Privacy Policy

Last updated: October 2025

What we collect

• Email address (for account login & billing notifications)
• Encrypted password (never stored as plain text)
• Tweet text you're actively replying to (only when you use NurAi)
• Daily usage count (for billing/quota purposes)
• Crypto payment metadata (transaction ID, plan purchased)

What we DO NOT collect

• Your X/Twitter login credentials
• Your DMs or private messages
• Your browsing history
• Tweets you didn't actively reply to
• Your IP address or location (beyond standard server logs)
• Your crypto wallet address (handled by NOWPayments, not us)

How we use your data

Tweet text is sent to OpenAI's API to generate reply suggestions. We do not store the tweet text. Email is used only for login, account recovery, and important service announcements.

Third-party services

• OpenAI — generates AI reply suggestions. Per their API policy, they don't train on or store our requests.
• NOWPayments — processes crypto subscription payments.
• Vercel — hosts our application.
• Neon — provides our PostgreSQL database (encrypted at rest).

Data retention

Account data is retained as long as your account exists. You may request deletion at any time. After deletion, all personal data is permanently removed within 30 days.

Your rights

You can request access to, correction of, or deletion of your data by emailing probably.nothing.to.say@gmail.com.

Security

All data is transmitted over HTTPS. Passwords are hashed with bcrypt. JWT tokens have 30-day expiry. Database access is restricted to our backend only.

Contact

Questions? Email probably.nothing.to.say@gmail.com or message us on Telegram @Nur_Xai.