure (Art. 17) : Request deletion of your data ("right to be forgotten") - Restriction (Art. 18) : Restrict processing in certain circumstances - Data portability (Art. 20) : Receive your data in a machine-readable format - Objection (Art. 21) : Object to processing based on legitimate interest - Withdraw consent (Art. 7(3)) : Withdraw consent at any time for consent-based processing - Automated decisions (Art. 22) : Not be subject to solely automated decision-making (not applicable; see Section 7)
To exercise any right, email privacy@nself.org or use the self-service tools in your account settings. You can also export your data via `P1 account export` (CLI) or the cloud dashboard. We respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority.
---

9. Your Rights Under CCPA
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: What personal information we collect, use, and disclose - Right to delete: Request deletion of your personal information - Right to opt-out of sale: We do not sell your personal information. There is nothing to opt out of. - Right to non-discrimination: We will not discriminate against you for exercising your rights
To exercise your rights, email privacy@nself.org with the subject "CCPA Request."
---

10. Children's Privacy
ɳSelf services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, contact privacy@nself.org and we will delete it promptly.
Users aged 13-17 may use ɳSelf services with parental consent. See our Terms of Service for the age gate requirements.
---

11. International Data Transfers
Our primary data processing occurs in the EU (Hetzner, Falkenstein, Germany). For sub-processors located outside the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs): EU Commission Implementing Decision 2021/914, Module 2 (controller-to-processor) - UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs for UK transfers - EU-US Data Privacy Framework (DPF) certification where available (Stripe, Cloudflare)
See our [Data Processing Agreement](/legal/dpa) for full details, including the SCC annexes and sub-processor transfer mechanisms.
---

12. Changes to This Policy
We may update this policy from time to time. For material changes, we will:
- Email registered users at least 30 days before the change takes effect - Post a notice on nself.org - Update the version number and effective date at the top of this page
Minor clarifications (typos, formatting) do not trigger notification.
### Version History
| Version | Date | Changes | |---------|------|---------| | 1.2 | 2026-05-11 | Added §2 subsections for v1.1.0 telemetry event types (with per-event field table) and ɳFamily special-category data enumeration (medical, biometric, genetic, children's). Added Art. 9(2)(a) row to §3 lawful basis table. | | 1.1 | 2026-05-07 | Added §2a: v1.1.0 event types (bundle purchases, ClawDE activation, nSentry plugin install, anonymous install counter, nFamily special-category data). Expanded §3 lawful basis table with Art. 9 consent row. Updated §10 Children's Privacy with COPPA age gate detail. | | 1.0 | 2026-04-18 | Initial policy |
---

13. Contact
- Privacy inquiries: privacy@nself.org - Postal address: ɳSelf, LLC, 8 The Green, Suite A, Dover, Delaware 19901, USA - EU representative: To be appointed when Art. 27 GDPR threshold is reached (see Section 1) - Data Protection Officer: Not currently required; ɳSelf does not carry out large-scale systematic monitoring or large-scale processing of special category data. This will be reviewed annually.
For general questions about ɳSelf, see our [Contact](/contact) page.
---

14. Related Documents
- [Sub-Processor List](/legal/subprocessors): All third parties that process data on our behalf - [Compliance](/legal/compliance): Security controls, compliance framework posture, and what we provide to self-hosters - [Data Processing Agreement](/legal/dpa): GDPR DPA with SCCs for cloud customers - [Cookie Policy](/legal/cookies): Full cookie audit table and preference controls

# Privacy Policy

**Version:** 1.2 **Effective date:** April 18, 2026 **Last updated:** May 11, 2026

---

1. Who We Are
ɳSelf ("we", "us", "our") operates the nself.org website and related services. ɳSelf is a Delaware LLC.
- Privacy contact: privacy@nself.org - Postal address: ɳSelf, LLC, 8 The Green, Suite A, Dover, Delaware 19901, USA - EU representative: To be appointed when the volume of EEA user processing triggers the Art. 27 GDPR threshold. Current primary data processing occurs in the EU (Hetzner, Germany), which reduces cross-border transfer exposure.
This policy covers all ɳSelf-operated surfaces: nself.org, docs.nself.org, install.nself.org, api.nself.org, ping.nself.org, cloud.nself.org, chat.nself.org, claw.nself.org, task.nself.org, base.nself.org, and billing and email services. ntv.nself.org is planned and not yet live; it will be covered by this policy once launched.
Self-hosted ɳSelf instances are NOT covered by this policy. If you run ɳSelf on your own infrastructure, you are the data controller for your users. We have no access to your data. The only external call the CLI makes (if telemetry is enabled) is to ping.nself.org. You can disable this entirely with `nself config set telemetry false`.
---

