Privacy Policy
How Nearu collects, processes, and protects your data — and the data of those who interact with our technology.
Last updated: March 11, 2026 · Effective date: March 11, 2026
1. Introduction
Nearu, Inc. ("Nearu", "we", "us", or "our") operates the emotional intelligence infrastructure layer for AI agents and robotics, including the Soul Engine™ and NearuVibe™ platforms. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our APIs, developer tools, website at nnearu.com, and any related services (collectively, the "Services").
By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with its terms, please discontinue use of the Services.
2. Information We Collect
We collect information in three ways: data you provide to us directly, data generated automatically through your use of the Services, and data processed transiently on your behalf as part of the emotion analysis pipeline.
| Category | Examples | Retention |
|---|---|---|
| Account data | Name, email address, company name, billing details | Duration of account + 90 days |
| API usage data | Request timestamps, endpoint called, response latency, token counts | 90 days (aggregated indefinitely) |
| Audio input | Voice clips submitted for acoustic and semantic emotion analysis | Transient only — never stored |
| Camera frames | JPEG image frames submitted for facial emotion analysis (VER) | Transient only — discarded immediately after processing |
| Session / episodic data | Transcripts and emotion summaries when session mode is enabled via session_id | Until deleted via API or account closure |
| Technical data | IP address, browser type, device identifiers, cookies | 90 days |
Important
Raw biometric data — face images and voice recordings — exists only in memory during processing and is never persisted to disk or used for training. Nearu processes these signals to return emotion labels and immediately discards the source material.
3. How We Use Your Information
- Provide the Services — process API requests, return emotion analysis results, maintain session memory where opted in.
- Improve reliability — monitor latency, error rates, and system health using anonymised usage metrics.
- Billing and account management — process payments, issue invoices, manage API keys.
- Security — detect, investigate, and prevent fraudulent or abusive activity.
- Communications — send transactional emails (API key issuance, billing alerts) and, with consent, product updates.
- Legal compliance — respond to lawful requests from authorities and meet regulatory obligations.
We do not use biometric data (voice recordings, facial images) to train machine learning models. We do not sell personal data. We do not use personal data for advertising.
4. Biometric Data — Special Protections
Nearu's emotion analysis pipeline processes biometric identifiers as defined under applicable laws, including the Illinois Biometric Information Privacy Act (BIPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
Our architecture is designed to minimise biometric exposure:
- Camera frames are processed for facial expression extraction and immediately discarded — they are never stored on disk, never transmitted beyond the processing server, and never retained.
- Audio is forwarded to our speech pipeline for analysis and discarded. We do not store audio on our servers.
- The system returns only structured labels and confidence scores — not biometric templates or raw signals.
For regulated industries, we offer an on-premises VER option where the facial emotion model runs inside the customer's own infrastructure. Only emotion labels (not raw frames) cross the network boundary.
5. Session Memory and Episodic Data
Session mode is opt-in. When a developer passes a session_id parameter, Nearu stores episodic memory — including transcript excerpts and emotion summaries — to enable trend detection and personalisation across interactions.
Session data is:
- Stored in an isolated per-device database partition, keyed by
device_id. - Never shared across customers or used to train shared models.
- Deletable at any time via the DELETE
/api/v1/session/{session_id}endpoint or the full DELETE/api/v1/device/{device_id}/memoryendpoint.
End users interacting with a product built on Nearu should consult the privacy policy of that product's operator for further detail on how session data is used in their context.
6. Data Sharing and Disclosure
We do not sell, rent, or trade personal data. We share information only in the following limited circumstances:
- Sub-processors — third-party infrastructure providers (cloud hosting, transcription via OpenAI Whisper) under data processing agreements that impose equivalent protections.
- Legal requirements — when required by law, regulation, or valid legal process.
- Business transfers — in connection with a merger, acquisition, or sale of assets, with advance notice provided.
- With your consent — for any purpose you explicitly authorise.
7. Data Residency and International Transfers
Nearu's backend can be deployed in specific cloud regions — US, EU, and Asia — to meet data residency requirements. By default, data is processed in the region closest to the API caller.
Where personal data is transferred from the European Economic Area (EEA) to a third country, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards. Contact us to request a Data Processing Agreement (DPA).
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
| Right | How to exercise |
|---|---|
| Access — obtain a copy of your data | Email privacy@nnearu.com |
| Rectification — correct inaccurate data | Update via dashboard or email us |
| Erasure — delete your account and data | Dashboard → Account → Delete, or email us |
| Session / episodic memory deletion | DELETE API endpoints (see §5) |
| Portability — receive data in machine-readable format | Email privacy@nnearu.com |
| Object / restrict processing | Email privacy@nnearu.com |
| Opt out of marketing | Unsubscribe link in any marketing email |
We will respond to verified requests within 30 days. We may need to verify your identity before processing a request.
9. Security
We implement appropriate technical and organisational measures to protect personal data, including:
- TLS 1.2+ encryption for all data in transit.
- Encryption at rest for stored data.
- API key authentication with rate limiting and anomaly detection.
- Strict access controls — production data is accessible to authorised engineers only.
- Regular security reviews and penetration testing.
No method of transmission or storage is 100% secure. In the event of a breach that is likely to result in risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.
10. Cookies and Tracking
Our website (nnearu.com) uses cookies for authentication, session management, and anonymised analytics. We do not use cross-site tracking or advertising cookies. You can control cookies through your browser settings. Disabling cookies may affect certain features of the website.
11. Children
The Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email (to registered developers) or by prominent notice on nnearu.com at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of the Services after a change takes effect constitutes acceptance of the revised Policy.
13. Contact Us
For privacy-related questions, data requests, or to obtain a Data Processing Agreement:
Nearu, Inc.
169 Madison Ave STE 78337
New York, NY
Email: privacy@nnearu.com
General: noa@nnearu.com
Phone: +972-54-5884883
For GDPR-specific inquiries, please mark your subject line with "GDPR Request".