Privacy Policy

1. Data Controller

The controller responsible for data processing on this website and the Nour app is:

Linus Kaiser
Klüberstraße 8
60325 Frankfurt am Main, Germany
Email: support@nour.you

2. What Data We Collect

Website

• Beta signup form: email address
• Contact form: name, email address, subject, message
• Server logs: IP address, browser type, pages visited, timestamps (collected automatically by our hosting provider)

Nour App

• Account information (email, display name)
• Health and fitness data you choose to log (workouts, meals, body metrics)
• Data synced from Apple HealthKit (with your explicit permission)
• Device information for compatibility and crash reporting

3. Legal Basis for Processing (Art. 6 GDPR)

• Consent (Art. 6(1)(a)): beta signup, optional marketing communications, HealthKit data sync
• Contract performance (Art. 6(1)(b)): providing the Nour app and account services, processing contact inquiries
• Legitimate interests (Art. 6(1)(f)): server logs for security and abuse prevention, improving our service

Where we process health-related data in the app, this is based on your explicit consent (Art. 9(2)(a) GDPR). You can withdraw consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

• Provide and personalize the Nour app experience
• Respond to contact form inquiries
• Notify beta applicants about access
• Send transactional emails (confirmations, account-related notices)
• Maintain security and prevent abuse
• Improve our product based on aggregated, non-identifying usage patterns

5. Recipients & International Transfers

To provide our service, your data may be processed by the following categories of recipients:

• Cloud infrastructure providers — for hosting, data storage, and backend processing (EU and US)
• Email service providers — for sending transactional and notification emails (US)
• Web hosting providers — for serving this website (EU)

Some of these providers are based in the United States. Where data is transferred outside the EU/EEA, this is covered by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as appropriate. We do not sell your personal data to any third party.

You can request a full list of specific sub-processors by contacting us at support@nour.you.

6. Data Retention

• Beta signups: retained until the beta program ends or you request deletion
• Contact form submissions: retained for up to 12 months after the inquiry is resolved
• App account data: retained for as long as your account is active; deleted upon account deletion
• Server logs: automatically deleted after 30 days

7. Your Rights Under GDPR

You have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data ("right to be forgotten", Art. 17)
• Restrict processing (Art. 18)
• Data portability — receive your data in a machine-readable format (Art. 20)
• Object to processing based on legitimate interests (Art. 21)
• Withdraw consent at any time (Art. 7(3))

To exercise any of these rights, contact us at support@nour.you. We will respond within 30 days.

8. Right to Complain

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The competent authority for data protection complaints in Germany is the data protection authority of the federal state in which you reside, or the Federal Commissioner for Data Protection (BfDI).

9. Cookies & Local Storage

This website does not use advertising or analytics cookies. The Nour app and website may use essential local storage (IndexedDB, localStorage) to maintain functionality and session state. These are strictly necessary and do not require consent under the TTDSG.

10. Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top reflects the most recent revision. For significant changes, we will notify users via email where possible.