Last updated: June 16, 2026 · Effective: June 16, 2026

Privacy Policy

nura exists to help you understand your body — not to harvest it. This policy explains, in plain language, exactly what we collect, where it lives, how it's used, and the control you have. We wrote it to be read.

1. Who we are

nura (the "app," "we," "us," "our") is a period-tracking, education, and AI-companion application operated by Jetrr Inc., a Delaware C corporation. This policy applies to the nura mobile app, the heynura.app website, and related services (collectively, the "Service"). It does not apply to third-party services we link to, which have their own policies.

2. Our privacy principles

• Local-first. Your cycle data is stored on your device by default. Cloud storage is something you opt into, not a default.
• Data minimization. We collect the least we need to make the Service work, and nothing for its own sake.
• No surveillance economy. We do not sell personal data, do not serve ads, do not ad-target on health data, and do not share data with advertisers or data brokers.
• No model training on you. We do not use your personal content or health data to train AI models.
• You're in control. Export or permanently delete your data — including from our servers — at any time.

3. What we collect

3.1 Data you provide

• Cycle & health logs: period start/end dates, flow, moods, symptoms, energy, sleep, pain location/intensity, discharge, sexual activity, medications, and free-text notes you choose to enter.
• Profile & preferences: a name or nickname (optional), your goal/mode, tone & language preferences, average cycle/period length, and notification settings.
• Account (optional): if you create an account for backup/sync, your email address and a securely hashed password.
• ask nura conversations: the messages you send to the AI companion.
• Support communications: anything you email or send us.

3.2 Data collected automatically

• Minimal technical data necessary to operate and secure the Service (e.g., app version, device type, and request metadata for our backend). We aim to keep this to the minimum required and do not build advertising profiles.
• Purchase status from the App Store / our subscription provider (whether you have an active nura+ entitlement). We do not receive your full payment card details — Apple handles billing.

3.3 What we don't collect

We do not collect your contacts, precise location, photos (unless you explicitly attach one to a log), advertising identifiers for ad targeting, or third-party tracking data. We do not embed third-party advertising or analytics-for-ads SDKs.

4. Where your data lives

This is the most important part, so we'll be precise.

• On your device (always). All of your tracking data is stored locally on your device. If you never create an account and never use cloud AI, your cycle data never leaves your phone.
• On our servers (only with an account). If you create an account to back up and sync across devices, we store an encrypted snapshot of your data (your logs, periods, and profile preferences) on our cloud infrastructure, associated with your account. This exists solely to provide backup and sync — never to mine or monetize.
• Deletion. Deleting the app removes local data from that device. Using "delete everything" in Settings wipes your local data and permanently purges your server-side snapshot and account.

5. How we use data

We use your information only to provide and improve the Service:

• Generate predictions, your cycle dashboard, and insights.
• Power ask nura answers (see §6).
• Back up and sync your data across your devices, if you have an account.
• Send the notifications you've enabled.
• Process and validate your nura+ subscription.
• Keep the Service secure, debug problems, and prevent abuse.
• Respond to your support requests.

We do not use your data for advertising, profiling for marketing, or sale.

6. AI features & data (ask nura)

ask nura is the app's AI companion. How your data is handled depends on which path answers you:

6.1 On-device AI (default where available)

On supported devices, ask nura uses an on-device AI model (Apple's Foundation Models). Your question and any cycle context are processed entirely on your device. No conversation content or health data is transmitted to us or any third party to generate the answer.

6.2 Cloud AI (fallback, consent-based)

Where on-device AI isn't available, ask nura can answer through our secure backend, which relays your request to a third-party large-language-model provider over an encrypted connection. In this case:

• We send the text of your question, recent messages in that conversation for continuity, and — only if you've enabled the "share cycle context" consent toggle — minimal cycle context (e.g., cycle day, phase, average length, recent symptoms).
• We do not send your name, email, or account identifiers to the model beyond what is operationally necessary.
• We instruct our LLM provider not to train on your content, and use providers whose terms support this where available.

6.3 What we never do with AI

• We do not train our own or third parties' AI models on your conversations or health data.
• We do not use AI outputs to make automated decisions with legal or similarly significant effects about you.
• nura never provides a medical diagnosis or medication dosing, and always discloses that it is not a substitute for a clinician.

You can disable cycle-context sharing at any time in Settings, and you can delete your chat history. See our ask nura overview for a plain-language summary.