2. Data We Collect
### Account Data
When you create an account on cloud.nself.org or task.nself.org, we collect:
- Email address - Display name (optional) - Hashed password (bcrypt, never stored in plaintext) - Stripe customer ID (for paid plans) - License key hash (for plugin access validation)
### Usage Data (Telemetry)
If you enable telemetry in the ɳSelf CLI (`nself config set telemetry true`), we collect:
- CLI version, OS, and architecture - Command names (never arguments or content) - Install success/failure status - Opt-in error reports (stack traces with PII redacted) - Per-install UUID (rotatable via `nself config reset telemetry-id`)
Telemetry is off by default. The per-install UUID is not linked to your account unless you explicitly opt in.
### Billing Data
For paid plans, Stripe processes your payment. We receive and store:
- Last 4 digits of your payment method - Billing country and tax region - Invoice history and subscription status
We never receive or store your full card number (PAN). All payment processing is handled by Stripe (PCI DSS Level 1 certified).
### Support Data
When you contact support or file a bug report, we collect:
- Ticket contents and attached logs - Email address used for correspondence
### AI-Specific Data (Hosted ɳClaw at claw.nself.org)
If you use the hosted ɳClaw service, we process:
- Prompts and responses - Embeddings generated from your conversations - Memory graph (topics, entities, decisions extracted by the AI) - Files you upload for AI processing
This data is stored in your dedicated database partition and is never shared with other users. See Section 7 for AI-specific disclosures.
### v1.1.0 Event Types (Telemetry — opt-in)
When telemetry is enabled, v1.1.0 added the following discrete event types sent to ping.nself.org:
| Event | Fields | Not collected | Opt-out | |-------|--------|---------------|---------| | `install_completed` | CLI version, OS, arch, duration, success flag | No content, no paths | `nself config set telemetry false` | | `bundle_purchase` | Bundle name, tier (not price), country code | No payment details, no name | Same | | `clawde_activated` | Platform (desktop/mobile), CLI version | No files, no prompts | Same | | `nsentry_plugin_install` | Plugin name within ɳSentry bundle, CLI version | No server details | Same | | `license_validate` | License tier, domain hash (one-way), CLI version | No actual domain, no key | Not opt-outable (required for license enforcement); can disable telemetry globally |
Per-install UUID is rotatable at any time via `nself config reset telemetry-id`. None of these events include personal data, file paths, or content.
### ɳFamily Special-Category Data
ɳFamily is a self-hosted application. When you run ɳFamily on your own server, all data — including the following special categories — is stored exclusively in your database. ɳSelf never receives or processes it.
Data we classify as special-category under GDPR Article 9 within the ɳFamily app:
| Category | What it covers | Default state | |----------|---------------|---------------| | Medical history | Allergies, conditions, medications, surgeries, vaccinations on family member profiles | Off — explicit consent required | | Biometric data | Facial geometry, fingerprint references, voice prints from photos or in-app identification | Off — explicit consent required | | Genetic data | DNA results, hereditary markers, genetic disease information in family tree entries | Off — explicit consent required | | Children's data (COPPA / GDPR Art. 8) | Any profile data belonging to a user under 13 (US) or 16 (EU/EEA) | Off — verifiable parental consent required |
Legal basis for processing: GDPR Article 9(2)(a) — explicit consent of the data subject. Each category requires a separate opt-in action and is recorded with a timestamped audit trail. Consents expire annually and must be re-affirmed. You can revoke any consent at any time, triggering immediate deletion of stored data in that category.
---

