Privacy Policy

Effective date: November 1, 2025

This Privacy Policy explains how Nurii (“Nurii”, “the App”, “we”, “us”, or “our”) collects, uses, discloses, and protects information when you use the Nurii application in connection with your Shopify store or other connected integrations. Nurii acts as an automation and AI assistant that connects to your systems and executes tasks under your direction. We process only the data required to provide those features.

Information We Collect

  • Account & Workspace Data: When you sign in with Supabase authentication we receive your user identifier, email address, and any workspace details you choose to store (e.g., company name, company URL).

  • Integration Metadata: When you connect a provider through Nango (Shopify, Klaviyo, Google, HubSpot, QuickBooks, etc.) we store connection identifiers, granted scopes, and status flags. Nurii does not store raw OAuth access tokens; they remain with Nango and are retrieved only when needed to fulfil your request.

  • Synced Business Data: After you authorize an integration, we may sync data exposed by that provider under the scopes you granted. Depending on the provider this can include product catalog information, orders, campaigns, profiles, accounting entities, marketing metrics, and other business records.

  • Customer Information: Synced records may contain customer details (names, emails, shipping/billing addresses, purchase history) or contact metadata provided by your integration.

  • Chat & Automation Content: We store the messages you send, the assistant’s replies, metadata about each automation step, and generated insights. This supports conversation history, workflow resumption, approvals, feedback, and compliance.

  • Attachments & Derived Outputs: Files you upload (images, documents, spreadsheets, etc.) are stored in a private Supabase Storage bucket. We process attachments to create structured outputs (e.g., vision analysis, parsed tables) and retain those outputs with the file so you can reuse them in chat.

  • Operational Logs: We keep lightweight audit logs (e.g., integration lifecycle events, action approvals) to troubleshoot issues, prove execution, and meet legal obligations.

  • Automatically Collected Data: We log standard analytics such as page views, feature usage, and error reports for reliability. We do not run advertising or behavioural tracking.

We do not collect or store full payment card numbers, government IDs, or other highly sensitive personal identifiers.

How We Use Your Data

  • Deliver Nurii’s core functionality, including generating insights, responding to chat prompts, and running automations you approve.

  • Execute provider-specific workflows, such as Shopify analytics queries or Klaviyo sync operations.

  • Maintain session context, memory, and attachment references so the assistant can respond accurately across conversations.

  • Improve reliability, security, and user experience (e.g., debugging issues, monitoring system health, preventing abuse).

  • Satisfy legal, regulatory, or contractual requirements and maintain audit trails for in-app actions.

We do not sell or rent your data. We share data only with subprocessors that help us operate Nurii, and they are contractually bound to use it solely to deliver our services.

AI & Workflow Processing

  • Chat prompts, attachments, and workflow payloads are routed through our backend, which runs a primary agent to produce responses and carry out automations. The agent may call specialised routines (for example, image understanding) when needed.

  • Large language model and vision inference runs on Groq’s API. We send payloads as provided by you; we do not automatically redact personal data. Groq is configured under a zero-data-retention policy (no model training and no retention of request/response content).

  • Semantic memory and retrieval features store vector embeddings and concise summaries in Pinecone. The content you supply is stored as-is without automated masking. Persistent rules and preferences are stored in Supabase.

Data Storage & Security

  • Supabase hosts our Postgres database, authentication, and private object storage. Data is encrypted in transit and at rest.

  • Pinecone stores AI embeddings; Nango manages OAuth tokens; Render and Vercel host our backend and frontend infrastructure.

  • Access to production systems is restricted to essential personnel. We enforce least-privilege access, rate limiting, TLS everywhere, strict CORS rules, webhook signature verification, and detailed audit logging.

  • Logging captures only what is necessary for debugging and compliance; secrets are handled with care, although we do not perform automated PII redaction.

Data Retention

  • When you disconnect an integration from the Nurii dashboard, we immediately revoke access tokens via Nango and delete the associated connection metadata and synced records for that integration from our databases. Minimal audit entries may remain to document that the removal occurred.

  • Conversation history, automation logs, semantic memories, and persistent preferences remain until you delete them or close your account to preserve context for the assistant.

  • Attachments and their derived outputs stay in Supabase Storage until you ask us to remove them or close your account. We are building finer-grained deletion controls; in the meantime, contact support if you need a manual purge.

Your Controls & Deletion

  • You can disconnect any integration from the Nurii dashboard. This revokes access tokens via Nango and automatically deletes the integration’s data from our systems.

  • You can delete chat history—messages, attachments references, agent runs, and memories—from the Settings page or by submitting a support request. Attachments themselves currently require a support-assisted deletion.

  • When we receive a verified deletion request, we erase or anonymise associated Supabase tables, Pinecone embeddings, and stored files. Some audit logs may remain where required for legal or security obligations, but we detach them from personal identifiers whenever possible.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or update your information.

  • Request deletion of your data.

  • Object to or restrict certain processing.

  • Receive a portable copy of your data.

  • Lodge a complaint with your supervisory authority.

Submit any request to support@nurii.ai. We will verify your identity through your Nurii account or another lawful method and respond within applicable statutory timelines.

Cookies & Tracking

We use essential cookies and limited analytics to operate the app, maintain sessions, and understand feature usage. We do not run advertising, cross-site tracking, or profiling cookies. If we add analytics vendors in the future, we will update this Policy and, where required, request consent.

Subprocessors

Nurii relies on carefully vetted subprocessors to operate the service. Core providers include:

  • Supabase (database, authentication, object storage)

  • Pinecone (vector database for semantic memory)

  • Groq (LLM and vision inference with zero-data-retention configuration)

  • Nango (OAuth connection management)

  • Render (backend hosting)

  • Vercel (frontend hosting)

We may engage additional subprocessors for logging, analytics, or support. Any change will appear in this Policy or in a subprocessors schedule available upon request.

Policy Updates

We may revise this Privacy Policy from time to time. Material updates will be communicated via in-app notification or email. Continued use of the app after an update signifies acceptance of the revised Policy.

Contact Us

For questions, concerns, or privacy requests, email support@nurii.ai.

Nurii

Pricing

Contact

Resources

Privacy Policy

Terms