Nurerra Privacy Policy

Effective date: May 28, 2026

Nurerra is not a medical service. Nothing in this app — including mood check-ins, breathing exercises, articles, or community posts — is medical advice, a diagnosis, or a treatment plan. If you have questions about your GLP-1 medication or your health, talk to your prescriber.

Nurerra is the emotional companion app and website (nurerra.com) for people on GLP-1 medications. Nurerra is owned and operated by Rigal Tech Inc., a corporation incorporated in British Columbia, Canada. We refer to ourselves throughout this policy as “Nurerra,” “we,” or “us.”

This policy explains what data we collect, how we use it, and your rights over it. We keep it short on purpose — our contact details are at the end if anything is unclear.

1. What data we collect

Account data. By default, Nurerra creates an anonymous account for you — a unique internal identifier with no name, email address, or phone number attached. If you choose to link an email address and password to your account, we store that email. Nothing else.

Mood data. When you complete a mood check-in, we store the numeric score (1–5), any free-text note you write, and any emotional tags you select. These are stored in your user record on our cloud database.

Breathing and wellness session data. We store a count of completed breathing sessions. We do not record audio, video, or biometric data of any kind.

Day-count on medication. If you enter how many days you have been on your GLP-1 medication, we store that number.

Community posts. When you post to the community feed, we store the post text, your mood score at the time of posting, and your day-count on medication. Posts are anonymous — your email address (if you have one linked) and your internal account ID are never displayed to other users.

Subscription status. We record whether you have an active Premium subscription so the app knows to unlock paid features. We do not store your payment method, card number, or billing address — Apple and Google handle billing.

Crash and error logs. If the app crashes or encounters an error, we send a report to our crash and error reporting service that includes the error message, a stack trace, and basic device information (OS version, app version, device model). We configure this service to exclude mood data, post text, and email addresses from crash reports.

Waitlist email (nurerra.com only). If you join our pre-launch waitlist by entering your email address on nurerra.com, we store only your email address and the date you signed up. This data lives on our website infrastructure, separate from the mobile app’s database. We use it for one purpose: to email you once when the app becomes available. You can ask us to remove your address at any time by replying to any email we send you.

2. How we use your data

We use your data to:

Deliver the features you use (check-ins, breathing sessions, community feed, trend charts).
Show you your own mood history and patterns.
Surface crisis resources if you record the lowest mood score (1 out of 5) on five distinct days (we do not contact emergency services or your prescriber — we show you a screen with phone numbers, then wait at least 30 days before showing it again).
Unlock premium features when your subscription is active.
Diagnose crashes and fix bugs.
Prevent abuse of the community feed.
Email you once when the app launches, if you joined our waitlist on nurerra.com.

We do not use your data for advertising. We do not sell your data to anyone, ever. We do not build marketing profiles.

We work with a small set of carefully chosen service providers that perform specific functions on our behalf. Each one receives only the data it needs to do its job, and each is bound by data protection agreements that hold it to the same standards described in this policy.

Cloud infrastructure. Authentication, database storage, and backend computation are handled by a major cloud platform. Your data is encrypted in transit and at rest, and is primarily processed on servers in the United States under industry-standard data protection terms.

Subscription verification. A specialized provider helps us confirm whether your subscription is active. It receives only your device’s app store receipt and a generated identifier; it never receives your mood data, post text, email address, or any other content you create in the app.

App store payments. In-app purchases and subscriptions are processed entirely by Apple (App Store) and Google (Google Play). They handle your payment information; we never see your card number, billing address, or payment method. See Apple’s privacy practices and Google’s privacy practices.

Analytics and crash diagnostics. We use privacy-respecting analytics and crash-reporting providers to understand which features people use, what breaks, and where the experience falls short. These services receive only aggregated usage events and anonymized error logs. They never receive your mood data, notes, post text, or email address.

Email delivery and website hosting. If you joined our pre-launch waitlist on nurerra.com, your email address is stored on the website’s infrastructure separately from the mobile app’s database, and our welcome and launch-day messages are sent via a standard email service provider. We use this only to keep you informed about the product you signed up to hear about — you can ask to be removed at any time by replying to any email from us.

