Nuru • Privacy Policy
🧘

Privacy Policy

Effective Date: March 2026 • Last Updated: March 2026 • Nuru Mindfulness

Nuru Mindfulness is committed to protecting your privacy. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your information when you use the Nuru application and related services. By accessing or using the Service, you consent to the practices described in this policy.

📋 Quick Navigation

→ Information We Collect → How We Use Your Information → Legal Basis for Processing → Sharing & Disclosure → Data Security → International Data Transfers → Data Retention → Your Rights & Choices → Children's Privacy → Changes to This Policy → Contact Us

1. Information We Collect

We collect information necessary to provide and improve the Service.

Information You Provide to Us

  • Account Information: When you create an account, we collect your username, email address, and a securely hashed version of your password.
  • Meditation and Mood Data: We collect data related to your use of the Service, including session duration, start and end times, type of meditation, mood entries, and any private notes or reflections you voluntarily provide.

Information Collected Automatically

  • Technical Data: We automatically receive certain information about the device and software you use to access the Service, including your IP address (anonymized for analytics), device type, operating system, and application version.
  • Usage Data: We collect information about your interaction with the Service, such as the features you use and the length of your sessions.

2. How We Use Your Information

  • 🧘
    To provide, maintain, and personalize the Service.
  • 📈
    To develop new features and improve the Service through analysis of aggregated, anonymized trends.
  • 📧
    To communicate with you about your account, including administrative messages, security alerts, and updates.
  • 🔐
    To monitor and protect the security and integrity of the Service, including to prevent fraud and abuse.

4. How We Share Your Information

We do not sell your personal data. Ever.

We may share your information only in the following limited circumstances:

  • Service Providers: We engage trusted third-party vendors to perform functions on our behalf (e.g., cloud hosting, data analytics, email delivery). These entities are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.
  • Legal Obligations: We may disclose information if required to do so by law, such as in response to a valid subpoena, court order, or other governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information. This includes encryption in transit (TLS 1.3) and at rest (AES-256), regular security assessments, and strict access controls. Your personal reflections are private by default and are not accessible by our team unless you explicitly share them for support purposes.

6. International Data Transfers

Your information is primarily stored on servers in Canada. In some cases, it may be processed in other countries, including the United States. When we transfer data outside of your jurisdiction, we ensure appropriate safeguards are in place — such as standard contractual clauses — to provide a level of protection equivalent to the laws of your home country.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. You may delete your account at any time through the Settings menu. Upon deletion, we will permanently erase your personal data from our systems within 30 days. Anonymized data that cannot be used to identify you may be retained indefinitely.

8. Your Rights & Choices

You have the right to:

  • Access & Portability — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate information in your account settings
  • Deletion — delete your account and associated data at any time
  • Objection & Restriction — object to our processing or request we restrict how we use your data

These rights apply under applicable data protection laws, including PIPEDA, Quebec's Law 25, and the GDPR.

To exercise any of these rights, contact us at privacy@nuru.app or use the tools provided in Settings. We will respond in accordance with applicable law.

9. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and within the application, and we will update the "Last Updated" date. Your continued use of the Service after any change constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our privacy team.

📧 privacy@nuru.app