Privacy Policy

Last updated: March 5, 2026

Nights ("we", "our", "the app") is a premium iOS application that helps you track hotel stays. Your privacy matters deeply to us. This policy explains what data we access, how it's used, and how it's protected.

1. Information We Access

When you sign in with Google, Nights requests access to the following scopes:

• Gmail (read-only) — We scan your inbox for hotel reservation and confirmation emails only. We use keyword-based filtering (e.g., "reservation confirmation", "check-in date") and known hotel sender domains to identify relevant messages. We do not read, store, or process any other emails.
• Google Calendar (read-only) — We read calendar events to detect hotel reservations. We only extract events that match hotel-related patterns.
• Basic profile — Your name and email address, used to identify your account within the app.

2. Email Forwarding

Nights offers an optional email forwarding feature. You can forward hotel confirmation emails to stays@mynightsapp.com. When you do:

• The email is received by our Cloudflare Email Worker and forwarded to a Google Cloud Run function.
• The function matches the sender address to your registered account, parses the hotel details using AI (Google Gemini), and stores the parsed stay data temporarily.
• Your app fetches the parsed data and stores it locally on your device and in your personal iCloud (CloudKit) container.
• The temporary server-side data is automatically deleted after you fetch it.

3. Data Storage & Security

• On-device storage: All hotel stay data (folios) is stored locally on your iPhone using encrypted storage. Sensitive credentials (OAuth tokens, registered emails) are stored in the iOS Keychain with hardware-backed encryption.
• iCloud sync: Your stay data syncs across your devices via your personal CloudKit container. This data is encrypted by Apple and accessible only to you.
• No server-side database of your stays: We do not maintain a permanent copy of your hotel data on our servers. Parsed folios from email forwarding are stored temporarily and deleted after retrieval.
• API key protection: All API keys are restricted to the Nights iOS app bundle identifier and specific Google APIs only.

4. Data We Do NOT Collect

• We do not sell, share, or monetize your personal data.
• We do not use your data for advertising purposes.
• We do not store your Google access tokens on our servers.
• We do not read emails unrelated to hotel reservations.
• We do not track your location for advertising. Location is used only for arrival notifications at your hotel destination, and only when you grant permission.

5. Third-Party Services

Nights uses the following third-party services:

• Google APIs (Gmail, Calendar, Places, Gemini) — Subject to Google's Privacy Policy. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
• Apple CloudKit — Your personal iCloud storage, governed by Apple's Privacy Policy.
• Apple WeatherKit — For destination weather forecasts. No personal data is shared.
• Cloudflare — Email routing and website hosting. Subject to Cloudflare's Privacy Policy.
• Google Cloud Run — Serverless email processing. No persistent user data storage.

6. Google API Services — Limited Use Disclosure

Nights' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve the hotel stay tracking features described in this policy.
• We do not transfer Google user data to third parties except as necessary to provide the app's features, comply with applicable laws, or as part of a merger/acquisition with adequate data protection.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data unless you provide affirmative consent, it is necessary for security purposes, or it is required by law.

7. Data Retention & Deletion

• Your stay data lives on your device and in your iCloud. Deleting the app or signing out removes local data.
• Temporary server-side parsed folios are deleted after your app fetches them, or automatically after 30 days.
• You can revoke Google access at any time in your Google Account permissions.
• To request complete deletion of any data associated with your account, email support@mynightsapp.com.

8. Children's Privacy

Nights is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page.

10. Contact

If you have questions about this privacy policy or your data, contact us at:

support@mynightsapp.com