Privacy Policy

1. Who we are

NuriPass is operated by NuriPass LLC ("we," "us," or "our"). We provide a digital medical context passport service accessible at getnuripass.com. You can contact us at hello@getnuripass.com with any questions about this policy.

2. What information we collect

We collect the following types of information: Account information: When you create an account, we collect your name and email address. Profile information: Information you voluntarily enter into your NuriPass profile, including the subject's name, date of birth, allergies and severity levels, safe foods, emergency contacts, emergency response steps, and optionally a photograph. Payment information: When you subscribe, your payment is processed by Stripe. We do not store your credit card details -- Stripe handles all payment data under their own privacy policy. Usage information: We collect basic analytics such as when your QR code is scanned (time and date only, no personal information about the scanner). Technical information: Standard server logs including IP addresses and browser type, used for security and debugging purposes only.

3. How we use your information

We use your information to: -- Provide and operate the NuriPass service -- Display your profile information to anyone who scans your QR code -- Send you transactional emails (account confirmation, payment receipts, profile review reminders) -- Improve and maintain the service -- Comply with legal obligations We do not sell your personal information to third parties. We do not use your information for advertising purposes.

4. Public profile information

When you create a NuriPass profile, the information you enter (name, allergies, safe foods, emergency contacts, emergency steps, and optional photograph) is made publicly accessible via your unique QR code URL. This is the core function of the service -- it allows caregivers to access the information without an app or login. Please only include information you are comfortable sharing with anyone who may scan the code.

5. Photographs

If you choose to upload a photograph, it will be displayed publicly on your profile page to anyone who scans your QR code. Photo upload is optional. You can remove your photograph at any time from your dashboard. Photographs are stored securely and are never used for facial recognition or any analytical processing -- they are displayed only.

6. Children's privacy (COPPA)

NuriPass is designed for parents and guardians to create profiles for their children. We do not collect personal information directly from children. All profile information for minors is entered by a parent or legal guardian who consents on the child's behalf. If you are a parent and believe your child's information has been collected without your consent, please contact us immediately at hello@getnuripass.com and we will delete it promptly.

7. How we store and protect your information

Your data is stored securely using Supabase, a SOC 2 compliant database provider. All data is encrypted in transit using TLS and encrypted at rest. We implement row-level security policies to ensure users can only access their own data. We retain your data for as long as your account is active. When you delete your account, your profile data is permanently deleted within 30 days.

8. Third-party services

We use the following third-party services to operate NuriPass: Stripe -- payment processing (stripe.com/privacy) Supabase -- database and file storage (supabase.com/privacy) Resend -- transactional email delivery (resend.com/privacy) Vercel -- website hosting (vercel.com/legal/privacy-policy) Each of these services has their own privacy policy governing their use of your data.

9. Your rights

You have the right to: -- Access the personal information we hold about you -- Correct inaccurate information -- Delete your account and associated data -- Export your data -- Withdraw consent at any time To exercise any of these rights, contact us at hello@getnuripass.com. We will respond within 30 days.

10. Cookies

We use essential cookies only -- specifically, authentication session cookies that keep you logged in. We do not use advertising cookies or third-party tracking cookies.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of NuriPass after changes constitutes acceptance of the updated policy.

12. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at hello@getnuripass.com.

This privacy policy was prepared by the NuriPass team and reflects our genuine data practices. It is not a substitute for legal advice. If you have specific legal concerns, we recommend consulting a qualified attorney.