Cura AI – Privacy Policy
Last updated: October 30th, 2025
Applies to: Cura AI mobile apps (iOS/Android), in-app experiences, and the website(s) that link to this notice (collectively, the “Services”).
Who we are: Cura AI
Contact: privacy@universalaifoundry.com
Cura AI helps you build well-being habits across body, mind, spirit, and relationships. We take privacy seriously—especially for wellness and spiritual reflections you choose to share. This policy explains what we collect, why, how we use/share it, and the choices and rights you have.
1) What this policy covers
This policy governs personal information processed when you use Cura AI and our related websites.
It does not cover third-party sites/services that link to or from Cura AI (e.g., social networks, app stores). Their policies apply there.
Eligibility: The Services are not intended for children under 13 (or 16 where applicable). See “Children” below.
2) Information we collect
We collect information in three ways: you provide it, it’s collected automatically, or we receive it from providers you use with Cura AI.
A. Information you provide
Account & profile: name, email, avatar/photo, country/region, authentication identifiers (e.g., from our auth provider).
Well-being content you enter: intentions, journal entries, prompts, reflections, plans, pack selections, activity logs and ratings, mood taps, encouragement drafts, and any text you write in the app. This can include sensitive information about health, spirituality, and feelings (you choose what to share).
AI chat messages: prompts you send to Cura and messages you receive back.
Support & feedback: messages to our support team, bug reports, survey responses.
B. Information collected automatically
Usage & device data: app version, device type/OS, language, inference latency, crash logs, performance metrics, in-app events (e.g., feature usage), and coarse location derived from IP (city/region level).
Diagnostics & telemetry: timestamps, request identifiers, and pseudonymous analytics to improve reliability and performance.
Cookies & similar tech (website only): session cookies, analytics pixels. We do not allow third-party ad cookies.
C. Information from service providers / partners
Authentication provider: verification of your identity/email (e.g., Clerk or similar).
Cloud & infrastructure providers: technical metadata necessary to host and secure the Service (e.g., AWS).
AI model providers: when you use AI features, your prompts and context may be sent to model providers to generate responses (see “AI processing” below).
We do not import your phone contacts by default, and we do not send messages to others without your action. “Relationship cues” are suggestions—any outreach you send is your choice.
3) How we use your information
Provide the Services: create/manage your account, render activities and plans, log progress, and power AI chat.
Personalize & assist: suggest activities, packs, or reflections based on your inputs and preferences; show relevant content.
AI processing: generate summaries, suggestions, and responses using large language models (LLMs). See “AI processing & model providers.”
Improve & secure: fix bugs, measure performance, prevent abuse, and develop new features using aggregate insights.
Communicate with you: send onboarding, service notices, feature updates, and support messages (you can opt-out of non-essential emails).
Legal & compliance: enforce our terms, protect rights and safety, and comply with law.
4) AI processing & model providers
When you use AI features (e.g., chat with Cura, suggestions), we send the prompt, relevant context (e.g., your latest intention/journal snippet if you invoke it), and technical metadata to vetted AI providers acting as our processors.
We contractually prohibit model providers from using your data to train their models unless you explicitly opt-in.
Some providers may process data in the US or other countries (see “International transfers”).
We may run certain models on our own infrastructure; your content still follows this policy.
Your choices:
You can export or delete your chat/journal/history (see “Your rights & choices”).
You can disable certain AI suggestions or limit what you share in prompts.
We do not show ads based on your well-being content or AI interactions.
5) Our legal bases (EEA/UK users)
We process personal data under these legal bases (GDPR/UK GDPR):
Contract: to provide the Service you requested (account, activities, chat).
Consent: for sensitive content you choose to enter (well-being/spiritual reflections), for optional notifications, for training improvements where offered. You can withdraw consent at any time.
Legitimate interests: to secure and improve the Service, prevent abuse, and understand feature performance (balanced against your rights).
Legal obligation: to comply with applicable laws and lawful requests.
