App launching very soon. Sign up to be notified.
Terms of Service
Your data, our commitment to transparency and security
Privacy Policy
This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use the service and tells you about your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the service, you agree to the collection and use of information in accordance with this Privacy Policy.
Interpretation and Definitions
Interpretation
The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Nuring Inc, 14 Erb Street West, Waterloo, Ontario, Canada.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: Ontario, Canada.
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.
Data Protection Officer (DPO) means the person responsible for overseeing the Company's data protection strategy and its implementation to ensure compliance with privacy laws.
Data Subject means any living individual who is using our Service and is the subject of Personal Data.
Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
For residents of the European Economic Area (EEA) and United Kingdom (UK), this is equivalent to "Personal Data" under GDPR and UK GDPR.
For California residents, this includes "Personal Information" as defined under the CCPA/CPRA.
For Canadian residents, this includes "Personal Information" as defined under PIPEDA and applicable provincial privacy legislation.
Service refers to the Website and mobile application.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to Nūring, accessible from www.nuring.com.
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City
Usage Data
Usage Data
Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device's unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit Our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies We use include beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website
statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies: To provide You with services available through the Website and to enable You to use some of its features.
Cookies Policy / Notice Acceptance Cookies: To identify if users have accepted the use of cookies on the Website.
Functionality Cookies: To allow us to remember choices You make when You use the Website, such as your login details or language preference.
Analytics and Performance Cookies: To help us understand how visitors interact with the Website by collecting and reporting information anonymously.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy. For users in the European Union and United Kingdom, you can manage your cookie preferences through our cookie consent banner.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
To provide and maintain our Service, including to monitor the usage of our Service.
To manage Your Account: to manage Your registration as a user of the Service.
For the performance of a contract: the development, compliance and undertaking of the purchase contract or any other contract with Us through the Service.
To contact You: By email, telephone, SMS, or other equivalent electronic communication regarding updates or informative communications related to the Service.
To provide You with news, special offers, and general information about other goods, services and events which We offer, unless You have opted not to receive such information.
To manage Your requests: To attend and manage Your requests to Us.
For business transfers: To evaluate or conduct a merger, divestiture, restructuring, or other sale or transfer of assets.
For other purposes: Such as data analysis, identifying usage trends, and to evaluate and improve our Service, products, services, marketing and your experience.
Sharing of Your Personal Data
We may share Your personal information in the following situations:
With Service Providers: To monitor and analyze the use of our Service, tocontact You, or to provide customer support. Our Service Providers include: Analytics providers (e.g., Google Analytics), Cloud hosting providers, Email service providers, Payment processors
For business transfers: In connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
For the performance of a contract: the development, compliance and undertaking of the purchase contract or any other contract with Us through the Service.
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
With other users: When You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (e.g., if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Typical retention periods include:
Account information: Retained for the duration of your account plus 12 months after account closure, unless a longer period is required by law.
Usage data and analytics: Typically retained for 24 months unless anonymized.
Marketing communications: Retained until you unsubscribe or request deletion.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
International Data Transfer Mechanisms:
For EU/EEA and UK transfers: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office for transfers of Personal Data outside the EEA and UK to countries not recognized as providing an adequate level of data protection.
For Canadian transfers: We ensure that any cross-border transfers comply with PIPEDA requirements and that foreign organizations provide a comparable level of protection.
Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data
may be transferred. We will provide notice before Your Personal Data is transferred and
becomes subject to a different Privacy Policy.
Law Enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other Legal Requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of users of the Service or the public
Protect against legal liability
Health Data and Device Sensor Disclosure
Depending on the features you use and permissions you grant, the app may access, collect, and process the following health and fitness data from your device, wearable devices, or connected services:
Heart rate data
Heart rate variability (HRV
Activity data(such as steps, movement, and physical activity)
Sleep data (such as sleep duration and sleep stages)
Body sensor data collected through device sensors
Activity recognition data (used to detect physical activity like walking or running)
This data is collected only after you grant the required permissions.
How We Use This Data
We use this health and sensor data solely to provide and improve the app's health and fitness features, including:
Displaying your health metrics and trends
Providing insights related to activity, recovery, and sleep
Enabling activity and sleep tracking features
Supporting reminders, progress tracking, and personalized feedback
We do NOT sell health data.
