PrivacyPolicy

We collect information to provide, improve, and personalize our Services. The types of information we collect include: Account Information: When you create an account, we collect your name, email address, and payment information. If you sign up through a third-party service (e.g., Google, GitHub), we may receive your profile information from that service. Usage Data: We automatically collect information about how you interact with our Services, including API calls, features used, timestamps, error logs, and performance metrics. Voice Data: When you use our text-to-speech or voice cloning features, we process the text inputs you provide and any audio samples you upload. Voice clone models are stored securely and associated with your account. Device Information: We collect device type, operating system, browser type, IP address, and general location data (city/country level) for analytics and security purposes. Communications: If you contact us for support or provide feedback, we retain the content of those communications.

We use the information we collect for the following purposes: Service Delivery: To provide, maintain, and operate the Services, including processing your API requests and generating voice outputs. Improvement: To analyze usage patterns, diagnose technical issues, and improve the quality and performance of our voice AI models and infrastructure. Personalization: To customize your experience, remember your preferences, and provide relevant recommendations. Communication: To send you service updates, security alerts, billing notifications, and, with your consent, marketing communications. Security: To detect, prevent, and address fraud, abuse, security threats, and technical issues. Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests. We do NOT use your voice data to train our general models without your explicit opt-in consent. Voice clones are private to your account and are not accessible to other users.

We implement industry-standard security measures to protect your personal information: Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed and stored securely. Infrastructure: Our services are hosted on SOC 2 Type II certified cloud infrastructure with data centers in the United States and European Union. Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. We maintain detailed access logs and conduct regular security audits. Incident Response: We maintain a comprehensive incident response plan and will notify affected users within 72 hours of becoming aware of a data breach, in accordance with applicable regulations. Backups: Data is regularly backed up with the same encryption standards as primary storage. Backup retention follows our data retention policy. Third-Party Audits: We undergo annual third-party security assessments and penetration testing to identify and address vulnerabilities.

We work with trusted third-party service providers to operate our business. These providers have access to personal information only as necessary to perform their functions and are contractually obligated to protect it: Payment Processing: Stripe processes all payments. We do not store your full credit card number on our servers. Stripe's privacy policy governs their handling of payment data. Analytics: We use privacy-focused analytics tools to understand usage patterns. Data is aggregated and anonymized wherever possible. Cloud Infrastructure: Our services run on cloud infrastructure provided by major cloud providers with SOC 2, ISO 27001, and other certifications. Email Communications: We use trusted email service providers for transactional and marketing emails. Customer Support: Our support platform processes support requests and associated communications. We regularly review our third-party providers to ensure they maintain appropriate security and privacy standards.

We use cookies and similar technologies to enhance your experience: Essential Cookies: Required for the Services to function properly, including authentication, session management, and security. These cannot be disabled. Analytics Cookies: Help us understand how users interact with our Services. These collect aggregated, anonymized data about page views, feature usage, and navigation patterns. Preference Cookies: Remember your settings and preferences (e.g., theme, language) to provide a personalized experience. We do NOT use advertising cookies or tracking pixels from third-party advertisers. We do not participate in cross-site tracking or sell cookie data. You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling essential cookies may affect the functionality of the Services.

Depending on your location, you may have the following rights regarding your personal data: Right to Access: Request a copy of the personal data we hold about you. Right to Rectification: Request correction of inaccurate or incomplete personal data. Right to Erasure: Request deletion of your personal data (subject to legal retention requirements). Right to Data Portability: Request an export of your data in a machine-readable format. Right to Restrict Processing: Request that we limit how we process your data. Right to Object: Object to processing of your personal data for certain purposes, including marketing. Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. California Residents (CCPA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of any "sale" of personal information (note: we do not sell personal information). EU/EEA Residents (GDPR): You have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at privacy@nur.ai. We will respond within 30 days.

We retain personal data only for as long as necessary to fulfill the purposes described in this policy: Account Data: Retained for the duration of your account plus 30 days after deletion to allow for account recovery. Usage Logs: API logs are retained for 90 days for debugging and analytics, then aggregated and anonymized. Voice Clones: Deleted within 30 days of account deletion or upon your request. Audio Outputs: Generated audio is cached for up to 24 hours for delivery, then deleted unless you save it to your account. Payment Records: Retained for 7 years as required by tax and financial regulations. Support Communications: Retained for 2 years after resolution for quality assurance purposes. You may request early deletion of your data at any time by contacting us at privacy@nur.ai.

The Services are not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate parental consent, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@nur.ai so we can take appropriate action. Educational institutions using Nur for minors must ensure they have obtained appropriate consent and comply with applicable laws, including COPPA and FERPA.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Notification: We will notify you of material changes by email (sent to the address associated with your account) and/or by posting a prominent notice on our website at least 30 days before the changes take effect. Review: We encourage you to review this policy periodically for the latest information about our privacy practices. Continued Use: Your continued use of the Services after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you should discontinue use of the Services. The "Last updated" date at the top of this policy indicates when it was most recently revised.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Privacy Team: privacy@nur.ai Data Protection Officer: dpo@nur.ai General Contact: hello@nur.ai Mailing Address: Nur AI, Inc. Attn: Privacy Team 548 Market Street, Suite 35000 San Francisco, CA 94104 United States For EU/EEA inquiries, you may also contact our EU representative at eu-privacy@nur.ai. We aim to respond to all privacy-related inquiries within 30 days.