6) Sharing your information
We do not sell your personal information. We share it only as needed:
Service providers (processors):
Authentication (e.g., Clerk or similar)
Cloud hosting & storage (e.g., AWS, S3)
AI model providers (for responses/suggestions)
Analytics/Crash reporting (e.g., first-party telemetry, Crashlytics/Sentry)
Email/push notifications (Apple/Google push, transactional email)
Each is bound by contract to use your data only on our instructions.Business transfers: in a merger, financing, acquisition, or sale, your data may be transferred under this policy.
Legal & safety: to comply with law, respond to lawful requests, or protect rights, safety, and integrity.
With your direction: if you connect Cura AI to another app or share content externally.
7) Data retention
We keep data only as long as needed for the purposes above:
Account data: for the life of your account.
Well-being logs & chat history: until you delete them or delete your account; routine backups may persist for up to 35 days.
Telemetry & diagnostics: typically 90 days (aggregated thereafter).
Compliance records: as required by law.
You can delete individual entries (e.g., journal/intentions) in-app. If you delete your account, we queue your personal data for deletion within 30 days, subject to legal holds and backup cycles.
8) Your rights & choices
Depending on your location, you may have rights to:
Access a copy of your data
Correct inaccurate data
Delete your data (“erasure”)
Port your data in a machine-readable format
Object / restrict certain processing (including legitimate interests)
Withdraw consent (where processing is based on consent)
Opt-out of targeted advertising and profiling (where applicable; we do not run third-party targeted ads)
How to exercise:
Use in-app tools (profile/settings) where available; or
Email privacy@universalaifoundry.com with your request and account email.
We’ll verify your identity and respond within the timelines required by law.
California (CCPA/CPRA): We do not “sell” personal information or share it for cross-context behavioral advertising. You may designate an authorized agent.
EEA/UK: You may lodge a complaint with your local Data Protection Authority (DPA) if you believe we’re not meeting our obligations.
9) Security
We use industry-standard safeguards: encryption in transit, access controls, secret management, and monitoring. No system is 100% secure; please use strong passwords, keep devices updated, and contact us immediately if you suspect unauthorized access.
10) Children’s privacy
Cura AI is not for children under 13 (or under 16 where that age applies). We do not knowingly collect data from children in that age range. If you believe a child has provided data, contact us and we’ll delete it.
11) International data transfers
We operate globally and may transfer your information to countries that may not offer the same level of data protection as your home jurisdiction (e.g., the United States). Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum. Copies of key transfer safeguards are available upon request.
12) Your privacy controls (in-app)
Download / delete account
Delete individual entries (journals, logs, chat messages)
AI training consent (off by default unless you opt-in)
Push notifications (OS settings)
Email preferences (unsubscribe links)
Session sign-out & device management
13) Cookies and similar technologies
Our mobile apps do not use third-party advertising cookies. On our website(s), we may use strictly-necessary cookies and first-party analytics to understand visits and improve the site. Browser settings let you manage cookies; some features may not work without them.
14) Third-party links
When you use a link to a third-party site or service, this policy no longer applies. Please review that provider’s privacy policy.
15) Changes to this policy
We may update this policy to reflect changes to our practices or for legal, technical, or business reasons. If changes are material, we’ll notify you by email or in-app prior to the change taking effect. The “Last updated” date shows when this policy was revised.
16) Contact us
If you’re in the EEA/UK and prefer to contact your DPA, see:
17) Summary for app stores (Data Safety / Privacy Nutrition)
Collected: account identifiers (email), in-app content you provide (journals, chat, logs), app activity and diagnostics.
Purpose: app functionality, personalization, support, analytics, and security.
Data sharing: with processors (auth, hosting, AI, analytics); no third-party advertising; no sale of data.
Security: encryption in transit; access controls.
User control: delete/export account data, delete entries, withdraw consent.
Sensitive data: wellness/spiritual reflections are user-provided and processed with your consent; never used for ads.
A note on well-being content
Cura AI offers reflective practices and suggestions. It is not a medical device and does not provide professional diagnosis or treatment. If you have a medical or mental-health concern, please consult a qualified professional or dial your local emergency number for urgent help.
Thank you for using Cura AI. We’re committed to handling your data with care, giving you control, and earning your trust.