We do NOT use health data for advertising or marketing.
We do NOT share health data with data brokers.
We use both Session and Persistent Cookies for the purposes set out below:
Consent and Control
Health and sensor data is processed only with your explicit consent through system permission prompts. You can withdraw access at any time by:
Revoking permissions in your device settings
Disconnecting any linked health services
Contacting us to request deletion of your data
Sharing of Your Health Data
We may share health data only:
With trusted service providers that process data on our behalf under strict confidentiality obligations
When you explicitly request data transfer or integration
When required by law
Retention and Deletion
We retain health data only as long as necessary to provide the service:
While your account is active
Deleted or anonymised within 7days after account deletion
You may request deletion at any time by contacting hello@nuring.com
Security
Health and sensor data is protected using industry-standard safeguards, including encryption in transit and at rest, access controls, and monitoring designed for sensitive information.
Specific Legal Rights and Disclosures
Canadian Privacy Rights (PIPEDA)
If You are a resident of Canada, Your Personal Information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and/or applicable provincial privacy legislation. The Company is committed to compliance with PIPEDA's ten fair information principles.
PIPEDA Principles We Follow
Accountability: We are responsible for Personal Information under our control and have designated a Privacy Officer responsible for our compliance with PIPEDA.
Identifying Purposes: We identify the purposes for which Personal Information is collected at or before the time of collection.
Consent: We obtain Your consent for the collection, use, or disclosure of Your Personal Information, except where permitted or required by law
Limiting Collection: We limit the collection of Personal Information to that which is necessary for the identified purposes.
Limiting Use, Disclosure, and Retention: We use or disclose Personal Information only for the purposes for which it was collected, except with Your consent or as required by law. We retain Personal Information only as long as necessary.
Accuracy: We keep Personal Information as accurate, complete, and up-to-date as necessary for the purposes for which it is used.
Safeguards: We protect Personal Information with security safeguards appropriate to the sensitivity of the information.
Openness: We make information about our policies and practices relating to Personal Information readily available.
Individual Access: Upon request, we inform You of the existence, use, and disclosure of Your Personal Information and give You access to it.
Challenging Compliance: You may challenge our compliance with PIPEDA bycontacting our Privacy Officer.
Your Canadian Privacy Rights
Under PIPEDA and applicable provincial legislation, You have the right to:
Access Your Personal Information: Request access to Your Personal Information that We hold, subject to limited exceptions.
Correct Your Personal Information: Request correction of any inaccurate or incomplete Personal Information.
Withdraw Consent: Withdraw Your consent to our collection, use or disclosure of Your Personal Information, subject to legal or contractual restrictions.
File a Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada if You believe Your privacy rights have been violated.
To exercise these rights, please contact our Privacy Officer using the contact information provided in the "Contact Us" section. We will respond to Your request within 30 days or as otherwise required by applicable law.
European Union General Data Protection Regulation (GDPR)
If You are a resident of the European Economic Area (EEA), You have certain data protection rights under the General Data Protection Regulation (GDPR). The Company aims to take reasonable steps to allow You to correct, amend, delete or limit the use of Your Personal Data.
Legal Basis for Processing
Our legal basis for collecting and using Your Personal Data depends on the context in which we collect it, which typically includes:
Consent: You have given clear consent for us to process Your Personal Data for a specific purpose.
Contract: Processing Your Personal Data is necessary for the performance of a contract with You.
Legal Obligation: Processing Your Personal Data is necessary for compliance with a legal obligation.
Legitimate Interests: Processing is necessary for Our legitimate interests and does not override Your rights and freedoms.
Your GDPR Rights
Under GDPR, You have the following data protection rights:
The right to access: The right to request copies of Your Personal Data. We may charge a reasonable fee for multiple copies or manifestly unfounded requests.
The right to rectification: The right to request that We correct any information You believe is inaccurate or complete information You believe is incomplete.
The right to erasure ("Right to be Forgotten"): The right to request that We erase Your Personal Data, under certain conditions.
The right to restrict processing: The right to request that We restrict the processing of Your Personal Data, under certain conditions.
The right to object to processing: The right to object to Our processing of Your Personal Data, under certain conditions.
The right to data portability: The right to request that We transfer the data that we have collected to another organization, or directly to You, under certain conditions.
The right to withdraw consent: You have the right to withdraw Your consent at any time where the Company relied on Your consent to process Your personal information.
The right to lodge a complaint: You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data.
We will respond to requests to exercise these rights within one month, which may be extended by two additional months where necessary, taking into account the complexity and number of requests. For more information, please contact Your local data protection authority in the EEA. You can also contact our Data Protection Officer using the contact details provided below.
Automated Decision-Making and Profiling
We do not use Your Personal Data for automated decision-making, including profiling, that produces legal effects concerning You or similarly significantly affects You, unless You have given explicit consent or such processing is necessary for entering into or performing a contract with You.
European Union General Data Protection Regulation (GDPR)
If You are a resident of the European Economic Area (EEA), You have certain data protection rights under the General Data Protection Regulation (GDPR). The Company aims to take reasonable steps to allow You to correct, amend, delete or limit the use of Your Personal Data.
Legal Basis for Processing
Our legal basis for collecting and using Your Personal Data depends on the context in which we collect it, which typically includes:
Consent: You have given clear consent for us to process Your Personal Data for a specific purpose.
Contract: Processing Your Personal Data is necessary for the performance of a contract with You.
Legal Obligation: Processing Your Personal Data is necessary for compliance with a legal obligation.
Legitimate Interests: Processing is necessary for Our legitimate interests and does not override Your rights and freedoms.
Your GDPR Rights
Under GDPR, You have the following data protection rights:
The right to access: The right to request copies of Your Personal Data. We may charge a reasonable fee for multiple copies or manifestly unfounded requests.
The right to rectification: The right to request that We correct any information You believe is inaccurate or complete information You believe is incomplete.
The right to erasure ("Right to be Forgotten"): The right to request that We erase Your Personal Data, under certain conditions.
The right to restrict processing: The right to request that We restrict the processing of Your Personal Data, under certain conditions.
The right to object to processing: The right to object to Our processing of Your Personal Data, under certain conditions.
The right to data portability: The right to request that We transfer the data that we have collected to another organization, or directly to You, under certain conditions.
The right to withdraw consent: You have the right to withdraw Your consent at any time where the Company relied on Your consent to process Your personal information.
The right to lodge a complaint: You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data.
We will respond to requests to exercise these rights within one month, which may be extended by two additional months where necessary, taking into account the complexity and number of requests. For more information, please contact Your local data protection authority in the EEA. You can also contact our Data Protection Officer using the contact details provided below.
Automated Decision-Making and Profiling
We do not use Your Personal Data for automated decision-making, including profiling, that produces legal effects concerning You or similarly significantly affects You, unless You have given explicit consent or such processing is necessary for entering into or performing a contract with You.
United Kingdom General Data Protection Regulation (UK GDPR)
If You are a resident of the United Kingdom, Your Personal Data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You have the same rights as those outlined in the EU GDPR section above.
The Company processes Personal Data in accordance with UK GDPR requirements. Our legal basis for processing, Your rights, and data transfer mechanisms for UK residents are equivalent to those described in the EU GDPR section, with the exception that:
International transfers from the UK are governed by UK adequacy decisions and UK-approved Standard Contractual Clauses.
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if You believe Your privacy rights have been violated.
For more information about Your UK privacy rights, visit the ICO website at www.ico.org.uk.
California Privacy Rights (CCPA/CPRA)
If You are a California resident, You have specific rights regarding Your Personal Information under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Categories of Personal Information Collected
As defined under CCPA, We may collect the following categories of Personal Information:
Identifiers: Name, email address, postal address, IP address, and unique device identifiers.
Commercial Information: Records of services purchased or considered.
Internet or Network Activity: Browsing history, search history, and information regarding interaction with our Service.
Geolocation Data: If provided by your device settings.
California Online Privacy Protection Act (CalOPPA)
Pursuant to CalOPPA, We agree to the following:
Posting of Privacy Policy: This Privacy Policy is conspicuously posted on our website.
