Privacy Policy

1. Information we collect

Information you provide directly

• Account information: name, email address, password (hashed by Firebase Authentication).
• Assessment quiz responses: age range, period status, HRT status, medical conditions, symptom frequencies, exercise habits, supplement usage.
• Daily tracking data: symptoms, triggers, activities, and optional notes you log each day.
• Profile preferences: top symptoms you choose to track, medical conditions you disclose for safety guardrails.
• Chat conversations: messages exchanged with our AI wellness companion (Nura).
• Payment information: handled directly by Stripe. We never see or store your full card details.

Information collected automatically

• Usage data: pages visited, features used, timestamps, general device type and browser.
• Authentication tokens: stored in your browser to keep you logged in.

2. How we use your information

• To create your personalized perimenopause profile and report.
• To match you with evidence-based wellness protocols appropriate for your symptoms and any medical conditions you disclose.
• To generate AI-powered insights from your daily logs.
• To process subscription payments and manage your account.
• To send you the assessment report you requested by email.
• To improve the service through aggregated, anonymized analytics.
• To respond to your inquiries and provide customer support.

We never sell your personal or health information.

3. AI processing

We use Anthropic’s Claude API to power features like the personalized quiz report, daily action recommendations, pattern insights, and the Nura wellness chat. When these features are used:

• Relevant context (your symptoms, medical conditions, recent logs) is sent to Anthropic for processing.
• Anthropic processes data to generate a response and does not use it to train their models per their commercial terms.
• Nura’s responses are wellness information, not medical advice. Always consult your healthcare provider for medical decisions.

4. Third-party services we use

We rely on the following processors to operate Nissa Flow:

• Google Firebase (authentication, database) — privacy policy.
• Google Cloud Run (application hosting) — same Google privacy framework.
• Stripe (payment processing) — privacy policy.
• Anthropic (AI features) — privacy policy.
• Resend (transactional email delivery) — privacy policy.

5. Where your data is stored

Your data is hosted on Google Cloud infrastructure in the Middle East (Doha) region by default, with backups across Google’s global network. Stripe processes payment data through their global infrastructure. AI processing happens on Anthropic’s infrastructure (primarily United States).

6. How long we keep your data

• Account and profile data: as long as your account is active. If you delete your account, we remove your personal data within 30 days (some retained longer for legal or fraud-prevention reasons).
• Quiz lead emails: kept indefinitely unless you request deletion. We may use them to follow up about your assessment.
• Anonymized analytics: retained indefinitely to improve the service.
• Payment records:retained per Stripe’s and applicable tax law requirements (typically 7 years).

7. Your rights

Depending on your jurisdiction (GDPR for EU/UK residents, CCPA for California, etc.), you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via your profile settings.
• Delete your account and associated data.
• Export your data in a portable format.
• Withdraw consent for processing where consent is the legal basis.
• Object to certain processing activities.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at privacy@nissaflow.com. We will respond within 30 days.

8. Cookies and similar technologies

We use minimal cookies and browser storage:

• Essential (always on): authentication tokens, session preferences, your in-progress quiz responses.
• Functional (with consent): your country/currency preference for pricing display.

We do not currently use third-party advertising or tracking cookies. If we add analytics in the future, we will update this policy and request your consent first where required.

9. Children’s privacy

Nissa Flow is intended for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We protect your data through industry-standard measures: TLS encryption in transit, encryption at rest in Firebase, server-side authorization rules, hashed passwords, restricted database access, and regular security reviews. No system is perfectly secure, but we work continuously to protect what you share with us.

11. Medical disclaimer

Nissa Flow provides wellness guidance based on published research. It is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified healthcare provider with any questions you may have regarding a medical condition. Our AI chat (Nura) is for informational and educational purposes only.

12. International transfers

If you access Nissa Flow from outside the country where our servers are located, your information may be transferred internationally (for example, to AI processing in the United States). By using the service, you consent to these transfers, subject to applicable safeguards including standard contractual clauses where required.

13. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will reflect any changes. For material changes, we will notify you by email or through the app. Continued use after changes means you accept the updated policy.

14. Contact us

If you have questions about this policy or how we handle your data, email us at privacy@nissaflow.com.