NYS · nyscuration.com

Privacy Policy

Last updated: May 26, 2026

We built NYS around a single principle: that your inner life is yours. This document reflects that. It is written plainly, without evasion, because your trust is the only currency that matters to us.

01

Who We Are

NYS Curation (“NYS,” “we,” “our”) operates the nyscuration.com website and the NYS iOS application. We are the sole data controller for all personal information described in this policy.

If you have any question this document does not answer, write to us directly: curator@nyscuration.com

02

What We Collect — and Nothing More

We collect two categories of information, each serving a specific and disclosed purpose. We do not collect anything beyond what is listed here.

Waitlist & Communication Data

When you submit your email address through our waitlist form at nyscuration.com, we record:

Your email address — used solely to deliver your beta invitation and, if applicable, occasional product updates you have opted into by signing up.

Submission timestamp — a server-generated record of when the entry was created, used for queue ordering.

Entry source — a single internal label (e.g., landing_http) identifying which form was used. This is operational metadata, not behavioral tracking.

No name, no phone number, no location, no device fingerprint. Just the address you typed and the time you typed it.

In-App Profile Markers

Inside the NYS application, during onboarding, you may voluntarily provide:

Age bracket — a broad generational range (e.g., 25–34), never a precise date of birth.

Constitutional wellness goal — a self-selected intention that guides which protocols surface in your daily observation ledger.

Both fields are optional. Both exist solely to personalize your experience within the archive. They are never used for advertising segmentation, profiling, or any purpose outside the app itself.

What We Do Not Collect

We do not use advertising SDKs, behavioral trackers, session-replay tools, heatmap software, or third-party analytics libraries. We do not collect biometric data, health records, precise geolocation, or any information from your device beyond what iOS provides to any standard application in standard operation.

03

How Your Data Is Handled

Your information lives within two systems, both operating under strict access controls:

Firebase Cloud Firestore Resend · mail.nyscuration.com

Firebase Cloud Firestore (Google Cloud) — waitlist entries and in-app profile data are stored in our Firestore database, governed by our zero-trust security rules. Reads and writes require authentication. No collection is publicly accessible.

Resend — outbound email is dispatched exclusively through our authenticated sending domain, mail.nyscuration.com, via Resend’s infrastructure. Resend processes your email address solely to deliver the message. They do not store it for their own commercial purposes.

Both providers operate under industry-standard data processing agreements and comply with applicable data protection regulations.

Access to the Firestore database is restricted to the NYS development team using Firebase Admin credentials. No one outside that team can read, export, or modify your record. Our API keys are stored in Firebase Secret Manager and are never committed to source code or exposed publicly.

04

The No-Sale, No-Share Guarantee

NYS Curation does not sell, rent, license, trade, or share your personal data — in any form, for any price, to any party — for advertising, behavioral profiling, or commercial exploitation of any kind.

This is not qualified by carve-outs. It is not hedged by phrases like “trusted partners” or “affiliated networks.” We are not in the data business. We are in the archive business.

The only circumstances under which we would ever disclose your information to a third party are:

Your explicit instruction — e.g., you ask us to transfer your data somewhere.

Legal compulsion — a valid court order or statutory obligation under applicable law. In that event, we will notify you to the extent we are legally permitted to do so.

Business succession — in the event of a merger or acquisition, your data would transfer only to a successor bound by the terms of this policy. You will be notified in advance and given the opportunity to request deletion before any transfer occurs.

That is the complete list.

05

Your Rights

Regardless of where you are in the world, you have the following rights with respect to your personal information. We honor these universally, not jurisdiction by jurisdiction.

Right What it means How to exercise it
Access Receive a copy of every data point we hold about you curator@nyscuration.com
Correction Fix any inaccurate information on record curator@nyscuration.com
Erasure Have your record completely and permanently deleted curator@nyscuration.com
Portability Receive your data in a machine-readable format curator@nyscuration.com
Objection Object to any processing we perform curator@nyscuration.com
Withdrawal Withdraw consent at any time, for any reason curator@nyscuration.com

We will acknowledge your request within 48 hours and complete it within 30 days. No justification required. No bureaucratic friction.

06

How to Disappear Completely

If you want us to erase every trace of your existence from our systems, send one email:

Send to

Subject line: Delete my record

Include the email address associated with your waitlist entry or app account. We will manually purge your waitlist document from Firestore, remove your in-app profile and all associated data, and confirm deletion in writing within 7 business days.

After deletion, your data does not exist in our systems. We do not maintain soft-delete archives, shadow profiles, or backup exports containing identifiable records beyond our standard 30-day automated backup window — after which deleted records are gone from backups as well.

07

Retention

We hold your data only as long as it serves the purpose for which it was collected:

Waitlist entries — retained until your invitation is sent or you request deletion, whichever comes first.

In-app profile data — retained for the life of your account. Deleted within 7 days of an account deletion request.

Email delivery logs — retained per Resend’s standard data policy; we do not control their internal log retention, but your email address is not used by them after delivery.

We do not hold data “just in case.”

08

Children

NYS is designed for adults. We do not knowingly collect personal information from anyone under the age of 13. If you believe a minor has submitted information through our platform, contact us at curator@nyscuration.com and we will delete it immediately.

09

Security

Our security posture is not decorative. Key measures in place:

Firestore security rules enforce strict owner-only access — no user can read another user’s data.

API secrets are stored in Firebase Secret Manager, never in source code.

All data in transit is encrypted via TLS. All data at rest is encrypted by Firebase/Google Cloud infrastructure.

Administrative access requires authenticated credentials. There is no public-facing admin panel.

No system is impenetrable. If we ever discover a breach that affects your data, we will notify you within 72 hours of becoming aware of it.

10

Changes to This Policy

If we change this policy in a material way, we will notify you by email (if you are on our waitlist or have an active account) and update the “Last updated” date at the top of this document. Continued use of the app or website after a material change constitutes acceptance of the revised terms.

Non-material changes — formatting, typo corrections, clarifications that do not alter the substance of our commitments — may be made without notice.

11

Contact

All privacy matters — requests, questions, or concerns — go to one place:

The NYS Curator

curator@nyscuration.com nyscuration.com

We are a small team. You will hear from a human.