Privacy Policy

Last updated: 2 April 2026

1. Data We Collect

When you use Nurlo, we collect the following data that you provide:

  • Supplements, doses, and health goals you enter
  • Check-in scores (mood, energy, sleep, focus)
  • Profile information (age, activity level, lifestyle notes)
  • Daily routine times
  • Bottle photos (processed ephemerally to extract supplement data; images are not stored)
  • Analytics events (e.g. feature usage, page views)

2. How We Use Your Data

We use your data solely to provide and improve the Nurlo service. Specifically, we use it to generate personalised supplement analyses, track efficacy trends over time, and optimise timing schedules. We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

Nurlo relies on the following third-party services to operate:

Google Gemini

Your supplement data and health goals are sent to Google Gemini to generate AI-powered narrative insights. Data is sent per-request and is not stored by Google beyond the duration of processing. This data is not used by Google to train its models.

Stripe

Payment processing is handled by Stripe. We do not store your card details. Stripe's privacy policy governs how payment data is handled.

Supabase

Supabase hosts our database and authentication system. Your data is stored in Supabase's EU/US infrastructure and is protected by row-level security so that only you can access your own records.

Sentry

We use Sentry for error tracking to maintain service reliability. No personal health data is sent to Sentry.

4. Data Retention

Your data is retained for as long as your account exists. There is no fixed expiry period. When you delete your account, all associated data is permanently removed from our systems.

5. Your Rights

Regardless of your jurisdiction (including under UK GDPR, EU GDPR, and CCPA), you have the following rights:

  • Access: Export a full copy of your data from the Settings page.
  • Deletion: Delete your account and all associated data from Settings. Account deletion also cancels any active subscription.

6. HealthKit Data (iOS)

On iOS, Nurlo may read data from Apple HealthKit with your permission. HealthKit data is read on-device only. It is never transmitted to our servers, never used for advertising, and never shared with third parties.

7. Cookies & Tracking

We use only a Supabase authentication session cookie, which is essential for the service to function. We do not use third-party tracking cookies. Analytics events are stored in our own database and are not shared externally.

8. Children

Nurlo is not intended for users under the age of 16. We do not knowingly collect data from children.

9. Contact

If you have questions about this policy or wish to exercise your data rights, please contact us at hello@trynurlo.com.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via the app. Continued use of Nurlo after changes constitutes acceptance of the updated policy.