Privacy

Privacy Policy

Last updated: May 15, 2026

NYUS Inc. ("NYUS", "we", "our", "us") operates the NYUS mobile application and related services (collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it.

1. Information We Collect

1.1 Information you provide directly

• Account data: email address, name, password (hashed), profile photo.
• Body stats and health profile: age, sex, height, weight, activity level, goals, dietary preferences, allergies, training history.
• Logged data: meals, workouts, weights, measurements, sleep, mood, ratings.
• Chat content: messages exchanged with the in-app AI coach and other users.
• Payment data: processed by our payment processors (Google Play Billing, Stripe). We receive subscription status and transaction IDs; we do not store full card numbers.

1.2 Information from Health Connect (with your permission)

If you grant permission, NYUS reads the following from Android Health Connect:

• Steps (READ_STEPS) — daily step counts for activity tracking.
• Total calories burned (READ_TOTAL_CALORIES_BURNED) — daily energy expenditure.
• Weight (READ_WEIGHT, WRITE_WEIGHT) — body weight history; we may write logged weight back to Health Connect.
• Heart rate (READ_HEART_RATE) — workout intensity tracking.
• Exercise (READ_EXERCISE, WRITE_EXERCISE) — completed sessions; we may write logged workouts back.
• Sleep (READ_SLEEP) — sleep duration for recovery insights.

You can revoke Health Connect access at any time from Health Connect settings on your device. Revoking permission stops further reads; data already imported into NYUS is governed by Section 7 (retention and deletion).

1.3 Information collected automatically

• Device and usage data: device model, OS version, app version, IP address, crash logs, performance metrics, feature interactions.
• Identifiers: a NYUS user ID, a device push token (for notifications), Google Analytics ID.
• Cookies and local storage: used to maintain your session and remember preferences.

2. How We Use Your Data

• Provide, maintain, and improve the Service.
• Personalize your training plan, diet plan, and AI coaching responses.
• Compute progress charts, streaks, weekly insights, and notifications.
• Process subscriptions and prevent fraud.
• Send transactional and (with consent) marketing communications.
• Detect, investigate, and prevent security incidents and abuse.
• Comply with legal obligations.

3. Legal Bases (EEA / UK users)

• Contract: to deliver the Service you signed up for.
• Consent: for Health Connect data, marketing emails, push notifications.
• Legitimate interests: security, fraud prevention, product analytics.
• Legal obligation: tax, accounting, lawful requests.

4. Sharing and Disclosure

We share data only with the following categories of recipients:

• Infrastructure providers: Oracle Cloud (hosting), Google Cloud (analytics, push notifications via FCM), MySQL-managed database.
• AI providers: Anthropic / OpenAI / Google for AI coaching responses. Messages and relevant context are processed under their APIs subject to their data policies.
• Payment processors: Google Play Billing, Stripe.
• Email and notification services: Zoho, Amazon SES, Discord (internal operational logs only — no PII shared with end users).
• Legal: when required by law, court order, or to protect rights, safety, and property.
• Business transfers: in the event of a merger, acquisition, or asset sale, with notice to you.

We do not sell personal data and we do not use Health Connect data for advertising.

5. International Transfers

Our primary servers are located in Asia (Oracle Cloud, Mumbai region). If you access NYUS from outside the server region, your data is transferred internationally. We rely on standard contractual clauses and equivalent safeguards where required.

6. Security

We use TLS 1.2+ for data in transit, AES-256 at rest, hashed passwords (bcrypt), JWT-based authentication with short-lived tokens, server-side input sanitization, rate limiting, and regular security reviews. No system is perfectly secure; we encourage strong passwords and prompt reporting of suspicious activity.

7. Data Retention and Deletion

We retain personal data as long as your account is active and for a reasonable period afterward to comply with legal obligations and resolve disputes. You can request deletion at any time:

• From within the app: Profile → Settings → Delete Account.
• From the web: nyus.in/account-deletion.
• By email: support@nyus.in.

Upon a verified deletion request, we erase your account, body stats, logs, and chat history within 30 days. Operational backups are purged within 90 days. Aggregated, anonymized analytics may be retained.

8. Your Rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, DPDP Act 2023, etc.), you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion ("right to be forgotten").
• Restrict or object to processing.
• Data portability.
• Withdraw consent (e.g., revoke Health Connect at any time).
• Lodge a complaint with your data protection authority.

To exercise any right, email support@nyus.in. We respond within 30 days.

9. Children

NYUS is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Third-Party Links

Our Service may link to third-party sites (e.g., Google Play, social platforms). Their privacy practices are governed by their own policies.

11. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes via the app or email. The "Last updated" date at the top reflects the latest revision.

12. Contact

NYUS Inc.
Email: support@nyus.in
Available Monday – Friday, 9:00 a.m. – 9:00 p.m. IST