Privacy Policy

Last updated: April 6, 2026

1. Who We Are

Nuzzle is operated by Opal Harmony IKE, based in Greece. We are the data controller for your personal data. Contact: [email protected].

2. Data We Collect

Account data

Email address, name (optional), hashed password, Google account ID (if using Google sign-in).

Pet data

Pet name, species, breed, date of birth, weight, health conditions, medications, vet visit records, and other health details you provide.

Conversation data

Questions you ask and AI-generated responses, stored to provide conversation history.

Billing data

Stripe customer ID and subscription status. We never store credit card numbers — Stripe handles all payment processing.

Technical data

Session cookies (functional only), server logs with IP addresses (retained 30 days for security).

3. How We Use Your Data

  • Provide the service: Generate AI responses using your pet's profile, send reminders, track health
  • Billing: Process payments through Stripe
  • Email: Send reminder notifications and account-related emails (no marketing without consent)
  • Security: Detect abuse, prevent fraud, protect the service

We do not use your personal pet data to train AI models. Your conversations and pet profiles are used only to serve you.

4. Legal Basis (GDPR)

  • Contract: Processing your data to provide the service you signed up for
  • Legitimate interest: Security monitoring, abuse prevention
  • Consent: Marketing emails (if you opt in)

5. Third Parties

We share data with these processors only as necessary:

  • Stripe (payments) — processes billing data under their own privacy policy
  • Google (OAuth sign-in, Gemini AI embeddings) — receives email for auth; pet queries sent to Gemini for generating embeddings
  • OpenRouter (AI responses) — receives anonymized conversation context to generate responses
  • Gmail SMTP (email delivery) — reminder and account emails

We do not sell your data. We do not use advertising trackers.

6. Data Retention

  • Account and pet data: retained while your account is active
  • Conversations: retained while your account is active
  • Server logs: 30 days
  • Stripe billing records: as required by tax law (up to 7 years)
  • After account deletion: all data is permanently deleted within 24 hours

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of all your data (available via Account → Export Data)
  • Rectification: Correct inaccurate data in your account settings
  • Erasure: Delete your account and all data (Account → Delete Account)
  • Portability: Export your data as JSON (Account → Export Data)
  • Restriction: Request we limit processing of your data
  • Objection: Object to processing based on legitimate interest

To exercise any right, email [email protected] or use the in-app controls. We respond within 30 days.

8. Security

We protect your data with: encrypted connections (TLS), hashed passwords (bcrypt), server-side sessions, Docker container isolation, regular backups, and access controls. No system is 100% secure — if we discover a breach affecting your data, we will notify you within 72 hours as required by GDPR.

9. Children

Nuzzle is not directed at children under 16. We do not knowingly collect data from anyone under 16. If we learn we have, we will delete it promptly.

10. Changes

We may update this policy. Material changes will be communicated via email. The "last updated" date at the top reflects the most recent revision.

11. Contact & Complaints

Data controller: Opal Harmony IKE, Greece. Email: [email protected].

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at dpa.gr.

← Back to Nuzzle