Nessi Text Nessi
Legal · Effective May 26, 2026

Privacy Policy.

Nessi is built to be private by default. We don't make money from advertisers, we don't sell your messages, and we don't ask for an account. This page explains — in plain English — what we collect, what we don't, and who can see what.

The short version

What you need to know.

The rest of this page backs each of these up in detail. If you only read this section, you'll still have the complete picture.

No account, no signup

Your phone number is the only thing identifying you. No email, no password, no profile to fill out.

Conversations stay private

Messages go to Anthropic under their API terms. We don't sell them, share them, or train ad models on them.

No ads, no tracking

Nessi makes nothing from advertisers. Recommendations are what we'd recommend a friend — not what pays the most.

Text STOP to leave

Reply STOP at any time and your conversation history and profile are deleted. No retention games.

1. Who we are

Nessi is published by Bubl, a sole proprietorship based in the United States ("we," "us," "our"). "You" means the person texting Nessi or visiting nessi.chat.

For any privacy question, request, or complaint: support@bublcx.com. A real person reads everything sent to that address.

2. Information we collect

Nessi only collects what's needed to text you back and remember you between conversations. The following is a complete list of information we (or a service provider acting on our behalf) receive:

  • Your phone number. Required — it's the only way Nessi can text you back. We store it in our database in a one-way hashed form (so it can't be reversed) plus an encrypted form (so we can re-deliver replies). We don't have your name, your email, your address, or any other identifier unless you choose to tell Nessi during a conversation.
  • Your messages and the assistant's replies. Stored so Nessi can remember context across conversations. Sent to the AI provider that generates each reply (see section 3). Not used for advertising, not sold, not shared with third parties beyond the providers listed below.
  • A small profile and memory file. When Nessi learns useful things about you ("prefers vegan products," "buys gifts in June") it saves a structured profile and a short notes file so future conversations don't make you repeat yourself. You can ask Nessi to forget any of it at any time, or text STOP to delete everything.
  • Images you send. If you text Nessi a photo (for example, "find me this product"), the image is downloaded from the SMS provider's temporary URL, resized, and sent to an image-recognition model so Nessi can describe what's in it. We keep a short text description; the image file itself is discarded.
  • Operational logs. Standard hosting logs (timestamps, request IDs, error traces) plus an audit log of events like "message received," "reply sent," "memory saved." These are retained briefly for debugging and abuse prevention; they do not include the content of your messages.
  • Support email. If you email us, we see what you send. We keep it only as long as we need it to help you.

That list is exhaustive. We don't collect your contacts, your location, your browsing history, or anything else beyond what you put into a message to Nessi.

3. How AI is used

Every reply Nessi sends is generated by a large language model. We use commercial AI APIs rather than running models ourselves. When you text Nessi, the contents of the conversation (your messages and the assistant's prior replies) are sent to the AI provider so the model can produce the next reply.

The providers Nessi uses are:

  • Anthropic (Claude). Generates the conversational replies. We send your conversation under Anthropic's commercial API terms, which state that API inputs and outputs are not used to train their models.
  • Firecrawl. Used to search the web and fetch product pages on your behalf when Nessi looks something up. Firecrawl sees the search query that Nessi generates (which may paraphrase what you asked for) and the URLs it fetches. Firecrawl does not see your phone number or your raw conversation.
  • Image-recognition model. When you send a photo, the image is sent to an image-recognition model (currently provided by Anthropic) so Nessi can describe what's in it. The same data-handling terms apply.

We do not share your data with these providers for advertising or marketing purposes — only for the technical purpose of generating the reply you asked for.

4. SMS delivery

Text messages reach Nessi through an SMS provider, which acts as the carrier between your phone and our servers:

  • Sendblue. Our SMS / iMessage provider. Sendblue sees your phone number, the contents of every message you send to Nessi, and every reply Nessi sends back — this is unavoidable for any SMS-based service. They process this data under their own privacy policy. Your mobile carrier also sees that messages are being exchanged with our number, the same as any other text.

Note on attachments: when you send an image, Sendblue temporarily hosts it and gives us a URL to download it. The image is publicly accessible at that URL for the duration of Sendblue's retention window (typically about 30 days) before being deleted on their side.

5. Hosting and storage

Nessi runs on:

  • Cloudflare. Hosts our application (Cloudflare Workers), stores conversation history and your profile (Cloudflare D1, a SQLite-compatible database), stores your memory notes and any uploaded image bytes (Cloudflare R2 object storage), and serves this website (Cloudflare Pages). Cloudflare can technically see what passes through and what's stored, the same way any cloud provider can — they process this data under their own privacy policy and do not use it for advertising.

6. What we don't do

For clarity, here is a list of things Nessi does not do, that other "free" services sometimes do:

  • We do not sell your data to anyone.
  • We do not show you ads. We don't have an ad product.
  • We do not take undisclosed money from merchants to recommend their products. If a recommendation contains an affiliate link, this page will say so before any such links go live.
  • We do not use your conversations to train AI models. Neither do we, nor do the AI providers we use (under their commercial API terms).
  • We do not embed analytics, tracking pixels, advertising SDKs, or cookies on this website.
  • We do not contact you outside of replying to texts you sent us. No marketing emails, no win-back drips.

7. Your rights

Depending on where you live, you may have rights under the General Data Protection Regulation (GDPR, EU/UK), the California Consumer Privacy Act (CCPA/CPRA), or a similar law. These typically include the right to:

  • Know what personal information we hold about you;
  • Request a copy, correction, or deletion of that information;
  • Object to or restrict certain processing;
  • Withdraw consent at any time; and
  • Lodge a complaint with your local data protection authority.

To exercise any of these, either text STOP to the Nessi number (instant deletion of your conversation history and profile) or email support@bublcx.com from a verified address and tell us what you want done. We will respond within 30 days.

We do not sell your personal information and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.

8. Children

Nessi is not directed to children under 13, or under the equivalent age of digital consent in your jurisdiction (16 in parts of the EU and the UK). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact support@bublcx.com and we will delete it.

9. Security

Our primary security measure is minimization: by not collecting an account, an email address, a payment method, or any data beyond what you choose to share inside a message, the amount of information an attacker could obtain from us is inherently small.

For the data we do hold: phone numbers are stored as a one-way hash plus an encrypted reversible form (separate keys); message history and profile are stored in Cloudflare D1; memory notes and any image bytes are stored in Cloudflare R2 with access scoped to our application. We rely on Cloudflare's security program for the underlying infrastructure. No system is perfectly secure, and we cannot guarantee absolute security of any information.

10. International users

The publisher is based in the United States. The SMS number is a US number. If you text Nessi from outside the United States, the information we hold may be processed in the United States or in other countries where our service providers operate. Where required, we rely on the standard contractual clauses or equivalent transfer mechanisms offered by those providers.

11. Changes to this policy

We may update this policy from time to time. Minor edits (clarifying wording, fixing typos, updating a link) take effect when posted. Any material change — for example, adding a new type of data collection, or weakening one of the core privacy guarantees in the summary above — will be announced on this page at least 30 days before it takes effect, and the effective date below will be updated.

12. Contact

For any question about this policy, to exercise a privacy right, or to tell us you think we're doing something wrong, email support@bublcx.com.

Effective May 26, 2026. Last updated May 26, 2026.