1. Introduction

Nurivion ("we," "our," or "us") operates the Nurivion platform at nurivion.com, including our AI-powered chat assistants, voice services, and related tools. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

By accessing or using our services, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Information You Provide

Account information: Name, email address, password, and business details when you create an account.
Business data: Company name, industry, phone number, website, business hours, and service descriptions you configure.
Payment information: Billing details processed securely through Stripe. We do not store credit card numbers.
Knowledge base content: Documents, FAQs, and website content you upload to train your AI assistant.

2.2 Information Collected Automatically

Conversation data: Chat and voice interactions between your AI assistant and your customers, including transcripts and metadata.
Lead information: Contact details your customers voluntarily share during conversations (name, phone, email).
Usage data: Token usage, conversation counts, voice minutes, and feature utilization for billing and analytics.
Device and log data: IP addresses, browser type, and access timestamps for security and performance.

2.3 Information from Third Parties

Google Calendar: Calendar availability data when you connect your calendar (with your explicit OAuth consent).
Google Places: Publicly available business reviews and ratings for reputation insights.
Supabase Auth: Authentication tokens and session data.

3. How We Use Your Information

Provide, operate, and improve our AI assistant services.
Process appointments, capture leads, and deliver notifications on your behalf.
Generate analytics, reports, and reputation insights for your business.
Process billing and manage your subscription.
Send transactional emails (appointment confirmations, reminders, weekly reports).
Detect fraud, enforce our terms, and maintain platform security.
Improve our AI models through aggregated, de-identified usage patterns.

4. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

Service providers: OpenAI (AI processing), Twilio (voice/SMS), SendGrid (email), Stripe (payments), Supabase (database/auth). Each operates under their own privacy policies and data processing agreements.
At your direction: When you configure outgoing webhooks, calendar integrations, or other third-party connections.
Legal requirements: When required by law, court order, or governmental authority.
Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.

5. Data Retention

Conversations: Retained for 90 days by default, then automatically deleted.
Voice recordings: Retained for 30 days by default, then automatically deleted.
Leads: Lost/inactive leads are cleaned up after 180 days.
Custom retention: Business owners can configure custom retention periods via their account settings.
Account data: Retained for as long as your account is active. Upon deletion, data is purged within 30 days.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of the personal data we hold about you or your customers.
Deletion: Request erasure of your data (GDPR Article 17 right to erasure).
Export: Receive your data in a portable, machine-readable format.
Correction: Request correction of inaccurate personal data.
Restriction: Request we limit processing of your data.
Objection: Object to processing based on legitimate interests.

To exercise these rights, contact us at privacy@nurivion.com. We respond within 30 days.

7. AI Transparency

Our platform uses artificial intelligence to power chat and voice assistants. In compliance with the EU AI Act (Article 50) and FCC regulations:

All AI-powered interactions clearly disclose that the user is communicating with an AI system.
Voice calls announce AI involvement at the start of each call.
Chat interactions identify the assistant as AI-powered.
AI-generated content (review response drafts, report insights) is labeled as such.

8. Security

We implement industry-standard security measures to protect your data:

All data is encrypted in transit (TLS 1.2+) and at rest.
OAuth tokens and sensitive credentials are encrypted with AES-256 (Fernet).
Authentication uses asymmetric JWT (ES256) verified via JWKS.
API rate limiting and circuit breakers protect against abuse.
Webhook payloads are signed with HMAC-SHA256 for integrity verification.

9. Cookies

We use essential cookies and local storage for authentication session management. We do not use advertising or tracking cookies. Analytics, when enabled, use privacy-respecting tools with anonymized data.

10. Children's Privacy

Our services are designed for businesses and are not directed at individuals under 16. We do not knowingly collect personal information from children.

11. International Data Transfers

Your data may be processed in the United States where our infrastructure is hosted. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on our platform. Continued use of our services after changes constitutes acceptance.

13. Contact Us

For questions about this privacy policy or our data practices:

Email: privacy@nurivion.com
Support: support@nurivion.com