NURA
Get Started
Back to Home

Privacy Policy

Last updated: December 3, 2025

At NURA, your privacy is our priority. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered nutrition optimization platform.

Our Commitment

  • We do NOT sell your personal data to third parties
  • We use industry-standard encryption and security measures
  • You have full control over your data and can request deletion at any time

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use NURA, you voluntarily provide us with:

  • Account Information: Email address, name (optional), and authentication credentials
  • Health and Wellness Data:
    • Current weight and goal weight
    • Height, age, and biological sex
    • GLP-1 medication type (e.g., Ozempic, Wegovy, Mounjaro) and dosage
    • Symptoms and side effects you experience
    • Dietary preferences, allergies, and restrictions
    • Activity level and fitness goals
  • Payment Information: When you subscribe to NURA Pro, payment details are collected and processed directly by Stripe. We do not store your full credit card numbers on our servers.

1.2 Information Collected Automatically

When you access our Service, we may automatically collect:

  • Usage Data: Pages visited, features used, meal plans generated, interactions with the platform
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, referring URLs
  • Analytics Data: Through Vercel Analytics for performance monitoring and improvement

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

To generate personalized AI meal plans, calculate macros, and provide nutrition suggestions tailored to your GLP-1 treatment and health goals.

Account Management

To create and manage your account, process subscriptions, and communicate with you about your account status.

Service Improvement

To analyze usage patterns, improve our AI algorithms, enhance user experience, and develop new features.

Communication

To send important updates, respond to inquiries, and provide customer support.

Legal Compliance

To comply with applicable laws, regulations, and legal processes.

3. Data Storage and Security

3.1 Infrastructure Partners

Your data is stored and processed using the following trusted service providers:

Supabase

Our primary database provider. Supabase uses PostgreSQL databases hosted on secure, SOC 2 Type II compliant infrastructure. Data is encrypted at rest and in transit.

Stripe

Our payment processor. Stripe is PCI DSS Level 1 certified, the highest level of certification in the payment industry. We never store your full credit card details.

Vercel

Our hosting platform. Vercel provides secure, globally distributed infrastructure with automatic HTTPS encryption and DDoS protection.

3.2 Security Measures

We implement robust security measures to protect your data:

  • TLS/SSL encryption for all data transmitted between your device and our servers
  • Encryption at rest for stored data
  • Secure authentication using industry-standard protocols
  • Regular security audits and vulnerability assessments
  • Access controls limiting employee access to user data
  • Automatic security updates and patches

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

4. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers (Supabase, Stripe, Vercel) who assist us in operating our Service, subject to confidentiality agreements
  • AI Processing: Anonymized or de-identified data may be used to improve our AI models. This data cannot be traced back to you personally
  • Legal Requirements: When required by law, court order, or governmental authority
  • Protection of Rights: To protect our rights, safety, or property, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate user notification

5. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("Right to be Forgotten"). You can delete your account and all associated data at any time through your account settings
  • Data Portability: Request your data in a portable, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, please contact us at privacy@nura.app. We will respond to your request within 30 days.

6. Health Information Notice

NURA collects health-related information to provide personalized nutrition suggestions. Please note the following:

  • Health data you provide is used solely to generate personalized meal plans and recommendations
  • We are not a covered entity under HIPAA (Health Insurance Portability and Accountability Act) as we do not provide healthcare services
  • Your health information is treated with the same level of protection as all other personal data
  • We do not share your health data with insurance companies, employers, or other third parties
  • You can delete your health data at any time by updating your profile or deleting your account

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: To understand how users interact with our Service (via Vercel Analytics)
  • Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our service providers may have servers located in the United States and other jurisdictions.

When we transfer data internationally, we implement appropriate safeguards to protect your information in accordance with applicable data protection laws.

9. Children's Privacy

NURA is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

10. Data Retention

We retain your personal data for as long as:

  • Your account is active
  • Necessary to provide you with our Services
  • Required to comply with legal obligations
  • Needed to resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except for data we are legally required to retain.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@nura.app.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

  • Right to access, rectify, or erase your personal data
  • Right to data portability
  • Right to restrict or object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes: performance of a contract, legitimate interests, compliance with legal obligations, and your consent.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

NURA Privacy Team

Email: privacy@nura.app

General Support: support@nura.app

We take your privacy concerns seriously and will respond to your inquiry within 30 days.

By using NURA, you acknowledge that you have read and understood this Privacy Policy. We are committed to protecting your privacy and ensuring the security of your personal information.