We do not use advertising networks. We do not work with data brokers. We do not sell your data. We do not build marketing or behavioral profiles. We do not use any general-purpose analytics platform such as Mixpanel, Amplitude, or Segment.

A current list of our sub-processors is available on request — see Contact at the end of this policy.

4. Anonymous accounts and email linking

When you first open Nurerra, we create an anonymous account for you — a unique internal ID with no email or name attached. All your mood data, breathing session counts, and day-count are tied to this anonymous account.

If you later choose to link an email address and password, our authentication system transfers ownership of that anonymous account to your email-based account. All your existing data remains in place. We do not create a duplicate record or lose any history.

If you uninstall the app without linking an email address, the anonymous account and all data tied to it become inaccessible. We cannot recover it for you, because we have no way to identify which account was yours.

5. Community posts

Posts to the community feed are visible to all Nurerra users. They are anonymous — no username, email address, or profile photo is shown alongside your post. Only your post text, your mood score at the time of posting, and your day-count on medication are visible.

When you delete your account, your community posts are deleted by default. If you’d rather have your posts remain in the feed as orphaned, no-longer-attributable anonymous content after account deletion — so the community history isn’t disrupted — contact us before deleting and we will preserve them in that form. To remove a specific post without deleting your account, contact us and we will delete it manually.

Posts are not reviewed before they appear in the feed. Do not rely on community posts for medical guidance — they reflect individual users’ experiences, not professional advice.

The mood scores, notes, and wellness data you enter into Nurerra are personal and sensitive. We treat them that way.

This data is not Protected Health Information (PHI) under HIPAA. Nurerra is not a covered entity, not a business associate of a covered entity, and not a health plan. We do not provide treatment, diagnosis, or any service that triggers HIPAA obligations. If you need HIPAA-protected care, speak to a licensed healthcare provider.

That said, we apply the same care to your mood data that we would apply to any sensitive personal information: it is encrypted in transit (TLS) and at rest using our cloud provider’s standard encryption, it is not shared except as described above, and it is not used for any purpose beyond operating the app.

7. Data retention and account deletion

We keep your data for as long as your account exists. If you delete your account through Settings → Delete Account, we delete your user record, which includes your mood history, breathing session counts, day-count, and subscription status. This action is permanent and cannot be undone.

If your account is anonymous (no linked email), uninstalling the app effectively orphans the account. Anonymous accounts inactive for 24 months are purged as part of routine cleanup.

To request manual deletion of your account or specific data, contact us with the subject line “Data Deletion Request.” We will process it within 30 days.

Crash logs are retained by our crash-reporting provider for up to 90 days and then automatically purged.

8. Crisis content

If you record the lowest mood score (1 out of 5) on five distinct days, Nurerra shows you a screen with the following resources:

988 Suicide & Crisis Lifeline — call or text 988 (US)
Crisis Text Line — text HOME to 741741 (US)

The screen is shown at most once every 30 days, so it does not reappear daily if your mood stays low. Nurerra does not call or contact emergency services on your behalf. Nurerra does not notify your prescriber, therapist, or anyone else. Nurerra does not monitor your mood data for crisis indicators outside of this in-app threshold. These resources are provided as a courtesy; they are not a substitute for professional mental health care.

9. California residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

Right to know — what categories of personal information we collect, the purposes for which we use it, and whether we sell or share it (we do not).
Right to access — a copy of the specific personal information we hold about you.
Right to delete — your personal information, subject to certain exceptions.
Right to correct — inaccurate personal information.
Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of.
Right to non-discrimination — we will not treat you differently if you exercise these rights.

To exercise any of these rights, contact us (see Contact at the end of this policy). We will respond within 45 days. We may ask you to verify your identity before processing a request.

Mood scores, notes, emotional tags, day-count on medication, and community post text may be considered “sensitive personal information” under CPRA — specifically, information concerning health and information that may reveal mental or physical health conditions. We use this data only to deliver the services you requested, not for inferring characteristics about you or for any secondary purpose. We retain it for the lifetime of your account and delete it when you delete your account.

If you are in the European Union or United Kingdom, the following applies.

