The controller responsible for processing personal data under the GDPR is:

Nura AI is a productivity app that helps you plan tasks, organize schedules, and improve focus. Depending on your version and settings, the app may support features such as:

• Task and schedule creation (e.g., “to‑dos”, reminders, focus sessions).
• Cloud sync across devices (optional, when you sign in).
• AI-assisted features (optional) such as turning text into tasks and suggestions for planning.

This policy applies to the Nura AI app and to our legal/support pages.

A) Account & authentication data

• Email address (if you use email sign-in or contact support).
• Apple Sign In / Google Sign In identifiers (technical IDs used for login).
• Optional profile information you enter (e.g., display name).

B) Your content in the app

• Tasks, reminders, goals, notes, schedules, and similar content you create.
• Preferences and settings (e.g., focus timer settings, app preferences).

C) Sync & technical data

• Identifiers needed to keep your account and synced data consistent (e.g., internal user ID).
• Basic device/app information for troubleshooting (e.g., app version, approximate device model, operating system version).
• Security-related logs (e.g., authentication events), to prevent abuse and protect accounts.

D) Subscription & purchase data

• Subscription status and entitlements (active/inactive; product identifiers).
• Transaction references needed to verify premium access.
• Payments are processed by Apple (App Store) or Google (Play Store). We do not receive full payment card details.

E) Support communications

• If you contact support, we process the information you send (message content, email address, attachments).

Depending on the features you use, Nura AI may request certain device permissions. You can control permissions in your device settings at any time.

• Notifications (optional) — to send reminders and focus timer alerts.
• Calendar access (optional, if enabled) — to read/write calendar entries you choose to sync or create.
• Network access — to sync data and deliver AI responses.

Nura AI may offer AI features (e.g., converting text into tasks, scheduling suggestions, or Q&A). AI requests are processed by external providers.

Which AI models are used?

• We use AI models provided by OpenAI and Google (e.g., GPT-family and Gemini-family).
• The exact model can change over time (quality, cost, and safety reasons).

Where does processing happen?

• AI processing happens on external servers operated by those providers (not on-device).

What data is transmitted for AI requests?

• Your prompt / message.
• Only the minimum relevant context needed for the feature (for example: selected task text, selected schedule items).
• Technical metadata required to deliver the response (basic request logs).

What we do not intentionally send

• Your entire database/export.
• Payment card details (we never have them).

We process personal data for:

• Providing and operating core app features (accounts, syncing, settings).
• Authenticating users and securing accounts.
• Validating subscriptions and providing premium access.
• Providing support and responding to requests.
• Maintaining security, preventing abuse, and troubleshooting.

Legal bases

• Art. 6(1)(b) GDPR — performance of a contract (providing the app features you request).
• Art. 6(1)(f) GDPR — legitimate interests (security, abuse prevention, service improvement).
• Art. 6(1)(c) GDPR — legal obligations (if applicable).
• Art. 6(1)(a) GDPR — consent (only where required for optional features).

We share data only when needed to run the app and deliver the features you use.

Typical providers used by Nura AI

• Supabase — authentication and database hosting (account + synced app content).
• RevenueCat — subscription and entitlement verification (premium access).
• Apple / Google — purchase processing in the App Store / Play Store and optional sign-in.
• OpenAI / Google — AI processing when you use AI features.

Depending on provider infrastructure and configuration, processing may occur in the EU/EEA or in other countries. Where required, we rely on appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses).

We apply reasonable technical and organizational measures to protect your data, including:

• Encrypted transport (HTTPS/TLS).
• Authentication and access controls.
• Data minimization (collect only what is needed).

We retain data only as long as necessary for the purposes described:

• Account data and synced content: while your account is active.
• Support emails: as needed to resolve issues and maintain support history.
• Some records may be retained if required by law (e.g., accounting-related documentation).

If you are located in the EU/EEA, you have the right to:

• Access your personal data.
• Correct inaccurate data.
• Request deletion (where applicable).
• Restrict processing.
• Data portability.
• Object to processing based on legitimate interests.
• Withdraw consent at any time (if processing is based on consent).

To exercise your rights, contact support@nura-ai.app.

If available in your app version, you can delete your account via Settings → Delete Account. If you cannot access the app, request deletion via email at support@nura-ai.app.

The app is not intended for children under the age required to consent to data processing under applicable law. In Germany, this age may be 16 in certain cases. If you believe a child provided personal data, contact us.

When you visit these legal/support pages, our hosting provider may process basic server logs (e.g., IP address, timestamp, requested page) to deliver the website and protect against abuse.

We may update this policy from time to time. We will publish the updated version on this page and update the “Last updated” date.

If you have questions about this policy, contact: