Privacy Policy

Effective: January 16, 2026

Nobiru Pty Ltd (ACN 694 045 415) operates the Nobiru app. This policy explains what data we collect and how we use it.

1. Data We Collect

Account: Email and encrypted password (or magic link email).

Routines: Tasks, durations, completions, streaks, and customizations. Synced to cloud for cross-device access.

WHOOP (optional): Recovery scores, sleep metrics, and strain data via OAuth 2.0 with PKCE. We never see your WHOOP password. Disconnect anytime.

Voice (optional): Audio processed in real-time for voice commands. Not stored. Converted to text, then discarded.

Usage: Features used, session duration, and interaction patterns.

2. How We Use It

  • Personalize routines based on your biometric data
  • Power AI compression and optimization
  • Sync across devices
  • Track streaks and progress
  • Improve the app
  • Communicate service updates

We don't sell your data. We don't share biometric data with third parties for their own purposes.

3. Third-Party Services

Supabase: Authentication and database hosting.

Google Gemini: AI routine optimization. Task info processed, not stored.

OpenAI: Real-time voice processing. Audio processed, not stored.

WHOOP: Biometric data via official API (if connected).

Each provider has their own privacy policy.

4. Security

  • HTTPS/TLS encryption in transit
  • Encryption at rest for stored data
  • Secure password hashing
  • OAuth 2.0 + PKCE for integrations
  • Regular security assessments

No system is 100% secure. We implement industry-standard protections. We will notify affected users of security incidents as required by law.

5. Data Retention

We keep your data while your account is active. Delete your account and we'll remove your data within 30 days, except where legally required.

6. Your Rights

Depending on your location, you may:

  • Access your personal data
  • Correct inaccuracies
  • Request deletion
  • Object to processing
  • Export your data
  • Withdraw consent

Contact hello@nobiru.ai to exercise these rights.

7. WHOOP Integration

Connecting WHOOP is optional and requires your explicit consent. You authorize access to recovery, sleep, and strain data via WHOOP's secure OAuth process. Your WHOOP data is:

  • Encrypted in transit and at rest
  • Used only for personalized routine recommendations
  • Never sold, licensed, leased, or shared with third parties
  • Accessible to you upon request
  • Deleted when you disconnect or delete your account

Revoke access anytime in Nobiru settings or your WHOOP account.

8. Children

Nobiru is not for users under 13 (or 16 in some jurisdictions). We don't knowingly collect data from children. Contact us if you believe a child has provided personal information.

9. International Transfers

Data may be processed outside Australia, including the US. By using Nobiru, you consent to these transfers. We ensure adequate protection.

10. Changes

We may update this policy. Material changes will be posted here with a new effective date. Continued use means acceptance.

11. Australian Privacy Principles

This policy complies with the Privacy Act 1988 (Cth). Australian residents can complain to the OAIC if they believe their privacy has been breached.

12. Contact

Nobiru Pty Ltd

ACN 694 045 415

Email: hello@nobiru.ai

Web: nobiru.ai