Naru AI Privacy Policy

Naru AI, Inc. (**"Naru AI,"** **"we,"** **"us,"** or **"our"**) is committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, store, and share your information when you use our services.

**IMPORTANT NOTICE: Our services are designed for informational purposes only and are not a substitute for professional medical advice, diagnosis, or treatment. In case of emergency, contact your local emergency services immediately.**

This Privacy Policy applies to all of our services, including our website at naru-ai.com, our mobile applications, and any other services we offer (collectively, the **"Services"**).

1. Information We Collect

1.1 Information You Provide Directly

When you use our Services, you may provide us with different types of information:

  • **Account Information:** When you create an account, we collect information such as your name, email address, and password.
  • **Health Information:** Information about symptoms, medical history, medications, allergies, and other health-related data that you voluntarily provide when using our symptom assessment tools.
  • **Demographic Information:** Information such as your age, gender, height, and weight that helps personalize your experience.
  • **Communications:** Information you provide when contacting our support team or participating in surveys.

1.2 Information Collected Automatically

When you use our Services, certain information may be collected automatically:

  • **Device Information:** Information about your device, including device type, operating system, browser type, and device identifiers.
  • **Usage Information:** Information about how you use our Services, including features accessed, time spent, and actions taken.
  • **Log Data:** Server logs, IP addresses, and other standard data collected by web servers.
  • **Cookies and Similar Technologies:** We use cookies and similar technologies to enhance your experience, analyze usage patterns, and improve our Services. For more details, please see our Cookie Policy.

1.3 Information from Third Parties

We may receive information about you from third parties, such as:

  • **Authentication Services:** If you choose to log in using a third-party service like Google or Apple.
  • **Payment Processors:** If you make a purchase, our payment processors may share certain transaction information with us.
  • **Note:** We do NOT receive or collect your health information from healthcare providers, insurance companies, or any other third parties.

2. How We Store Your Information

2.1 Local Storage on Your Device

**IMPORTANT PRIVACY FEATURE: We prioritize your privacy by storing sensitive health data locally on your device whenever possible.**

  • **Health Data:** Your symptom information, health logs, and most personal health information are stored locally on your device in secure local storage (such as UserDefaults on iOS or SharedPreferences on Android).
  • **Offline Access:** This approach allows you to access your health information even without an internet connection.
  • **Enhanced Privacy:** By keeping sensitive health data on your device, we minimize privacy risks associated with server storage.

2.2 Information Stored on Our Servers

We store limited information on our secure servers:

  • **Authentication Data:** Your account credentials and basic profile information are stored in our secure Supabase database for authentication purposes.
  • **Usage Analytics:** Anonymized and aggregated usage data that helps us improve our Services.
  • **Sync Data (Optional):** If you choose to enable cross-device syncing, your health data will be encrypted and stored on our servers to facilitate syncing.

2.3 Data Security

We implement appropriate technical and organizational measures to protect your information:

  • **Encryption:** We use industry-standard encryption to protect data in transit and at rest.
  • **Access Controls:** We limit access to your information to authorized personnel only.
  • **Regular Audits:** We regularly review our security practices to ensure they meet industry standards.
  • **Data Minimization:** We collect only the information necessary to provide our Services.

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

2.4 Data Retention

We retain your information only as long as necessary to provide our Services and comply with legal obligations:

  • **Account Information:** We retain your account information until you delete your account or request deletion.
  • **Local Health Data:** Data stored locally on your device remains there until you delete it using the app's functionality or uninstall the app.
  • **Server-Stored Data:** We will retain any server-stored data for as long as your account is active and as needed to provide you with our Services.
  • **Anonymized Data:** We may retain anonymized, aggregated data indefinitely.

3. How We Use Your Information

We use your information for the following purposes:

  • **Providing Services:** To operate, maintain, and improve our Services, including personalized symptom assessment.
  • **Account Management:** To create and manage your account, authenticate your identity, and provide customer support.
  • **Communication:** To respond to your inquiries, send service-related notifications, and, with your consent, send marketing communications.
  • **Analytics and Improvement:** To understand how users interact with our Services, improve user experience, and develop new features.
  • **Security and Legal Compliance:** To detect and prevent fraud, enforce our terms, and comply with applicable laws and regulations.

