This Privacy Policy describes how Nurtch ("we," "us," or "our") collects, uses, and protects information when you use our service. By using Nurtch, you agree to the practices described below.
1. What we collect
Account information
When you sign up, we collect your name, email address, and an encrypted password. If you connect billing, Stripe collects and stores your payment method on its own infrastructure — Nurtch never sees or stores card numbers.
Contact and CRM data
You provide contact information for the people in your sphere — names, email addresses, phone numbers, purchase dates, birthdays, addresses, and notes. This data is yours. We use it only to draft and send messages on your behalf.
Email and SMS content
AI-drafted messages, your edits, and the actual content sent are stored so you can review history, regenerate drafts, and detect replies. When you connect your email account via OAuth (Gmail or Outlook), we read incoming messages using the gmail.readonly scope (or its Microsoft equivalent) for the limited purpose of: (a) matching incoming replies to outreach we previously sent on your behalf, (b) classifying message intent (hot, warm, or cold lead), and (c) surfacing high-priority replies in your dashboard. We do not browse, index, archive for any purpose outside the service, or use this content to train AI or machine-learning models.
Gmail scopes we request and why
gmail.readonly— to detect replies to outreach you have sent and surface them as hot leads in your dashboard.gmail.send— to send AI-drafted messages on your behalf, from your Gmail address.
OAuth tokens
When you connect Gmail or Outlook, we receive access and refresh tokens that let us send mail through your account. These tokens are encrypted at rest using AES-256-GCM and never exposed in client-side code or logs.
Usage data
We log basic activity — pages visited, messages drafted, errors encountered — to operate and improve the service. We do not sell or share this data with advertisers.
2. How we use information
- To draft, send, and track messages on your behalf.
- To detect replies and surface hot leads in your dashboard.
- To process payments and manage your subscription.
- To send you transactional emails (verification, password reset, billing).
- To respond to your support requests.
- To diagnose errors and improve product reliability.
We do not use your data to train AI models. Your contacts and message content are not shared with other Nurtch users or third parties for any purpose other than the service providers listed below.
3. Service providers
Nurtch relies on a small number of vendors to operate. Each receives only what they need:
- Supabase — database and authentication. Hosts your account, contacts, messages, and OAuth tokens.
- Vercel — application hosting.
- Anthropic (Claude) — AI model used to draft and analyze messages. Per Anthropic's policy, message content sent through their API is not used to train their models.
- Stripe — billing and payment processing.
- Resend — transactional email (verification, password reset, billing notifications).
- Google / Microsoft — when you connect Gmail or Outlook, mail flows through their systems under your account.
4. Google API Services Limited Use disclosure
Nurtch's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, with respect to Gmail data accessed via the gmail.readonly and gmail.send scopes:
- We do not use Gmail data to serve advertisements of any kind.
- We do not transfer Gmail data to third parties except as necessary to provide or improve user-facing features visible from the Nurtch interface (for example, AI-drafted reply suggestions), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not allow humans to read Gmail data unless we have obtained the user's explicit consent for specific messages, are required to do so for security or to comply with applicable law, or the data has been aggregated and de-identified.
- We do not use Gmail data to develop, improve, or train generalized AI or machine-learning models. AI model providers we use (such as Anthropic) process Gmail content only to generate per-request outputs (intent classification, draft suggestions) for the user, and per their published policies do not retain or train on this content.
5. Your rights
You have the right to:
- Access a copy of the data we hold about you.
- Correct inaccurate information from your account settings.
- Delete your account and all associated data. Email us at the address below.
- Export your contacts and message history at any time.
- Disconnect your email account (revoking OAuth access) from Settings.
If you are in the EU/UK or California, additional rights under GDPR/CCPA apply, including the right to object to processing and to request data portability.
6. Data retention
We retain your data while your account is active. If you delete your account, we remove your contacts, messages, and OAuth tokens from production systems within 30 days. Backups containing this data are purged on a 90-day rolling cycle.
7. Security
We protect your data with industry-standard measures:
- All traffic encrypted in transit via TLS.
- OAuth tokens encrypted at rest with AES-256-GCM.
- Database access restricted by row-level security — agents can only see their own data.
- Passwords hashed with bcrypt by our authentication provider.
No system is perfectly secure. If a breach affecting your data ever occurs, we will notify you promptly and work to remediate.
8. Children's privacy
Nurtch is intended for licensed real estate professionals. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with information, please contact us so we can delete it.
9. International transfers
Nurtch is operated from the United States. By using the service, you consent to your data being processed in the U.S., which may have different data protection laws than your country of residence.
10. Changes to this policy
We may update this policy occasionally. If changes are material, we will notify active users by email at least 14 days before the new terms take effect.
11. Contact
Questions, requests, or concerns about your data? Email us at hello@nurtch.ai.