Privacy Policy

Last updated: October 4, 2024. This version replaces any version that may be of earlier date.

Thank you for choosing to be part of our community at Nuna Technologies ApS (“Company”, “Nuna”, “we”, “us”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at hello@nuna.ai. We follow best practice to review our Privacy Policy at least annually and make sure it’s easily accessible to you and our team, and always up to date.

When you visit our website https://www.nuna.ai, mobile application, use our Service, visit our SoMe, or otherwise interact with us, you trust us with your personal information. We take your privacy very seriously. In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. You must take time to read through it carefully, as it is important. If there are any terms in this privacy policy that you do not agree with, please discontinue use of any of our products or services.

This privacy policy applies to all information collected through our website (such as https://www.nuna.ai), mobile application (“apps”), and/or any related services, sales, marketing or events.

Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal information with us. This Privacy Policy covers the following and shall be read as one document, also together with our Cookie Policy:

What personal data do we collect?
How do we use the data we collect?
Do we share or exchange personal data with any third parties?
Where we store personal data, for how long, and how we dispose of it?
Specific schedule explaining the above
How our team responds in the event of a data breach?
How can you contact us or delete your data or exercise other rights?

What data do we collect?

We collect personal information that you provide to us when registering at the Service, when you are expressing an interest in obtaining information about us or the Services, when you are participating in activities or otherwise active through the Service, on our website, application, SoMe or otherwise contacting us.

The personal information that we collect depends on the context of your interactions with us and the Service, and it depends on the choices you make and the products and features you use. We collect your well-being score, your acute stress score and your mental health risk score as well as your score on our 10 well-being dimensions: autonomy, resilience, emotional balance, coping, relationships, life balance, meaning, optimism, physical well-being, self-love. Further more we collect the data that you share via interaction with out chat and when working with our tools. . We further collect all the data that you provide us directly when signing up to the Service. We also collect the data you provide us when using the Service.

Some information is automatically collected. This includes:

IP address and/or browser and device characteristics — is collected automatically when you visit our Service.
Certain information from your visit, use or navigate the Services or Apps. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use the Service and other technical information. This information is primarily needed to maintain the security and operation of our Services or Apps, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies, and we collect information regarding your push notifications, when you use our Service. We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies, what information we register and how you can refuse certain cookies is set out in our Cookie Policy.

We request to send you push notifications regarding your account and the Service in general. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

How do we use the data we collect, and do we share or exchange personal data?

We process your personal data for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, or your direct consent. See further description below. See also specific schedule in the section below as an integral part.

Consent: We process your data if you have given us specific consent to use your personal information for a specific purpose.

Legitimate Interests: We process your data when it is reasonably necessary to achieve our legitimate business interests.

Performance of a Contract: Where we have entered into a contract with you, we process your personal data to fulfill the terms of our contract.
Legal Obligations: We disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we need to process your data or share your personal information in the following situations:

Operational Exchanges: We share or exchange your data with our third-party AI backend provider as a part of your interaction with the Service.
Business Transfers: We share or transfer your data in connection with, or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

The Service builds on AI-powered features as an integrated part of the functionality of the Service. When using these features, your interactions with the Service exchange data with an AI backend and involve the exchange of data between the Service and a third-party service and is logged and analyzed to improve the quality of service and provide personalized responses.

Data Exchange and Processing: When you interact with the AI features in the Service, certain data is transmitted to the third-party AI backend service for analysis and processing. This data may include your messages, queries, or other information provided during the interaction. The third-party AI backend service process this data to generate responses, provide recommendations, or perform other functions based on the nature of the AI features. This processing involves the use of machine learning algorithms, natural language processing techniques, and other technologies to analyze and interpret the data.
Data protection Measures: We take measures to protect your personal data and ensure the security of data exchanged with the third-party AI backend service. This includes implementing encryption, access controls, and other security measures to prevent unauthorized access, use, or disclosure of your data.
Our third-party AI backend service providers comply with GDPR and CCPA. And a full Data Processing Agreement is in place between our companies. The respective API behind that data exchanges have been evaluated by a third-party security auditor and is SOC2 Type2 compliant. This means that we have contractual agreements in place with the third-party service provider to ensure that they adhere to strict privacy and security standards. These agreements outline the terms and conditions for data processing, security measures, and compliance with applicable privacy laws and regulations and can prove this through the certification compliance.
Data Retention and Deletion: We retain data exchanged with the third-party AI backend service only for as long as necessary to fulfill the purposes for which it was collected. We adhere to data retention policies and procedures to ensure that data is not kept longer than required.

Please note that we transfer your personal data to a third party, service provider located outside the European Economic Area (EEA) for the purposes described in this Privacy Policy. Such transfers are made in compliance with the EU-US Data Privacy Framework.

We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data, including:

Encryption of data transmission
Access controls and authentication mechanisms
Regular security assessments and audits
Employee training on data protection and security best practices

We also use the information we collect or receive for non-personal, quantitative purposes. As such, we use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve the Service, related communication and your user experience. We use and store this information in aggregated and anonymized form so that it is not associated with individual user data and does not include personal information. For this purpose we will not use identifiable personal information without your consent.

