NewPMOS is the new name for PCOS. Read why →
nuravi

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy describes how Deina Labs Inc. ("Deina Labs", "Nuravi", "we", "us", or "our") collects, uses, shares, and protects information when you use Nuravi (the "Service"). The Service includes the Nuravi website, web dashboard, iOS and Android apps, and the AI companion you message over iMessage and SMS.

We wrote this policy to be readable. If something is unclear, email team@nuravi.co and we will answer.

1. Who this applies to

This policy applies to people who use Nuravi. We currently offer the Service to adults (18+) in the United States. If you are outside the United States, your data will be transferred to and processed in the United States.

2. About health data and HIPAA

Nuravi is a consumer wellness product, not a healthcare provider. Nuravi is not currently a HIPAA-covered entity, and the data you share with us is not protected by HIPAA. You are sharing health-related information voluntarily, as a consumer.

We treat that information carefully because we know it is sensitive. The rest of this policy explains how. If we ever become HIPAA-covered, or sign business associate agreements with healthcare providers on your behalf, we will update this policy and notify you before that change takes effect.

3. What we collect

We collect only what we need to run the Service.

Account information. Your first name and mobile phone number. We do not require an email address. We do not store passwords because we sign you in with a one-time code sent to your phone.

Conversations with the AI. The iMessage and SMS messages you send to Nuravi, the messages Nuravi sends back, and any photos or links you share with it (for example, a photo of a meal or a lab result). The AI's responses are generated based on these messages and on the data described below.

Health and lifestyle data you choose to share. Examples: menstrual cycle dates and symptoms; meals, snacks, and drinks; body measurements (such as weight, waist, body composition); supplements, medications, and protocols you are following; symptoms (such as acne, fatigue, mood, sleep, GI); goals (such as cycle regularity, weight, clearer skin, fertility); lab values you choose to share by text or photo; specialist visits and clinical notes you choose to share.

Wearable and integration data, if you connect them. For example, Apple Health, Health Connect, Oura, Whoop, or other wearables. We receive only the metrics you authorize, and only while the connection is active. You can disconnect at any time from your account settings.

Device and usage data. Device type, operating system, app version, IP address, basic event logs (such as which screen you opened or which message succeeded), and crash reports. This helps us run, debug, and secure the Service.

Information about payments, if and when we charge. Currently the Service is free. If we introduce paid plans, payments will be handled by a regulated payment processor; we will receive only the metadata we need (such as plan, status, and last four digits of the card), never your full card number.

4. What we do not collect

  • We do not collect your contacts, photo library, or microphone unless you explicitly upload a photo or connect an integration.
  • We do not collect precise GPS location.
  • We do not use tracking pixels or third-party advertising SDKs to follow you around the web.

5. How we use what we collect

We use your information to:

  • deliver the Service: respond to your messages, run the AI, show your dashboard and visualizations;
  • personalize the Service to you: remember the protocols you have tried, the foods that affect you, your cycle patterns, your goals, and the corrections you have given the AI;
  • generate derived data that helps you: weekly summaries, cycle averages, food-symptom links, goal trends, "next-step" suggestions;
  • keep the Service secure: detect abuse, fraud, and bots; rate-limit; investigate incidents;
  • improve the Service for everyone, using aggregated and de-identified data only (see Section 8);
  • comply with law and enforce our Terms of Service.

We do not use your information for any purpose that is not described in this policy without asking you first.

6. Sub-processors that help us deliver the Service

To run Nuravi we rely on a small set of third-party providers. They process your information on our behalf, under contract, only for the purposes we direct, and they are not allowed to use it for their own products. We keep this list current.

Sub-processorPurposeWhat they see
AnthropicPowers the AI (Claude models)The text of your messages, the context Nuravi sends with each request, and the AI's response. Anthropic's API terms apply; by default Anthropic does not retain API inputs or outputs to train its models.
SendblueDelivers iMessage and SMSYour phone number and the text of messages sent to and from Nuravi. Carrier metadata required to deliver the message.
SupabaseDatabase, authentication, and hostingEncrypted storage of your account, conversation history, and logged data. US region.
VercelWeb app and marketing site hostingStandard web server logs (IP, user agent, request paths). Vercel does not have access to your conversation history or logged data.
Apple, GoogleiOS App Store, Google Play, Apple Push Notification service, Firebase Cloud MessagingStandard app distribution and push-notification metadata.
PostHog (analytics, if enabled)Product analyticsDe-identified or pseudonymized event data about how the Service is used. No conversation content. You can opt out from the cookie banner.