4. Use of Artificial Intelligence and Large Language Models

Our Services incorporate artificial intelligence (AI) technologies, including large language models (LLMs), to provide health insights and improve user experience:

  • **Analysis of Your Inputs:** We use AI to analyze symptoms and health information you provide to generate insights and recommendations.
  • **Data Processing:** When you use our AI features, your information may be processed by our AI systems to generate responses.
  • **Third-Party AI Providers:** We may use third-party AI services such as OpenAI or other LLM providers, but we implement safeguards to protect your data:
  • - We have data processing agreements with all AI providers
  • - Your data is never used to train third-party models
  • - We anonymize data where possible before processing
  • - AI providers are contractually prohibited from retaining or repurposing your data
  • **Continuous Improvement:** We may use anonymized, aggregated data to improve our AI models and algorithms.

**YOUR CONTROL:** You can opt out of certain AI-based features by adjusting your settings in the app.

5. How We Share Your Information

We are committed to maintaining your privacy and do not sell your personal information. We may share your information in limited circumstances:

  • **Service Providers:** We may share information with third-party vendors and service providers who help us deliver our Services (e.g., cloud storage providers, payment processors).
  • **Business Transfers:** If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • **Legal Requirements:** We may disclose information if required by law, regulation, legal process, or governmental request.
  • **With Your Consent:** We may share information with third parties when you explicitly consent to such sharing.
  • **Anonymized Data:** We may share anonymized, aggregated data that cannot reasonably be used to identify you.

**IMPORTANT:** We do NOT share your health information with any third parties for marketing, advertising, or other commercial purposes.

6. Your Rights and Choices

Depending on your location, you may have various rights regarding your personal information:

  • **Access and Portability:** You can access your information in the app and export it in a common format.
  • **Correction:** You can update your account information and modify health data at any time.
  • **Deletion:** You can delete specific health records or your entire account.
  • **Objection and Restriction:** You can object to certain processing activities and limit how we use your data.
  • **Consent Withdrawal:** You can withdraw previously given consent at any time.
  • **Do Not Track:** While we do our best to respect browser privacy controls, our Services currently do not respond to Do Not Track signals.

To exercise these rights, you can use the relevant features in our app or contact us at privacy@naru-ai.com.

7. State-Specific Privacy Rights

7.1 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

  • **Right to Know:** You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
  • **Right to Delete:** You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • **Right to Correct:** You have the right to request correction of inaccurate personal information.
  • **Right to Opt-Out:** You have the right to opt-out of the sale or sharing of your personal information. However, we do not sell or share your personal information as defined by the CCPA/CPRA.
  • **Non-Discrimination:** You have the right not to be discriminated against for exercising your CCPA/CPRA rights.

To exercise your rights under the CCPA/CPRA, please contact us at privacy@naru-ai.com.

7.2 Washington, Nevada, and Connecticut Residents

If you are a resident of Washington, Nevada, or Connecticut, you have specific rights regarding your consumer health data pursuant to the Washington My Health My Data Act (MHMDA), the Nevada Consumer Health Data Privacy Act (NCHDPA), and the Connecticut Data Privacy Act (CDPA):

  • **Enhanced Transparency:** We provide clear information about what health data we collect and how we use it.
  • **Expanded Definition of Health Data:** We treat a broader range of data as protected health information, including symptom information, diagnostic data, and health-related inferences.
  • **Explicit Consent:** We obtain your explicit consent before collecting or using sensitive health data.
  • **Stronger Access Rights:** You have robust rights to access, correct, and delete your health data.
  • **Data Minimization:** We collect only the minimum health data necessary to provide our Services.
  • **Protection Against Discrimination:** We do not discriminate against you for exercising your privacy rights.

To exercise your rights under these state laws, please contact us at privacy@naru-ai.com.

8. International Data Transfers

Naru AI is based in the United States, and your information may be processed and stored in the United States or other countries where we or our service providers operate. These countries may have different data protection laws than your country of residence.

When we transfer your information to other countries, we take steps to ensure that your information receives an adequate level of protection, including using contractual provisions, privacy shields, or other legally accepted safeguards. By using our Services, you acknowledge and consent to these transfers.

9. Children's Privacy

Our Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe we have collected information from a child under 18, please contact us at privacy@naru-ai.com.

10. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and improve our Services. These technologies collect information about how you use our Services, including which pages you visit and which links you click.

You can control cookies through your browser settings and other tools. However, if you block certain cookies, you may not be able to use all the features of our Services.

For more details about our use of cookies and how to manage them, please see our Cookie Policy.

11. Links to Third-Party Websites

Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties, and this Privacy Policy does not apply to their websites or services. We encourage you to review the privacy policies of any third-party websites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable laws. We will notify you of any material changes by posting the updated Privacy Policy on our website and, where required by law, seeking your consent.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

**Email:** privacy@naru-ai.com

**Address:** [Your company's physical address]

**Data Protection Officer:** [DPO name/contact if applicable]

We will respond to your request within a reasonable timeframe, typically within 30 days.