Privacy Policy

NoStress AI is a project operated by the NoStress AI team (“we”, “us”, “our”). Our mission is to help knowledge workers and families reduce mental load with a holistic, research-backed approach. You can contact us at legal@nostress-ai.com.

• Account data: when you sign in via Supabase Auth (email/password or OAuth) we store your email address, authentication identifiers, and metadata required to manage access.
• Contact form data: name, email address, and message content submitted via the contact form. We keep a support log to respond to enquiries.
• Newsletter signups: email address and consent status when you subscribe to updates. We may store confirmation timestamps for compliance.
• Usage & device data: basic technical logs (IP address, browser information) produced by our hosting provider for operational and security purposes. We do not currently run analytics trackers or marketing pixels.

• To provide access to the platform, including protected admin tools and personalised content.
• To respond to questions or collaboration requests submitted through forms or email.
• To send optional newsletters or updates when you opt in (with the ability to unsubscribe at any time).
• To maintain platform security, prevent abuse, and comply with legal obligations.

• Contractual necessity for account authentication and delivery of purchased or registered services.
• Legitimate interest for ensuring service integrity, preventing abuse, and improving the product.
• Consent for marketing communications such as newsletters or optional cookies.
• Legal obligation to retain minimal records for accounting or compliance when applicable.

Data is primarily stored in Supabase (EU data centre). Contact messages are retained for up to 12 months unless a legal obligation requires longer retention. Newsletter data is kept until you unsubscribe. Authentication records remain while your account is active.

• Supabase – hosting, database, and authentication (EU region). Privacy policy.
• Resend – transactional email delivery (e.g., passwordless links, account alerts). Messages are sent via their EU or US infrastructure (depending on your account settings). Privacy policy.
• Deployment host – infrastructure used to serve the Next.js app (e.g. Vercel). Their logs may include IP addresses for security monitoring.

Essential cookies are required for authentication and session management. Optional analytics or marketing cookies are not activated without your consent. A dedicated consent banner will allow you to review and change preferences at any time.

• Access your data and obtain a copy.
• Rectify inaccurate data.
• Request deletion (“right to be forgotten”).
• Object to or restrict certain processing activities.
• Withdraw consent at any time (e.g. unsubscribe from newsletters).

To exercise any GDPR rights, email legal@nostress-ai.com. Include the email address associated with your account or submission. We will respond within 30 days and may ask for additional information to verify your identity.

This policy may evolve as we launch new services or integrate third-party tools. We will update the revision date below.