English Español Português (Brasil) Français Deutsch Italiano Română
Log in Start free trial

Privacy Policy

Last updated: May 21, 2026 · Effective: May 21, 2026

This Privacy Policy explains how Host Server SRL, operator of Nura24 (the “Service”), collects, uses and protects personal data. We are based in Iași, Romania (CUI 22965525, VAT ID RO46725988) and act as the data controller for account data and as the data processor for data you and your end-users put into the Service.

1. Who we are

2. Data we collect

2.1 Account data (we are controller)

  • Identity: name, email address, hashed password.
  • Workspace data: workspace name, subdomain, plan, team members.
  • Billing data: billing email, subscription status, invoice IDs. Card numbers are never stored on our servers — they are handled exclusively by Stripe.
  • Technical data: IP address, user-agent, timestamps, audit logs of significant actions inside your workspace.

2.2 Customer data (we are processor)

When you use Nura24, you and your end-users put data into your workspace. We process this on your behalf:

  • Chat messages and visitor sessions;
  • Support tickets and ticket replies;
  • Contact-page submissions;
  • Knowledge-base articles;
  • AI Knowledge documents you upload (txt, md, pdf, docx);
  • Any uploaded attachments.

3. How we use data & legal bases (GDPR)

PurposeLegal basis (Art. 6 GDPR)
Providing the Service to youContract (Art. 6(1)(b))
Billing and tax complianceContract / Legal obligation (Art. 6(1)(b)/(c))
Security, fraud prevention, audit loggingLegitimate interest (Art. 6(1)(f))
Sending transactional emails (password resets, receipts)Contract (Art. 6(1)(b))
Sending product updates (only to admins)Legitimate interest (Art. 6(1)(f)) — opt-out anytime
Generating AI replies / summaries on your requestContract (Art. 6(1)(b))

4. Subprocessors

We use the following third parties to operate the Service. They process data on our instructions under written data-processing agreements:

ProviderPurposeLocation
Linode (Akamai)Application hosting, database, file storageEU
StripePayment processing for Pro subscriptionsIreland / USA
ResendTransactional email deliveryUSA
Anthropic (Claude)AI replies, summaries, translations, AI KnowledgeUSA

Transfers to the USA are covered by Standard Contractual Clauses (SCCs) and, where available, the EU–US Data Privacy Framework.

5. AI processing

Nura24’s AI features (pre-agent chatbot, reply suggestions, ticket summaries, translations, AI Knowledge) are powered by Anthropic Claude.

  • When you invoke an AI feature, the relevant context (current message, recent thread, matching KB excerpts, your AI Knowledge notes/documents) is sent to Anthropic’s API in order to generate a response.
  • Per Anthropic’s API terms, this data is not used to train their models.
  • Anthropic retains data only for a short operational window for abuse monitoring before deletion.
  • You can disable AI features per-workspace in Settings → AI.

6. Cookies

We use only strictly necessary cookies:

  • nura24_session — keeps you logged in;
  • XSRF-TOKEN — CSRF protection;
  • locale — remembers your language preference.

We do not use advertising, tracking or third-party analytics cookies. No cookie banner is required because no consent-requiring cookies are set.

7. Data retention

  • Active workspaces: data is kept as long as the workspace exists.
  • Deleted workspaces: data is kept for 30 days after deletion (in case you want to restore), then permanently erased.
  • Downgrade Pro → Free: data above Free-plan limits stays accessible read-only for 30 days, then may be deleted.
  • Invoices & tax records: kept for 10 years to comply with Romanian fiscal law.
  • Audit logs: kept for up to 12 months for security purposes.

8. Your rights (GDPR)

You have the right to:

  • Access your personal data and receive a copy;
  • Rectify inaccurate data;
  • Erase your data (“right to be forgotten”);
  • Restrict or object to processing;
  • Data portability (export your data in a structured format);
  • Withdraw consent at any time (where processing is based on consent);
  • Lodge a complaint with a supervisory authority — in Romania, that is the ANSPDCP.

To exercise any of these rights, email office@nura24.com. We will respond within 30 days.

9. End-users of our customers

If you are a visitor or end-user contacting one of our customers through Nura24 (e.g. via a chat widget, contact page or ticket), your data is controlled by that customer, not by Nura24. For privacy requests, contact that customer directly. We will assist them in responding to you.

10. Security

  • TLS encryption for all traffic;
  • Passwords hashed with bcrypt;
  • Tenant data isolation at the application layer;
  • Regular backups with encryption at rest;
  • Principle of least privilege for staff access;
  • Audit log of significant actions inside each workspace.

11. International transfers

Some of our subprocessors are based in the USA (Stripe, Resend, Anthropic). Transfers are made under Standard Contractual Clauses approved by the European Commission, with additional safeguards where required.

12. Children

Nura24 is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us at office@nura24.com and we will delete it.

13. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email or in-app notice. The “Last updated” date at the top always reflects the current version.

14. Contact us

For any privacy-related question or request, email office@nura24.com.

Host Server SRL · CUI 22965525 · VAT ID RO46725988 · Iași, Romania.