We will update this section before adding a new sub-processor that materially affects your data.

7. How we share information

We do not sell your personal information, and we do not share identifiable health data with advertisers. We share information only in these limited cases:

  • With the sub-processors above, under contract, to run the Service.
  • With you, when you choose to share something (for example, exporting your data, or following a link we surface to a clinician-finder).
  • For legal reasons, if we are required to comply with a valid legal process (subpoena, court order) or to protect the rights, safety, or property of Nuravi, our users, or the public. We will push back on overly broad requests and, where allowed, tell you about a request that targets your data.
  • In a business transfer, if Deina Labs is acquired, merged, or reorganizes, your information may transfer to the successor entity, subject to this policy. We will notify you of any change of control.

8. AI training

We do not use your conversations, photos, or logged data to train third-party foundation models, and our sub-processors are contractually prohibited from doing so. We may use aggregated and de-identified data to evaluate and improve our own prompts and pipelines (for example, to measure that the AI correctly recognizes a period log, or to debug a regression). We do not build identifiable profiles of you for any purpose other than delivering your own Service.

9. Where your data lives and how long we keep it

Your data is stored in the United States, on encrypted infrastructure (TLS in transit; AES-256 at rest in our database provider).

We keep your data while your account is active. You can delete your account, and all data tied to it, at any time from the Service. Deletion is permanent and propagates to our sub-processors. Some routine backups may persist for up to 30 days before they roll off; after that period, deleted data is gone.

We may retain a minimal amount of operational data (for example, security logs, abuse signals, or records required to comply with law) for as long as we need to for those purposes.

10. Your rights

Regardless of where you live, you can:

  • Access the information we have about you. Email team@nuravi.co.
  • Correct it, either in the Service or by messaging us.
  • Delete your account and all associated data from your account settings.
  • Export your data — email us and we will send you a copy in a portable format.
  • Withdraw consent for analytics at any time from the cookie banner.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA / CPRA): the right to know, to delete, to correct, to opt out of sale or sharing (we do not sell or share, as those terms are defined), and to limit use of sensitive personal information. You can exercise any of these by emailing team@nuravi.co. We will not discriminate against you for exercising them.

If you are in the EU, UK, or another jurisdiction with similar laws, you also have the right to lodge a complaint with your local data-protection authority. The legal basis on which we process your data is your consent, our contract with you (these Terms), and our legitimate interest in operating and securing the Service.

11. Children

Nuravi is not directed at, and not available to, anyone under 18. We do not knowingly collect information from anyone under 18. If you believe a minor has used the Service, email team@nuravi.co and we will delete the account.

12. Cookies and similar technologies

On the website, we use a small number of essential cookies to keep you signed in, remember your preferences, and protect against abuse. With your consent, we use product-analytics cookies to understand which parts of the site work and which do not. You can manage your consent from the banner at the bottom of the page, and you can clear cookies from your browser at any time.

The mobile and iMessage products do not use web cookies. The mobile app uses standard device identifiers required by the operating system to deliver push notifications.

13. Messaging and carrier data

When you message Nuravi over iMessage or SMS, your wireless carrier and Sendblue route the message to us. Carriers may retain delivery metadata (phone number, timestamp) according to their own policies. Message and data rates from your carrier may apply. You can opt out of messaging at any time by replying STOP; doing so will end your ability to use the Service.

14. Security

We protect your information with administrative, technical, and physical safeguards proportionate to its sensitivity: encryption in transit and at rest, scoped database access, audited authentication, code review, and incident response procedures. No system is perfectly secure, and we cannot guarantee absolute security. If we ever experience a breach that affects your data, we will notify you and the relevant authorities as required by law.

15. International transfers

Your data is processed in the United States. If you access the Service from outside the United States, you understand that your data will be transferred to, stored in, and processed in the United States.

16. Changes to this policy

We may update this policy as the Service evolves. If we make a material change, we will let you know by message, email, or in-product notice, and we will update the "Last updated" date above. The current version is always at this URL.

17. Contact

Deina Labs Inc. 228 Park Avenue S, PMB 84210 New York, NY 10003 team@nuravi.co