Legal

Privacy Policy

Last updated: [DATE — to be finalized at launch] · applies to the Nuri mobile app and this website (nuri.cdlofficial.eu)

In short

  • Everything you log about your baby stays on your phone by default. Nuri works fully offline, with no account.
  • Cloud backup is strictly opt-in: it only exists if you sign in and is readable by your account alone.
  • Nuri contains no analytics, no crash reporting (no Crashlytics), no advertising identifiers, and no trackers of any kind.
  • We never sell, share, rent, or monetize your data. Nuri is paid for once, by you — you are the customer, not the product.
  • You can export everything and delete everything, at any time, from inside the app.

1. Who we are

Nuri is an independent baby-rhythm companion app for caregivers of infants aged 0–24 months, published by CDL (“we”, “us”). For anything in this policy, you can reach us at privacy@cdlofficial.eu.

2. What data Nuri stores

Nuri only stores what you choose to enter while caring for your baby:

  • Baby profile — name, date of birth, sex (used solely to select the correct WHO growth curves), and optional birth weight/length.
  • Sleep logs — nap and night-sleep times, locations, quality notes.
  • Feeding logs — breast/bottle feeds, durations, amounts.
  • Solids & allergen logs — foods introduced, amounts, and any reactions you record.
  • Growth measurements — weight, length, head circumference, and percentiles computed on-device.
  • Milestones, leaps & moments — progress checklists and short notes you write.
  • Preferences — theme, units, language, notification toggles.

Nuri never collects: your location, your contacts, your photos (v1 is text-only), advertising identifiers, browsing activity, or any data about other apps on your device.

3. Where your data lives: on your device

All of the above is stored in a local SQLite database inside the app’s private sandbox (the iOS app container / Android internal storage), protected by your operating system’s built-in encryption and inaccessible to other apps. Predictions — such as the next nap window — are computed entirely on your phone, including the machine-learning model, which ships inside the app. Nothing you log is transmitted anywhere by default, and the app is fully functional with no account, no email, and no network connection.

4. Optional cloud backup (opt-in only)

If — and only if — you sign in with Google or Apple, Nuri can back up your data so a lost or replaced phone doesn’t lose your baby’s first years. Specifically:

  • Backup uses Firebase Authentication and Cloud Firestore (Google Cloud), storing a copy of your local data under your account ID.
  • Backups run on demand and roughly every 24 hours while you remain signed in.
  • Access is enforced by Firebase Security Rules: only your authenticated account can read or write your data. There is no cross-user access, no shared pool, and no staff dashboard browsing your logs.
  • Data is encrypted in transit and at rest by Google Cloud.
  • Signing out, or never signing in, means your data exists in exactly one place: your phone.

Sign-in itself shares only what the provider sends for authentication (an account identifier and, depending on the provider, your name/email). Apple’s “Hide My Email” works fine with Nuri.

5. What we deliberately do not do

  • No analytics — no Google Analytics, no Firebase Analytics, no usage tracking of any kind.
  • No crash reporting — no Crashlytics or similar. Error logs stay on your device, visible only in an in-app debug drawer you can choose to screenshot when contacting support.
  • No advertising — no ads, no ad SDKs, no advertising identifiers (on iOS, Nuri never requests App Tracking Transparency because there is nothing to track).
  • No profiling, no data sales, no “partners” — your data is not shared with, sold to, or processed by any third party beyond the opt-in Firebase backup described above.
  • No remote content — all guidance content (foods, leaps, milestones, safe-sleep) is bundled and signed into the app build.

6. Purchases

Nuri’s premium features are a one-time purchase processed entirely by Apple’s App Store or Google Play billing. We never see or store your payment details. The purchase is tied to your store account (and, if you sign in, to your Nuri account so it follows you across devices).

7. Children’s privacy

Nuri is used by parents and caregivers, about their children — the parent is the user and the data controller of the records they create. Nuri collects no data directly from children, offers no child-directed interface, and contains no social features, ads, or third-party content. The only child-related data in the app is what a parent voluntarily enters, and it remains under that parent’s exclusive control (on-device, or in their own account-bound backup). Deleting the app or the account deletes that data.

8. Your rights: export and deletion

  • Export — you can export your complete data as CSV, PDF, or JSON from Settings → Data & Privacy, at any time, with no request process. The JSON export is a full round-trip copy suitable for migration or independent backup.
  • Deletion — Settings → Data & Privacy → “Delete account” purges your cloud backup from Firestore and wipes local data. If you never signed in, deleting the app deletes everything, because everything was on your phone.
  • GDPR (EU) / CCPA (California) — access, portability, rectification, and erasure are all satisfied in-app, without emailing anyone. For anything the app can’t do, write to privacy@cdlofficial.eu and we’ll respond within 30 days. We do not “sell” or “share” personal information as defined by the CCPA.

9. Data retention

On-device data is retained until you delete it. Cloud backups are retained while your account exists and are deleted when you delete your account. We keep no server-side logs of your activity, because there is no server of ours observing it.

10. Medical disclaimer

Nuri is a companion, not medical advice. For concerns, call your pediatrician. Nuri’s predictions, trends, and guidance are informational, drawn from published research (AAP, WHO, and peer-reviewed sleep science), and are never a diagnosis, treatment, or a substitute for professional medical care. Nuri is not a HIPAA-covered service. If you believe your child is experiencing a medical emergency, contact emergency services immediately.

11. This website

This site is a static informational page. It sets no cookies, runs no analytics, and uses no tracking pixels. Fonts are loaded from Google Fonts’ CDN, which receives the standard technical request data (such as your IP address) needed to serve the font files; see Google Fonts’ privacy FAQ. Our hosting provider keeps ordinary, short-lived server access logs for security and operations.

12. Changes to this policy

If the way Nuri handles data ever changes — for example, an optional “help improve Nuri” program in a future version — we will update this policy, change the date at the top, and any new data flow will be opt-in, explained in plain language inside the app before it ever activates. The defaults will stay private.

13. Contact

Privacy questions or requests: privacy@cdlofficial.eu
Everything else: hello@cdlofficial.eu