Privacy Policy

Nuri Care is an eldercare app built to help older adults manage medications, appointments, and wellbeing, while keeping their family quietly in the loop. This policy covers both the Nuri mobile application (iOS and Android) and the Nuri website at nuricare.co (together, "the Service").

The data controller is the Nuri team. You can reach us at privacy@nuricare.co.

We only collect what is needed to provide the Service.

We use the information we collect to:

• Provide the Service: medication reminders, appointment tracking, family-sharing summaries, wellbeing check-ins, and drug-interaction safety checks.
• Send you push notifications and emails relevant to your care (reminders, alerts, account notices).
• Improve the app: understanding how features are used in aggregate, diagnosing bugs, and making the experience better.
• Respond to support enquiries and enforce our Terms of Service.
• Comply with legal obligations where required.

We do not sell your personal data. We do not use it for advertising, and we do not share it with data brokers or marketing platforms.

Where GDPR applies, we rely on:

• Contract: processing necessary to deliver the Service you signed up for.
• Consent: for health and medication data, which you provide voluntarily, and for marketing emails (you may withdraw at any time).
• Legitimate interests: security monitoring, fraud prevention, and aggregate product analytics, where these do not override your rights.
• Legal obligation: where we are required to retain or disclose data by applicable law.

Under Singapore's PDPA, we collect, use, and disclose personal data only with your knowledge and consent, or where the PDPA permits without consent (e.g., investigations by public authorities).

We use a small number of trusted third-party services to operate Nuri. Each processes data only as instructed by us, under a data-processing agreement:

• Cloud hosting, database, and sign-in: stores your account data and care records and signs you in securely.
• Push-notification delivery: sends reminders and alerts to your device. Only a device token is shared for routing; no care content is included.
• AI safety checks: the medication-interaction and exercise-safety features send the relevant details you enter to an AI provider to generate the result. That information is used only to produce your result. It is not used to train AI models.
• Diagnostics and error monitoring: receives crash and error reports so we can fix bugs. We strip identifying fields such as your email address and IP address before reports are sent.
• Aggregate product analytics: tells us which features are used, in aggregate, so we can improve Nuri.
• Payments and subscriptions: if you upgrade to a paid plan, a payments provider records your subscription status. Your card details are handled by the app store, not by us.
• Website hosting and security: serves nuricare.co and protects it from attacks. Standard request metadata (IP address, headers) is processed in transit.

We do not use advertising trackers or any advertising SDK, and we do not sell your data to ad networks. The only analytics we run are aggregate, in-app product metrics that help us improve Nuri.

Your information is shared only in these circumstances:

• With your connected family members: the elder account controls which care information (medication status, appointment summaries, wellbeing check-ins) is visible to connected family members. Family members cannot access data the elder has not shared.
• With our service providers: as described in Section 5, for the purpose of running the Service.
• When required by law: if we receive a valid legal request (court order, regulatory requirement), we will comply and, where permitted, notify the affected user.
• In a business transfer: if Nuri is ever part of a merger, acquisition, or sale of assets, your data may pass to the new owner. They will be bound by privacy commitments no less protective than this policy, and we will notify you beforehand so you can export or delete your data first.

We never sell your data to data brokers, advertisers, or marketing platforms, and we never share it for advertising purposes.

Medication lists, health conditions, appointment records, and wellbeing check-in responses are sensitive. We treat them with extra care:

• Health data is stored encrypted at rest and transmitted over TLS.
• Access within the app is gated by your account credentials and, for family sharing, by the elder's explicit acceptance of a family-connection invitation.
• The elder can disconnect a family member at any time, immediately revoking their access to shared care information.
• No health data is used to train AI models, benchmarked against other users, or disclosed to third parties beyond the processors listed in Section 5.

Nuri is a personal care-management tool, not a regulated medical device or covered healthcare provider. We do not claim to diagnose, treat, or provide clinical advice.

We keep your data for as long as your account is active and for a reasonable period afterward to handle any support issues or legal obligations.

Export: You can export a copy of your data at any time from inside the app, in a common machine-readable format. You can also request one by emailing privacy@nuricare.co, and we will provide it within 30 days.

Deletion: You may delete your account from within the app or by contacting us. On deletion, your personal data and care records are permanently removed from our live systems within 30 days. Anonymised aggregate data (e.g., feature-usage counts) may be retained. Backup copies are purged within 90 days.

Waitlist email addresses collected on the website are deleted within 30 days of the app's general launch, or earlier on request.

We take reasonable technical and organisational measures to protect your data:

• All data in transit is encrypted with TLS 1.2 or higher.
• Data at rest is encrypted using AES-256 at the storage layer.
• The app uses SSL certificate pinning on both iOS and Android to prevent man-in-the-middle attacks on the connection to our backend.
• Access to production data is restricted to essential team members and is controlled by role-based permissions.
• Row-level security policies in the database ensure each user can only access their own data (and data shared with them by a connected elder).

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to privacy@nuricare.co.

Nuri is operated from Singapore. Our service providers may process data on infrastructure located outside Singapore, including in the United States and the European Economic Area.

Where data is transferred internationally, we rely on the contractual safeguards provided by each processor (standard contractual clauses or equivalent certifications) to ensure your data receives an adequate level of protection.

Depending on where you are located, you have the following rights regarding your personal data. To exercise any of them, contact us at privacy@nuricare.co.

We will respond to all valid requests within 30 days. Complex requests may take up to 60 days; we will let you know if that is the case.

Nuri is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this policy from time to time. When we make material changes, such as adding a new category of data we collect or a new sharing practice, we will notify you by email and display a notice in the app at least 14 days before the change takes effect.

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or concerns, please write to us at:

We aim to respond within 5 business days. For formal data-subject requests under PDPA or GDPR, please include "Data Request" in your subject line.