NuvaNuva Help

Privacy Policy

Last updated: April 2026

1. Introduction

Nuva (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Nuva application and related services (“the Service”), available on the App Store (iOS), Google Play (Android), and at nuva.krd. By using the Service, you consent to the practices described in this policy.

2. Data We Collect

We collect the following categories of data to provide and operate the Service:

Account Information

When you sign in with Google, we receive your email address and profile name. We store your email, display name (editable), and professional designation (selected during onboarding from options including Doctor, Pharmacist, Nurse, Medical Student, Dentist, Physiotherapist, Laboratory Technician, Radiology Technician, Midwife, Paramedic, and Non-medical).

Profile Preferences

Language setting (English, Arabic, or Kurdish), theme mode (light/dark), and accent color preference (normal, blue, green, purple, rose, orange). These are stored in your profile on our database.

Chat Messages

Text messages you send to AI agents and the AI-generated responses. Each chat stores up to 20 messages. A maximum of 15 chats are retained per user. Only message text (role and content) is stored — not attachments.

Attachments (Transient Processing Only)

Images, voice recordings, text files, and other file attachments you send are transmitted to our AI for processing. Attachments are NOT permanently stored. They are processed securely for the AI response and then discarded. Only the text content of your messages is persisted.

Shared Conversations

When you use the sharing feature, the shared messages, a title, and a unique share ID are stored in our database. Shared conversations are publicly accessible to anyone with the share link.

Technical Data

Standard request metadata (IP address, device type) is processed by our servers for rate limiting and security. We do not use third-party analytics services or tracking pixels.

3. How We Use Your Data

  • Provide the Service: Authenticate your identity, process your messages through our AI, generate responses, and maintain your conversation history.
  • Personalization: Apply your language, theme, accent color, and profile preferences across the app.
  • Security & Rate Limiting: Enforce request limits, validate authentication tokens, and protect against abuse using industry-standard security measures.
  • Communication: Respond to support requests you submit via email.

4. Third-Party Services

We use the following third-party services to operate Nuva:

Google Sign-In

We use Google OAuth 2.0 for authentication. We receive your email address and profile name from Google to create your account. We do not receive or store your Google password. policies.google.com/privacy

AI Processing

Your messages and attachments are processed by our AI reasoning engine to generate responses. This processing occurs on secure servers. Messages are transmitted securely and attachments are discarded after processing.

Cloud Infrastructure

We use industry-standard cloud infrastructure providers for secure data storage, authentication, and session management. All data is protected with encryption at rest and in transit.

We do not sell your personal data to any third parties. We do not use advertising networks, third-party analytics, or tracking services. Data is shared with infrastructure providers solely as necessary to provide the Service.

5. Your Rights

In accordance with GDPR and applicable data protection regulations, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you by contacting support@nuva.krd.

Right to Delete

You can delete individual chats at any time through the app. You can request full account deletion by contacting support@nuva.krd. Upon deletion, all profile data, chats, and shared conversations linked to your account will be permanently removed.

Right to Export

You can request an export of your personal data in a machine-readable format by contacting support@nuva.krd.

Right to Rectification

You can update your display name, profession, language, and theme preferences at any time through Settings in the app.

Right to Restriction & Objection

You can request restriction of processing or object to specific data uses by contacting support@nuva.krd.

6. Cookies & Local Storage

Nuva uses cookies and browser local storage for essential functionality only:

  • Authentication tokens: Stored securely on your device to maintain your signed-in session.
  • User preferences: Language and theme settings are cached locally on your device for offline access.

We do not use tracking cookies, advertising cookies, third-party analytics cookies, or any non-essential cookies. No user-tracking scripts (Google Analytics, Facebook Pixel, etc.) are present in the Service.

7. Data Retention

We enforce the following data retention rules:

  • Account & profile data: Retained until you request account deletion.
  • Chat history: Maximum 15 chats per user, each with up to 20 messages. When a 16th chat is created, the oldest is automatically deleted.
  • Automatic chat expiry: Chats older than 1 month (based on creation date) are automatically deleted from the database.
  • Attachments: Images, audio, and files are processed transiently and are NOT stored in the database. Only message text is persisted.
  • Shared conversations:Retained until the user who created them deletes them, or until the user's account is deleted.
  • After account deletion: All associated data (profile, chats, shared conversations) is permanently and irreversibly deleted from our systems.

8. Data Security

We implement the following security measures:

  • Encryption in transit: All data is transmitted over HTTPS (TLS/SSL).
  • Secure authentication: Token-based authentication validated server-side for every request.
  • Data isolation: Strict access controls ensure that users can only access their own data.
  • Security headers: Industry-standard HTTP security headers are enforced on all responses.
  • Rate limiting: Request rate limiting is enforced to prevent abuse and ensure platform stability.
  • Input validation: All inputs are validated to prevent injection and malformed data.

While we strive to protect your data with these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Nuva is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at support@nuva.krd and we will take steps to delete such data.

10. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence. Our cloud infrastructure and AI processing may occur in data centers located in various regions. By using the Service, you consent to the transfer of your data to these jurisdictions. We ensure that appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at support@nuva.krd.