3. Purposes and Lawful Bases
| Purpose | Data used | Lawful basis (GDPR Art. 6) | |---------|-----------|---------------------------| | Provide the service you signed up for | Account, usage, AI data | Performance of contract (Art. 6(1)(b)) | | Process payments and manage subscriptions | Billing data | Performance of contract (Art. 6(1)(b)) | | Detect and prevent fraud and abuse | IP addresses, usage patterns | Legitimate interest (Art. 6(1)(f)) | | Product improvement via analytics | Anonymized telemetry (opt-in only) | Consent (Art. 6(1)(a)) | | Send transactional emails (password reset, billing) | Email address | Performance of contract (Art. 6(1)(b)) | | Comply with tax and legal obligations | Billing records, account data | Legal obligation (Art. 6(1)(c)) | | Send newsletter (opt-in only) | Email address | Consent (Art. 6(1)(a)) | | Store special-category health / biometric / genetic data in ɳFamily (self-hosted) | Medical history, biometric, genetic data | Explicit consent (GDPR Art. 9(2)(a)) |
We do not sell your data. We do not share it with advertisers. We do not use it for training AI models.
---

4. Retention Schedule
| Data type | Retention period | Justification | |-----------|-----------------|---------------| | Account data | Until you delete your account + 30-day grace period | Service continuity | | Billing records | 7 years after last transaction | Tax law compliance | | Application logs | 90 days hot storage, 1 year cold storage | Debugging, security | | Telemetry data | 24 months rolling | Product improvement | | Database backups | 35 days, then purged | Disaster recovery | | AI memory (hosted ɳClaw) | User-controlled; default retain until user deletes | User preference | | AI prompts/responses (hosted) | Configurable; default 90 days for cloud users | Service operation | | Support tickets | 3 years after resolution | Quality assurance |
When you delete your account, we initiate a deletion cascade. After the 30-day grace period, all your data is permanently removed from active systems. Backups containing your data are purged within 35 days. See our [Right to Delete](/legal/right-to-delete) documentation for the full cascade.
---

5. Sharing and Sub-Processors
We share data with third-party service providers ("sub-processors") only as necessary to operate our services. See our [Sub-Processor List](/legal/subprocessors) for the current list, which includes:
- Hetzner: Server hosting (Germany) - Vercel: Frontend hosting (global CDN) - Cloudflare: DNS and DDoS protection (global) - Stripe: Payment processing (USA) - Elastic Email: Transactional email (EU) - OpenAI: LLM inference for hosted ɳClaw (USA, opt-in, zero-retention API) - Anthropic: LLM inference for hosted ɳClaw (USA, opt-in, zero-retention API) - Groq: LLM inference for hosted ɳClaw (USA, opt-in)
We notify cloud.nself.org users by email at least 30 days before adding a new sub-processor. You may object within 30 days of notification by contacting privacy@nself.org.
We do not sell personal data to any third party. We do not share data with advertisers.
---

6. Cookies
We use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.
---

7. AI-Specific Disclosures
This section applies to users of hosted AI services (ɳClaw at claw.nself.org, AI features in task.nself.org, and any future AI-powered ɳSelf services).
### Model providers
We use the following third-party model providers for AI inference:
- OpenAI (GPT-4, GPT-4o) : via zero-retention API - Anthropic (Claude) : via zero-retention API - Groq (Llama, Mixtral) : fast inference - Self-hosted models (Llama via Ollama) : no external data transfer
### Training data policy
We do not train on your data. Your prompts, responses, uploaded files, and memory graphs are never used to train any model, whether ours or a third party's. All third-party providers are configured with zero-retention / no-training API settings where available.
### Opt-out of third-party providers
You can disable third-party model providers entirely and use only self-hosted models. In the hosted ɳClaw settings, set your preferred provider to "Self-hosted only." This means your prompts never leave our servers (Hetzner, Germany).
### Data handling for AI features
- Prompts and responses are retained per your account settings. Default: 90 days for cloud users. You can change this to any duration or set it to "delete immediately after response." - Embeddings are stored in your database partition for semantic search and memory features. They are deleted when you delete the source content. - Memory graph (topics, entities, decisions) is derived from your conversations and stored in your partition. You can view, edit, and delete any memory entry. - Uploaded files are processed in memory, stored in your object storage bucket, and deleted when you remove them.
### Automated decision-making
The AI features in ɳSelf do not make automated decisions with legal or similarly significant effects on you. The AI is a tool that assists you. You control what it remembers and what it forgets.
---