Notification of Changes: Users will be notified of any Privacy Policy changes on our Privacy Policy Page and/or via email.
Do Not Track (DNT) Disclosure: Our Policy on "Do Not Track" Signals: We currently do not respond to Do Not Track ("DNT") signals. Do Not Track is a preference You can set in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the Preferences or Settings page of Your web browser. However, You can opt out of certain tracking through our cookie consent mechanism (for EU/UK users) or the "Do Not Sell or Share My Personal Information" link (for California users)
Security of Your Personal Data
The security of Your Personal Data is important to Us. We have implemented appropriate technical and organizational measures to protect Your Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Security Measures We Implement
Encryption: We use industry-standard encryption protocols (TLS/SSL) to protect data in transit and encryption at rest for sensitive data.
Access Controls: We implement strict access controls to ensure that only authorized personnel have access to Personal Data on a need-to-know basis.
Security Monitoring: We regularly monitor our systems for potential vulnerabilities and attacks
Employee Training: Our employees receive regular training on data protection and privacy best practices.
Third-Party Audits: We conduct regular security assessments and audits of our Service Providers.
Incident Response: We maintain an incident response plan to quickly address any security breaches.
However, remember that no method of transmission over the Internet, or method of
electronic storage is 100% secure. While We strive to use commercially reasonable
means to protect Your Personal Data, We cannot guarantee its absolute security.
Data Breach Notification
In the event of a data breach that affects Your Personal Data, We are committed to
transparency and compliance with applicable breach notification laws.
What Constitutes a Reportable Breach
A reportable data breach occurs when there is unauthorized access to, or collection, use, disclosure, or disposal of Personal Data that creates a real risk of significant harm to individuals. This includes:
Identity theft or fraud
Financial loss
Damage to reputation or relationships
Loss of employment or business opportunities
Our Breach Response Procedures
In the event of a data breach, We will:
Immediate Action: Take immediate steps to contain the breach and prevent further unauthorized access.
Investigation: Conduct a thorough investigation to determine the scope, nature, and impact of the breach.
Notification to Authorities: For Canadian residents: Notify the Office of the Privacy Commissioner of
Canada as soon as feasible if the breach creates a real risk of significant harm. For EU/EEA residents: Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individual rights and freedoms. For UK residents: Notify the UK Information Commissioner's Office (ICO) within 72 hours where feasible. For California residents: Comply with California breach notification law requiring notification without unreasonable delay.
Notification to Affected Individuals: Notify You without undue delay if the breach is likely to result in a high risk to Your rights and freedoms. The notification will include: A description of the nature of the breach, The categories and approximate number of individuals affected, The categories and approximate number of Personal Data records, affected, The likely consequences of the breach, Measures taken or proposed to address the breach and mitigate harm, Contact information for our Data Protection Officer or Privacy Officer
Documentation: Maintain detailed records of all data breaches, including the facts, effects, and remedial actions taken.
Timeline for Notifications
PIPEDA (Canada): As soon as feasible after determining a real risk of significant harm exists.
GDPR (EU/EEA): Within 72 hours to supervisory authorities; without undue delay to affected individuals.
UK GDPR: Within 72 hours where feasible to the ICO; without undue delay to affected individuals.
California Law: Without unreasonable delay; specific timing depends on the nature of the breach.
Children's Privacy
Our Service does not address anyone under the age of 13 (or 16 for residents of the EEA and UK). We do not knowingly collect personally identifiable information from anyone under the age of 13 (or 16 for EEA/UK residents). If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us.
If We become aware that We have collected Personal Data from children without verification of parental consent, We take steps to remove that information from Our servers within a reasonable timeframe.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Age Verification
We may implement age verification mechanisms to prevent minors from accessing our Service. These mechanisms may include:
Self-declaration of age during registration
Verification through third-party age verification services (where required)
Parental consent mechanisms for users who indicate they are under the required age
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. Your interactions with these third-party websites are governed by their respective privacy policies, not this Privacy Policy.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective. For material changes that significantly affect Your rights, We may require You to affirmatively accept the new Privacy Policy before continuing to use the Service.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.