7. Health & sensitive data

The cycle and symptom information you log is sensitive personal data (and "special category" data under GDPR). We treat it accordingly: we process it on the legal basis of your consent and to provide the Service you requested, we minimize what's transmitted, and we never use it for advertising. You may withdraw consent and delete this data at any time.

8. Reproductive privacy commitment

We understand that cycle data can be sensitive in ways that go beyond ordinary privacy. Our commitments:

• Local-first by design means that for users without an account, we simply do not hold your data and have nothing to produce in response to any request.
• We will not voluntarily disclose your personal data to law enforcement or other parties for the purpose of investigating, or supporting the prosecution of, reproductive-health decisions.
• We require valid, legally binding process for any government data request, scrutinize requests for overbreadth, and push back where appropriate.
• Where we are legally permitted, we will notify affected users of government requests for their data.
• You can permanently delete your account and server-side data at any time.

9. HIPAA & regulatory stance

nura is a consumer wellness and education product. We are generally not a "covered entity" or "business associate" under the U.S. Health Insurance Portability and Accountability Act (HIPAA), and we do not represent that the Service is "HIPAA certified." HIPAA therefore does not directly govern our handling of your information.

That said, we voluntarily apply security and privacy safeguards aligned with HIPAA's principles — encryption in transit and at rest, access controls and least-privilege, data minimization, and breach-response practices — and we comply with applicable consumer-privacy laws, including the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA), as described in §14.

10. Sharing & disclosure

We do not sell your personal information and do not "share" it for cross-context behavioral advertising (as those terms are defined under U.S. state privacy laws). We disclose information only:

• To service providers / processors who help us run the Service, under contracts that limit them to our instructions (see §11).
• For legal reasons, where required by valid legal process — subject to the protections in §8.
• In a business transfer (e.g., merger or acquisition), with notice to you and continued protection under a policy at least as protective as this one.
• With your consent, for anything else.

11. Service providers (subprocessors)

We rely on a small set of vetted providers strictly to operate the Service:

We will keep an up-to-date list available on request. Providers act on our instructions and are not permitted to use your data for their own purposes.

12. Data retention

• Local data persists on your device until you delete it or uninstall the app.
• Account & synced data is retained while your account is active. When you delete your account, your snapshot and account record are permanently removed from our active systems promptly, and from routine backups within a limited rolling window.
• ask nura conversations sent to the cloud are processed transiently to generate an answer and are not retained by us to build a long-term profile; you control your in-app history.
• We retain minimal records where required for legal, security, or accounting reasons, for no longer than necessary.

13. Security

We protect your information with industry-standard measures, including encryption in transit (TLS) and at rest, hashed passwords, access controls and least-privilege for our systems, and an optional device-level app lock (Face ID / passcode) you can enable. No method of transmission or storage is 100% secure, but we work hard to protect your data and to respond promptly to any incident.

14. Your rights & choices

Wherever you are, you can:

• Access & export your data (Settings → "export everything").
• Delete everything — local and server-side (Settings → "delete everything").
• Correct your data by editing any log or your profile.
• Withdraw consent for AI cycle-context sharing and notifications at any time.

GDPR / UK GDPR. If you're in the EEA/UK, you have rights to access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority. Our legal bases are your consent (for health data and AI features) and the performance of our contract with you (to provide the Service).

CCPA/CPRA (California). You have rights to know, delete, correct, and limit use of sensitive personal information. We do not sell or "share" personal information for cross-context behavioral advertising, and we do not discriminate against you for exercising your rights.

To exercise any right, use the in-app tools above or contact us at privacy@heynura.app.

15. Children's privacy

nura is intended for users aged 13 and older (and is designed to be appropriate for teens learning about their bodies). We do not knowingly collect personal information from children under 13 (or the minimum age in your jurisdiction). If you believe a child has provided us data, contact us and we will delete it. Minors should review this policy with a parent or guardian.

16. International data transfers

If you use account-based features, your data may be processed in countries other than your own, including the United States. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

17. Changes to this policy

We may update this policy as the Service evolves. We'll revise the "last updated" date and, for material changes, provide a more prominent notice (in-app or by email). Continued use after changes take effect constitutes acceptance.

18. Contact us

Questions, requests, or concerns? Reach our privacy team at privacy@heynura.app, or write to Jetrr Inc., Delaware, USA. If you're in the EEA/UK and we are required to designate one, our representative's contact will be listed here.

This policy is provided for transparency and is not legal advice.