Where and how long do we store personal data?

We will only keep your personal information for as long as it is necessary for the purposes set out in the Terms and Conditions, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

No purpose in the Terms and Conditions will require us keeping your personal information for longer than the period of time in which you have an account with us.

When we have no ongoing legitimate business needs to process your personal information, we will either delete or anonymize it.

Date is stored at GDPR compliant hosting provider.

For data storage, we have implemented appropriate technical and organizational security measures designed to protect the safety of any personal information we process. Any data transmission of personal information to and from our Service is at your own risk. You should only access the services within a secure environment. See Schedule 1 below.

Our Security and how we react in the event of a data breach?

We endeavor to safeguard and protect all data and the systems that operates Nuna. When you make your personal data available to us, this data is protected both online and offline (to the extent that we maintain any personal data offline). The privacy of your personal data is very important to us. When the Service asks you to submit data as a part of you using the Service, the transfer of data is encrypted and is protected with the appropriate current industry standard software that employs state-of-the-art, best-practice encryption methods and algorithms.

Access to your personal data is strictly limited, and we take reasonable measures to ensure that your data is not accessible to the public. The servers that we store data on are kept in a secure physical environment. We also have security measures in place to protect the loss, misuse and alteration of any data under our control. Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your data, and technological bugs, errors and glitches may cause inadvertent disclosures of data; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software constitutes a crime punishable by law. For the reasons mentioned above, we cannot warrant that your data will be secure. Any transmission of data at or through the Service is always at your own risk.

Our team members are dedicated to ensuring the security and privacy of all personal data. We shall notify you and any applicable regulatory agencies if we learn of an information security breach with respect to your personal data. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed addressing the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.

How can you contact us or delete your personal data or exercise other rights?

We have appointed a Technical responsible person – also called a Data Protection Officer (DPO) who is responsible for overseeing compliance with GDPR requirements and addressing any questions or concerns regarding the processing of your personal data. If you have any questions or concerns about our GDPR compliance or the processing of your personal data, please contact us at hello@nuna.ai

Under GDPR, you have certain rights regarding your personal data, including:

Right to Access: You have the right to request access to your personal data and receive information about how it is processed.
Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances, such as when you contest the accuracy or the processing of the data.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller. We will do our outmost to provide this to you, in case you request this.
Right to Object: You have the right to object to the processing of your personal data under certain circumstances, such as when the processing is based on legitimate interests or for direct marketing purposes.

You can exercise these rights by contacting us via e-mail at hello@nuna.ai; provided, however, that we ask you to identify yourself and the information requested to be accessed or updated before processing such requests. We will comply with your request as soon as reasonably practicable. However, we may maintain any data whenever we are required to do so by law or regulations or as we believe is reasonably necessary to comply with applicable law or regulations, government requests, to detect or prevent fraud, to resolve disputes, to address problems with the Service, to assist with investigations, or to enforce our terms and conditions or other applicable agreements or policies. We may also need to retain certain information for recordkeeping purposes. We will retain your personal data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.

You can at any time review or change the personal information in your account of the Service or delete your account by logging in to your Profile page.

Contact us if you have questions!

We will update this policy as necessary to stay compliant with relevant laws.

We may update this privacy policy from time to time. The updated version will be indicated by an updated “revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes in the Service or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

If you have questions or comments about this policy, you may email us at hello@nuna.ai or by post to:

Nuna Technologies ApS
Ragnagade 7
Copenhagen 2100
Denmark

Schedule 1

Category of data subjects	Category of personal data	Purpose and legal basis	Retention period	Disclosure, categories of recipients
Visitors to Nuna website	Device information, cookie preferences, IP address	To ensure the proper functioning and security of the website. Legitimate interest in maintaining a functional, secure site.	See cookie policy	No third-party recipients except necessary IT service providers for hosting and analytics (e.g. Google Analytics)
App users	Name, email, well-being score, acute stress score, mental health risk score, Energy balance score (ANS balance), score on our 10 well-being dimensions: autonomy, resilience, emotional balance, coping, relationships, life balance, meaning, optimism, physical well-being, self-love. IP address, device information	Provide personalized services based on user input (mental health scores). Legitimate interest in delivering the app’s functionality.	Retained as long asthe user has an active account; deleted or anonymized upon request or inactivity	Shared with service providers (e.g., AI backend) and as necessary for compliance with legal obligations. Data is encrypted and pseudonymized.
Social media users	Cookies, social media identifiers (e.g., Facebook, Twitter)	Improve social media integration and engagement. Legitimate interest in improving user interaction.	Varies by platform	Shared with social media platforms for user experience enhancement.
Internal app communications	Interaction data with AI features, chat summaries	To provide personalized responses and services via the AI chatbot. Legitimate interest in improving user experience.	Data is retained as long as necessary for service provision; deleted or anonymized post-use.	Shared with AI backend services under strict privacy agreements (GDPR/CCPA compliant)