We built Nuro because we believe thinking is sacred. Your inner world — your fears, dreams, anxieties, and breakthroughs — deserves protection.
Here's a complete, transparent breakdown of exactly how we handle your data.
What We Store
When you record an entry in Nuro, we store:
Audio File
- Your original voice recording
- Encrypted in transit and at rest
- Stored in secure cloud infrastructure
- Accessible only through your authenticated account
Transcript
- Text version of your recording
- Generated by AI transcription
- Searchable within your account
- Encrypted like all other data
Analysis
- AI-generated insights (Nuro's Take, Key Insights, etc.)
- Metadata like categories and keywords
- Brand Identity synthesis (after 5+ entries)
- Action items and summaries
Account Data
- Email address
- Authentication credentials (hashed, not stored in plain text)
- Preferences and settings
- Subscription status
What We Don't Do
This is equally important. We never:
Sell Your Data
To anyone. For any reason. Ever.
We don't have advertising. We don't have data broker relationships. Your information has zero commercial value to third parties through us.
Share With Third Parties
Except for the infrastructure providers listed below, your data is never shared. No partners, no analytics companies, no "trusted affiliates."
Use for AI Training
Your thoughts are not training data. We use OpenAI's API which contractually prohibits using customer data for model training.
Read Your Entries
We don't have a team reviewing your personal thoughts. Your entries are processed by AI and stored encrypted. Humans only access data if legally required (see below).
Monetize Your Insights
We don't aggregate user data for research. We don't create psychological profiles for sale. We don't mine your thoughts for commercial insights.
Our Infrastructure Providers
We use these services to run Nuro. Each has contractual privacy protections:
Supabase (Database & Auth)
- Stores your account and entry data
- SOC 2 Type II certified
- GDPR compliant
- Data encrypted at rest
OpenAI (AI Processing)
- Transcription via Whisper
- Analysis via GPT-4
- API data not used for training
- Data retained max 30 days, then deleted
Cloud Storage (Audio Files)
- Secure, encrypted object storage
- Industry-standard security practices
- Geographic redundancy for reliability
All providers are bound by data processing agreements that protect your information.
Legal Requests
We will only share data if legally compelled — meaning a valid court order or equivalent legal requirement.
If this happens, we will:
- Notify you if legally permitted
- Fight overbroad requests that ask for more than necessary
- Provide minimum data required by the specific order
- Document everything for your records if possible
This has never happened. We're including this for transparency, not because it's a common occurrence.
Deleting Your Data
You have complete control over your data:
Delete Individual Entries
Tap any entry → Delete. This removes:
- The audio file from storage
- The transcript from our database
- All associated analysis
- Any references in your Brand Identity
Deletion is permanent and immediate on our end. AI providers delete their temporary copies within 30 days (standard API retention).
Delete Your Entire Account
Settings → Account → Delete Account. This removes:
- All entries and recordings
- Your Brand Identity
- All account data
- Subscription information
- Everything associated with your account
We may retain anonymized, aggregated analytics (like "X users recorded in January") but nothing personally identifiable.
Export Your Data
Before deleting, you can export all your entries. We believe your data is yours, and you should be able to take it with you.
Security Measures
We implement industry-standard security practices:
Encryption in Transit
All data moving between your phone and our servers uses TLS 1.3 encryption. Nobody can intercept your recordings.
Encryption at Rest
All stored data is encrypted using AES-256. Even if someone accessed our storage directly, your data would be unreadable.
Authentication Security
- Secure password hashing (bcrypt)
- Optional biometric authentication
- Session management and expiration
- Rate limiting on login attempts
Regular Audits
We review our security practices quarterly and update as threats evolve.
Infrastructure Security
Our providers (Supabase, OpenAI) maintain their own robust security programs, including regular penetration testing and compliance certifications.
Your Rights
Depending on your location, you have specific legal rights:
GDPR (European Users)
- Right to access your data
- Right to rectification
- Right to erasure
- Right to data portability
- Right to object to processing
CCPA (California Users)
- Right to know what data is collected
- Right to delete data
- Right to opt-out of sale (we don't sell)
- Right to non-discrimination
All Users
- Delete any entry instantly
- Export your data anytime
- Delete your account completely
- Contact us with privacy questions
Our Philosophy
Privacy isn't a feature — it's a foundation.
We believe:
- Your thoughts are private by default — Not something you opt into
- Transparency builds trust — Hence this detailed breakdown
- Control means actual control — Delete means delete
- Security is ongoing — Not a one-time checkbox
Your inner world is private. We're just the notebook that helps you capture and understand it.
Questions about privacy? Contact us at privacy@nuro.so
Feel confident about your privacy? Start journaling with Nuro →
