Privacy Policy

Last updated: April 5, 2026

This Privacy Policy describes how nuvo.coach ("we", "us", "our") collects, uses, and protects your personal data when you use the nuvó mobile application ("the App"). We are committed to protecting your privacy and handling your data transparently and in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name — to personalize your coaching experience
  • Email address — for account authentication and communication
  • Password — stored securely using bcrypt hashing (we never store plaintext passwords)

1.2 Coaching Data

As you use the App, we store:

  • Goals — your personal goals across three domains (mental wellness, physical health, financial health)
  • Milestones — progress tracking data for each goal
  • Chat messages — conversations between you and your AI coach
  • Progress data — check-in responses, streak data, and completion records
  • Coach preferences — which coaches you've selected for each domain

1.3 Technical Data

  • Push notification tokens — Expo push tokens for delivering check-in notifications
  • Usage statistics — daily message counts and monthly goal generation counts (for plan limit enforcement)
  • Subscription status — your current plan (Free or PRO) and expiration date

1.4 Information We Do NOT Collect

  • We do not collect location data
  • We do not collect contacts or address book data
  • We do not store payment card information (payments are handled entirely by Apple and Google)
  • We do not use cookies (the App is a native mobile application)
  • We do not use tracking pixels or third-party analytics

2. How We Use Your Data

We use your data for the following purposes:

  • Providing the coaching service — your goals, messages, and progress data are used to deliver personalized AI coaching
  • AI processing — chat messages are sent to OpenAI's API for generating coach responses. OpenAI processes these messages according to their data usage policy and does not use API data to train their models
  • Push notifications — we send daily check-in nudges and coaching reminders using Expo's push notification service
  • Plan management — subscription status is used to determine feature availability and usage limits
  • Service improvement — aggregated, anonymized usage patterns may be used to improve the App

3. Third-Party Services

We use the following third-party services to operate the App:

  • OpenAI — processes chat messages to generate AI coach responses. See OpenAI's Privacy Policy
  • MongoDB Atlas — secure cloud database for storing your data
  • Expo (expo.dev) — delivers push notifications to your device
  • RevenueCat — manages subscription status and communicates with Apple App Store and Google Play Store billing. See RevenueCat's Privacy Policy
  • Apple App Store / Google Play Store — handles all payment processing for in-app subscriptions

4. Data Storage and Security

  • Your data is stored in MongoDB Atlas, hosted on secure cloud infrastructure
  • All data transmission uses HTTPS/TLS encryption
  • Passwords are hashed using bcrypt with salt rounds
  • API access is protected by JWT (JSON Web Token) authentication
  • Rate limiting is applied to prevent abuse

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your personal data (name, email, goals, messages, progress) will be deleted
  • Subscription data managed by Apple/Google may be retained by those platforms according to their policies

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to data portability — request your data in a structured, machine-readable format
  • Right to restrict processing — request limitation of data processing
  • Right to object — object to certain types of processing

To exercise any of these rights, contact us at support@nuvo.coach. We will respond within 30 days.

7. Children's Privacy

The App is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the App or by email. The "Last updated" date at the top of this page indicates when this policy was last revised.

9. Contact

If you have any questions about this Privacy Policy or your data, please contact us: