Privacy Policy

Nura ("we", "our", "us") is a personal life operating system that helps you manage time, tasks, goals, learning, and personal growth. This Privacy Policy explains how we collect, use, and protect your information when you use the Nura application at nura-os.app.

Account Information

When you create an account, we collect your email address and display name. If you sign in with Google, we receive your name and email from your Google profile.

User Content

We store the content you create within Nura, including tasks, journal entries, goals, learning paths, ideas, knowledge base items, highlights, time blocks, and focus sessions. This data is stored in our Supabase database with row-level security — only you can access your own data.

Location Data

If you enable prayer time calculations, we store the latitude and longitude you provide (either manually entered or from your device's location). This is used solely to calculate accurate prayer times for your location.

Third-Party Integrations

If you connect Google Calendar, we store encrypted OAuth tokens to read your calendar events. We only request read-only access and never modify your Google Calendar. You can disconnect at any time from Settings.

• To provide and maintain the Nura application
• To display your tasks, journal, goals, and other personal data back to you
• To generate AI-powered insights, patterns, and suggestions via Lume (our AI assistant)
• To calculate prayer times based on your location
• To display your Google Calendar events in the Today timeline (if connected)
• To send push notifications you've opted into (prayer reminders, task alerts)

Nura's AI assistant, Lume, analyzes your usage patterns (task completion, focus sessions, journal mood) to provide personalized insights and suggestions. This analysis is performed server-side using Google's Gemini API. We send anonymized, aggregated summaries of your activity — never raw journal entries or personal content — to the AI model. AI features can be used without sharing any data by relying on rule-based analysis only.

• All data is stored in Supabase (PostgreSQL) with row-level security policies
• Authentication is handled by Supabase Auth with encrypted sessions
• OAuth tokens (Google Calendar) are encrypted with AES-256-GCM before storage
• All connections use HTTPS/TLS encryption in transit
• We do not sell, share, or provide your data to any third parties for advertising

We do not sell your personal data. We share data only with:

• Supabase — database and authentication provider
• Vercel — application hosting
• Google Gemini API — AI analysis (aggregated summaries only)
• Google Calendar API — calendar event reading (only if you connect)
• Aladhan API — prayer time calculation (only coordinates are sent, no personal data)

Nura's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request

• https://www.googleapis.com/auth/calendar.readonly — read-only access to your Google Calendar events, used solely to display them alongside your tasks and time blocks in the Today view.

How we handle Google user data

• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in the application's user interface, comply with applicable law, or as part of a merger, acquisition, or sale of assets with appropriate notice.
• We do not allow humans to read Google user data unless we have your affirmative consent for specific identified data, it is necessary for security purposes (e.g., investigating abuse), it is required for legal compliance, or the data is aggregated and used for internal operations following anonymization in line with the Google API Services User Data Policy.
• We do not use Google user data to determine creditworthiness or for lending purposes.

Storage and revocation

OAuth tokens are encrypted at rest with AES-256-GCM in our Supabase database. Calendar event data is fetched on demand and is not persisted in our database — only the OAuth token used to fetch it is stored. You can revoke Nura's access at any time from Settings → Integrations in the app, or directly from your Google Account permissions.

You have the right to:

• Access — View all your data within the app
• Export — Export your journal, tasks, highlights, and knowledge base from Settings
• Delete — Delete your account and all associated data from Settings
• Disconnect — Revoke any third-party integration at any time

Nura uses essential cookies for authentication (Supabase session cookies) and localStorage for theme preferences and offline functionality. We do not use tracking cookies or third-party analytics cookies. Vercel Analytics collects anonymous, aggregated page view data with no personally identifiable information.

Nura is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

If you have questions about this Privacy Policy or your data, contact us at hello@nura-os.app