Legal

Privacy Policy

Effective date: 20 June 2026 · Last updated: 20 June 2026

Nureli is a quiet space for some of the most tender things you carry. We treat your information the way the app treats you — with care, restraint, and honesty. This policy explains what we collect, why, and the control you keep over it.

1. Who we are

Nureli (the “App”) is operated by Vordyn Technologies Private Limited (“Vordyn,” “we,” “us,” “our”), the data controller / data fiduciary for the information described here. For privacy questions, data requests, or grievances, contact hello@nureli.app. Our registered details are at the end of this page.

2. Information we collect

Information you provide

• Account information. When you create an account with Sign in with Apple, we receive a unique identifier and, if you allow it, your name and an email address (which may be Apple's private relay address).
• Your reflections. The content you create in the App — check-ins, journal entries, letters, and similar — and the responses generated for you. This is kept on your device and, when you are signed in, synced securely to your account so it is there when you return.
• Messages to us. Anything you send when you contact support.

Information collected automatically

• Usage & diagnostics. How you interact with features (for example, that a check-in was completed), plus device type, operating-system version, app version, language, and crash/diagnostic data — used to keep the App reliable. We use PostHog for product analytics, configured to capture behaviour, timing, and counts only. We never send your journal text, emotion words, body-sensation locations, AI reflections, or crisis flags to analytics, and we use no advertising SDKs and no IDFA/ATT tracking.
• Subscription information. If you purchase Nureli Premium, the purchase is processed by Apple. We and our subscription provider (RevenueCat) receive transaction and entitlement details (such as product purchased, status, and an anonymous identifier). We never receive your card or payment details.
• Notifications. If you enable them, a push token so we can deliver the reminders you've chosen.

3. How we use your information

• To provide the App — storing your reflections and showing them back to you.
• To generate the AI responses and reflections you read (see Section 4).
• To operate and improve reliability, security, and performance.
• To process subscriptions and manage entitlements.
• To send notifications you have turned on, and to respond to support requests.
• To comply with law and protect the rights and safety of users and the public.

Our legal bases (where the GDPR applies) are performance of our contract with you, your consent (for optional features such as notifications), and our legitimate interests in running a secure, reliable service. Where the India DPDP Act applies, we process personal data on the basis of your consent and for the legitimate uses it permits.

4. AI processing — how your words become reflections

Nureli's reflections are generated using a third-party AI model. Your words do not go straight to an AI company from your device: the relevant content is sent securely to our own backend (hosted on Supabase), which calls OpenAI (GPT‑4o) to generate the reflection and returns it to you. Being clear about this matters to us:

• This processing is done by machine, to serve you — not reviewed by our staff as a matter of course.
• Your content is not used to train AI models. We send it through OpenAI's API, which under OpenAI's terms is not used to train their models, and we send only what is needed to generate your reflection.
• Safety comes first. Before any reflection is generated, your text is checked on our backend for signs of crisis. If crisis language is detected, we do not send your text to the AI model — instead we show supportive crisis resources (see Section 11).
• We do not sell or share your content for advertising.

5. How we share information

We do not sell your personal data. We share it only as follows.

Service providers (sub-processors) process data on our behalf, under contract, solely to run Nureli:

• Supabase — secure cloud hosting, database, sign-in, and the backend functions that generate your reflections. Processes your account data and the reflections you sync. (United States / EU.)
• OpenAI — generates your AI reflections (see Section 4). Receives only the text needed for a given reflection, by machine; not used to train models. (United States.)
• RevenueCat — manages subscriptions and entitlements. Receives purchase and entitlement data and an anonymous identifier; never your payment-card details. (United States.)
• Apple — Sign in with Apple, App Store payments, and push notifications. (Global.)
• PostHog — product analytics and diagnostics, limited to behaviour, timing, and counts — never your emotional content (see Section 2). (United States / EU.)

We also disclose information for legal and safety reasons — where required by applicable law, or to protect the rights, property, or safety of our users, the public, or Vordyn — and in a business transfer (a merger, acquisition, or asset sale), with continued protection under this policy.

6. International data transfers

Vordyn is based in India, and our providers may process data in India, the United States, the European Union, and other locations. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

7. Data retention

We keep your information for as long as your account is active or as needed to provide the App. When you delete your account or your content, we delete or irreversibly anonymize it from our active systems, typically within 30 days, except where we must retain limited records to comply with law, resolve disputes, or enforce our agreements.

8. Security

Your information is encrypted in transit (TLS) and at rest, and protected by access controls. No method of transmission or storage is perfectly secure, but we work to protect your information using measures appropriate to its sensitivity.

9. Your rights and choices

You can access, export, correct, or permanently delete your reflections from within the App at any time. Depending on where you live, you also have specific rights:

• India (DPDP Act, 2023). Access to a summary of your data, correction and erasure, grievance redressal, and the ability to nominate another person to exercise your rights. You may contact our Grievance Officer at hello@nureli.app.
• EEA / UK (GDPR). Access, rectification, erasure, restriction, portability, and objection; the right to withdraw consent; and the right to lodge a complaint with your supervisory authority.
• California (CCPA/CPRA). The right to know, delete, and correct, and to opt out of the “sale” or “sharing” of personal information — note that we do not sell or share your personal information. We will not discriminate against you for exercising your rights.

To make a request, email hello@nureli.app. We may need to verify your identity before acting on a request.

10. Children

Nureli is intended for adults (18 and older). It is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided us information, contact us and we will delete it.

11. Not a medical or crisis service

Nureli supports reflection and self-understanding. It is not therapy, diagnosis, or a crisis service, and it is not a substitute for professional care. If you are in immediate danger, contact your local emergency number or a crisis helpline.

12. Changes to this policy

We may update this policy from time to time. We will post the revised version here with a new effective date and, where appropriate, notify you in the App.

13. Contact us

Questions, requests, or grievances? Email hello@nureli.app or write to us at the address below.