8. Your Rights Under GDPR
If you are in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:
- Access (Art. 15) : Request a copy of your personal data - Rectification (Art. 16) : Correct inaccurate data - Erasure (Art. 17) : Request deletion of your data ("right to be forgotten") - Restriction (Art. 18) : Restrict processing in certain circumstances - Data portability (Art. 20) : Receive your data in a machine-readable format - Objection (Art. 21) : Object to processing based on legitimate interest - Withdraw consent (Art. 7(3)) : Withdraw consent at any time for consent-based processing - Automated decisions (Art. 22) : Not be subject to solely automated decision-making (not applicable; see Section 7)
To exercise any right, email privacy@nself.org or use the self-service tools in your account settings. You can also export your data via `P1 account export` (CLI) or the cloud dashboard. We respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority.
---

9. Your Rights Under CCPA
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: What personal information we collect, use, and disclose - Right to delete: Request deletion of your personal information - Right to opt-out of sale: We do not sell your personal information. There is nothing to opt out of. - Right to non-discrimination: We will not discriminate against you for exercising your rights
To exercise your rights, email privacy@nself.org with the subject "CCPA Request."
---

10. Children's Privacy
ɳSelf services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, contact privacy@nself.org and we will delete it promptly.
Users aged 13-17 may use ɳSelf services with parental consent. See our Terms of Service for the age gate requirements.
---

11. International Data Transfers
Our primary data processing occurs in the EU (Hetzner, Falkenstein, Germany). For sub-processors located outside the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs): EU Commission Implementing Decision 2021/914, Module 2 (controller-to-processor) - UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs for UK transfers - EU-US Data Privacy Framework (DPF) certification where available (Stripe, Cloudflare)
See our [Data Processing Agreement](/legal/dpa) for full details, including the SCC annexes and sub-processor transfer mechanisms.
---

12. Changes to This Policy
We may update this policy from time to time. For material changes, we will:
- Email registered users at least 30 days before the change takes effect - Post a notice on nself.org - Update the version number and effective date at the top of this page
Minor clarifications (typos, formatting) do not trigger notification.
### Version History
| Version | Date | Changes | |---------|------|---------| | 1.2 | 2026-05-11 | Added §2 subsections for v1.1.0 telemetry event types (with per-event field table) and ɳFamily special-category data enumeration (medical, biometric, genetic, children's). Added Art. 9(2)(a) row to §3 lawful basis table. | | 1.1 | 2026-05-07 | Added §2a: v1.1.0 event types (bundle purchases, ClawDE activation, nSentry plugin install, anonymous install counter, nFamily special-category data). Expanded §3 lawful basis table with Art. 9 consent row. Updated §10 Children's Privacy with COPPA age gate detail. | | 1.0 | 2026-04-18 | Initial policy |
---

13. Contact
- Privacy inquiries: privacy@nself.org - Postal address: ɳSelf, LLC, 8 The Green, Suite A, Dover, Delaware 19901, USA - EU representative: To be appointed when Art. 27 GDPR threshold is reached (see Section 1) - Data Protection Officer: Not currently required; ɳSelf does not carry out large-scale systematic monitoring or large-scale processing of special category data. This will be reviewed annually.
For general questions about ɳSelf, see our [Contact](/contact) page.
---

14. Related Documents
- [Sub-Processor List](/legal/subprocessors): All third parties that process data on our behalf - [Compliance](/legal/compliance): Security controls, compliance framework posture, and what we provide to self-hosters - [Data Processing Agreement](/legal/dpa): GDPR DPA with SCCs for cloud customers - [Cookie Policy](/legal/cookies): Full cookie audit table and preference controls

6. Cookies
We use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.
---

Version history

6. Cookies
We use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.
---

Version history

6. CookiesWe use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.---

Version history

6. CookiesWe use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.---

Version history

6. Cookies
We use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.
---

6. Cookies
We use a minimal set of cookies. See our [Cookie Policy](/legal/cookies) for the full audit table, categories, and how to manage your preferences.
---