Privacy

Last updated June 9, 2026

Short version: this is a marketing site for an app that helps people quit nail biting. We use privacy-friendly analytics to learn what's working, and we store your email if you join the waitlist. We don't sell your data, we don't run ad-tracking, and we don't try to figure out who you personally are. Here's the detail.

What we collect

  • Usage analytics. Pages you visit, clicks on the waitlist buttons, how far down a page you scroll, and which copy variant you saw in an A/B test. These are tied to a random, anonymous ID — not your name.
  • Approximate location. Your country and city, derived from your IP address. We use it to understand where interest is coming from and to decide whether to show you the consent banner. We don't store a precise location.
  • Device and source. Browser, operating system, device type, the page that referred you, and any campaign tags (UTMs) on the link you arrived through.
  • Session replays. On a sample of visits we record an anonymized playback of the page to spot confusing flows. Every input field is masked — anything you type, including your email, is never recorded in readable form.
  • Your email — only if you give it. If you join the waitlist, we store the address you enter, plus where on the site you signed up and whether you ticked the "email me product updates" box.

Why we collect it, and the legal basis

  • Analytics, location, device, replays exist to make the product and this site better — nothing more. For visitors in the EU, EEA, and UK, we collect these only with your consent (the banner). Everywhere else, we rely on our legitimate interest in understanding and improving the site, and you can opt out at any time below.
  • Your waitlist email is stored to do exactly one thing: tell you when early access opens. That's our legitimate interest in launching to the people who asked. Ongoing product-update emails go out only if you ticked the box — that part is consent, and every email has an unsubscribe link.

Who processes it

We keep the list of companies that touch your data short:

  • PostHog — product analytics and session replay, hosted in the United States. We route it through our own domain and transfers are covered by Standard Contractual Clauses. We've turned off data sharing and selling, and we don't link analytics to your identity.
  • Supabase — stores the waitlist. Your email sits in a database that only we can read.
  • Cloudflare — serves the site and provides the approximate-location lookup at the edge.

How long we keep it

Analytics data follows PostHog's standard retention — we don't extend it. Your waitlist email stays until launch, until you ask us to remove it, or until we decide not to launch and delete the list — whichever comes first.

Your rights

Wherever you live, you can ask us to show you the data we hold about you, correct it, delete it, or hand it over in a portable form — and if you're in the EU/EEA/UK, to restrict or object to how we use it. Email privacy@nonyxa.com and we'll take care of it. You can also withdraw analytics consent any time using the control below; withdrawing won't affect anything we did while it was on.

Cookies and storage

  • Consent choice — a small value in your browser's local storage remembering whether you accepted or rejected analytics, so we don't ask again. Strictly necessary; always present.
  • PostHog analytics cookies — set only after you accept (or, outside the EU/EEA/UK, unless you opt out). They hold the anonymous ID and feature-flag assignments that make the analytics above work.

Changes

If we change how we handle your data in a meaningful way, we'll update this page and ask for your choice again where the law requires it.

Your analytics choice

Checking your current setting…