Privacy Policy

1. Information we collect

Nurii collects information needed to provide AI chat, dashboards, automations, approved actions, Knowledge, memory, billing, and support.

• Account and organization information, such as your name, email address, authentication identifiers, organization name, role, plan, membership status, and settings.
• Connected app information that you or your organization authorize, including connection metadata, granted scopes, selected resources, synced records, and provider identifiers.
• AI chat, dashboard, automation, Knowledge, file, memory, approval, and action history content, including prompts, responses, uploaded or selected files, extracted text, summaries, and feedback.
• Billing, subscription, trial, checkout, and demo scheduling information, including Stripe customer and subscription identifiers and Calendly booking status.
• Website analytics information, such as page views, referral source, approximate location, device, browser, and engagement events.
• Usage, device, diagnostic, and security information, such as log events, error reports, feature activity, IP address, browser details, request metadata, and audit records.
• Support and communications information, including emails, requests, and other messages you send us.

We do not intentionally collect full payment card numbers. Stripe processes payment card details directly.

2. Connected apps and integrations

Nurii only accesses connected services when an authorized user or organization connects that service and grants permission. Depending on the integration, Nurii may process data from tools such as Google, Slack, QuickBooks, HubSpot, Asana, Notion, Trello, Mailchimp, Planning Center, Subsplash, WordPress, Stripe, and related services.

Where supported, Nurii uses explicit boundaries such as selected calendars, files, properties, channels, sites, workspaces, projects, portals, or member-owned accounts. Google Drive files, for example, are used when a member selects them for AI chat or related product workflows.

You are responsible for making sure you have the rights and permissions needed to connect a service and process the data you make available through Nurii.

3. How we use information

• Provide, secure, maintain, and improve Nurii.
• Generate AI responses, dashboards, summaries, recommendations, automations, and approved action proposals.
• Sync, query, and organize authorized connected app data so Nurii can answer questions and support workflows.
• Understand website traffic, page engagement, and content performance so we can improve the marketing site.
• Manage accounts, organizations, billing, subscriptions, trials, demos, invitations, and support.
• Detect, prevent, investigate, and respond to abuse, security incidents, errors, service issues, and policy violations.
• Comply with legal, tax, accounting, contractual, and regulatory obligations.

We do not sell personal information, rent customer data, or use customer content for cross-context behavioral advertising.

4. AI processing

Nurii sends prompts, conversation context, selected files, connected app data, Knowledge, approved memories, and workflow payloads to AI and retrieval providers only as needed to provide the requested feature.

Nurii does not use customer content to train Nurii-owned foundation models. Third-party AI providers process data as subprocessors for inference, embeddings, summarization, retrieval, or related service functionality under the applicable provider terms and configurations.

AI output can be incomplete or wrong. You should review important answers, recommendations, and proposed actions before relying on them, especially for financial, legal, compliance, personnel, or other high-impact decisions.

5. How we share information

We share information only as needed to operate Nurii and support the purposes described in this Policy.

• With authorized users in your organization, based on product roles, membership, settings, and shared resources.
• With subprocessors that provide hosting, database, storage, authentication, email, monitoring, website analytics, billing, scheduling, AI inference, embeddings, retrieval, and web search services.
• With connected service providers when you direct Nurii to access, sync, query, update, or otherwise interact with those services.
• With professional advisors, authorities, or other parties when required by law, to enforce our agreements, or to protect rights, safety, security, and service integrity.
• In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections.

6. Current subprocessors

Nurii's current core subprocessors include the categories below. Some providers apply only when a feature is enabled, configured, or used.

• Infrastructure and data: Supabase for authentication, database, and private storage; Render and Vercel for hosting and deployment.
• Reliability, analytics, and communications: Sentry for error monitoring and diagnostics; Google Analytics for aggregate website traffic and engagement measurement; Resend for email delivery.
• Billing and scheduling: Stripe for payments, subscriptions, checkout, and billing; Calendly for demo scheduling.
• AI and retrieval: Cerebras, Baseten, xAI, and OpenRouter where configured for AI model inference; Voyage for embeddings; Exa when web search is used.
• Connected services: the third-party apps and platforms that you or your organization authorize Nurii to connect.

We may update subprocessors as Nurii evolves. Material changes will be reflected in this Policy or a subprocessor notice we make available.

7. Data storage and security

• Nurii uses TLS for data in transit and relies on hosting and database providers that support encryption at rest.
• Connector credentials are stored in a private credentials store and encrypted before storage using AES-256-GCM.
• Production access is limited to authorized personnel with a business need.
• Nurii uses security controls such as authentication, authorization checks, scoped connector boundaries, rate limiting, strict CORS configuration, webhook signature verification, audit records, and monitoring.
• No internet service can be guaranteed perfectly secure. We work to protect information, but you are also responsible for using strong account practices and managing access for your team.

8. Retention, disconnects, and deletion

We keep information for as long as needed to provide Nurii, maintain product history, satisfy legal or accounting obligations, resolve disputes, enforce agreements, and protect security.

When an integration is disconnected, Nurii revokes or deletes stored connection credentials where supported and removes associated connector state and synced records according to the product's deletion behavior. Some audit records, billing records, security logs, backups, or legally required records may be retained for limited periods.

You can request deletion of account, organization, chat, file, Knowledge, memory, or connector data by contacting support. We may need to verify your identity or authority before completing a request.

9. Your choices and rights

• You can update account and organization settings in Nurii.
• Authorized users can connect, disconnect, or limit integrations according to their role and permissions.
• You can request access, correction, deletion, portability, or restriction of certain personal information, subject to applicable law and verification.
• You can opt out of marketing emails by using the unsubscribe link or contacting us.
• If a privacy law gives you rights to opt out of sale or sharing, Nurii does not sell personal information or share it for cross-context behavioral advertising.

Send privacy requests to support@nurii.ai. We will respond within the time required by applicable law.

10. Cookies and similar technologies

Nurii uses essential cookies, local storage, and similar technologies to operate the service, maintain sessions, remember preferences, secure accounts, understand product reliability, and measure website traffic and engagement.

We do not use advertising cookies or cross-site tracking pixels on the Nurii service.

11. Children's privacy

Nurii is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to Nurii, contact us so we can take appropriate action.

12. International transfers

Nurii is operated from the United States. If you use Nurii from outside the United States, information may be processed in the United States and other countries where our subprocessors operate.

13. Changes to this Policy

We may update this Privacy Policy from time to time. When changes are material, we will take reasonable steps to notify you, such as posting the updated Policy, sending email, or providing in-product notice. Continued use of Nurii after the effective date means the updated Policy applies.