Data controller: Nurerra (Rigal Tech Inc.). See Contact at the end of this policy.

Legal bases for processing:

Processing activity	Legal basis
Delivering app features (mood data, breathing sessions)	Contract (Art. 6(1)(b) GDPR) — processing is necessary to provide the service you signed up for
Crash and error reporting	Legitimate interests (Art. 6(1)(f) GDPR) — diagnosing crashes and improving stability
Community posts	Contract
Subscription status	Contract
Waitlist email (if you joined on nurerra.com)	Consent (Art. 6(1)(a) GDPR) — you submitted your email asking to be notified

Mood data may be considered “health data” under GDPR Art. 9. To the extent it is, our legal basis for processing is your explicit consent, which you provide through a dedicated in-app consent prompt shown before your first mood check-in. You may withdraw this consent at any time in Settings → Privacy → Health data consent, or by deleting your account. Withdrawal does not affect the lawfulness of any processing that occurred before withdrawal.

Your rights: Access, rectification, erasure, restriction of processing, data portability, objection, and the right to withdraw consent at any time (withdrawal does not affect lawfulness of prior processing). Contact us to exercise any right.

International transfers: Your data is stored on cloud infrastructure primarily located in the United States. Our cloud provider participates in the EU-U.S. Data Privacy Framework. Our other service providers also process data in the US under standard contractual clauses or equivalent legal mechanisms.

Right to complain: You have the right to lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner’s Office (ico.org.uk). In the EU, contact your member state’s data protection authority.

11. Canadian residents (PIPEDA, BC PIPA, Quebec Law 25)

Nurerra is operated from British Columbia, Canada. If you are in Canada, the following applies in addition to the rights described elsewhere in this policy.

Federal (PIPEDA). Your personal information is collected, used, and disclosed in accordance with the Personal Information Protection and Electronic Documents Act. We treat mood scores, notes, tags, day-count, and community posts as sensitive personal information.

British Columbia (BC PIPA). You have the right to access your personal information and to request correction of inaccuracies. Contact us with the subject line “BC PIPA Request” and we will respond within 30 days.

Quebec (Law 25). If you are in Quebec, you have the following additional rights:

Access to, correction of, or deletion of your personal information at any time.
Portability — request that we transmit your personal information to another organization in a structured technological format.
Withdrawal of consent for any non-essential processing at any time.
A guarantee that significant decisions about you are not made by automated means. We do not profile your mood data or use it to make automated decisions about you.

For Law 25 requests, contact us with the subject line “Quebec Privacy Request.”

Cross-border transfers. Your data is stored on cloud infrastructure primarily located in the United States. By using the app, you consent to this transfer. Our service providers are governed by binding contractual protections that we rely on to ensure your information is treated with the same standard of care as in Canada.

Right to complain. Depending on where you reside, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca), the Office of the Information and Privacy Commissioner for British Columbia (oipc.bc.ca), or the Commission d’accès à l’information du Québec (cai.gouv.qc.ca).

12. Children

Nurerra is intended for users who are 18 years of age or older, and is not intended for anyone under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will delete their account and associated data. If you believe someone under 18 has used Nurerra, please contact us.

13. Security

We use industry-standard practices to protect your data: TLS encryption in transit, at-rest encryption on our cloud provider’s database, and server-side authentication rules that prevent any user from reading or modifying another user’s records.

No security measure is perfect. We cannot guarantee that your data will never be accessed by an unauthorized party. If we become aware of a security breach that affects your personal information, we will notify you as required by applicable law.

14. International data transfers

Nurerra is operated from British Columbia, Canada. Our service providers store and process data primarily on servers in the United States. If you use Nurerra from outside Canada or the US, your data is transferred to and processed in these regions under the legal protections described in Section 10. By using Nurerra, you acknowledge this transfer.

15. Changes to this policy

If we make material changes to this policy — for example, adding a new subprocessor, changing how we use your data, or updating your rights — we will notify you with an in-app banner before the changes take effect. The effective date at the top of this document will be updated.

For minor changes (fixing a typo, clarifying existing practices), we may update the document without a separate notice.

16. Contact

Questions about this policy or requests related to your data:

Email us at [email protected].