Legal

Privacy Policy

We respect your privacy and handle your personal data with honesty, care, and full transparency — in accordance with GDPR and Swedish law.

Effective date: 1 January 2026  ·  Last updated: 1 March 2026

This Privacy Policy describes how OakDev & AI AB ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use the Nuria mobile application ("the App") and this website. We are established in Sweden and are subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Swedish Data Protection Act (Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning).

Please read this policy carefully. If you do not agree with how we handle your data, please do not use the App.

1. Who We Are — Data Controller

The data controller responsible for your personal data is:

OakDev & AI AB
Org. nr. 559431-6787
Kristevik 633
451 96 Uddevalla, Sweden

Email: hello@oakdev.app
Phone: +46 70 810 57 66

2. What Data We Collect and Why

2.1 Account Data

When you create an account we collect your email address and, optionally, a display name. This is required to provide you with the App and associate your reflection balance and settings with your account.

2.2 Purchase and Subscription Data

All purchases — including the App itself, the Barakah in-app purchase, and reflection top-ups — are processed by Apple Inc. (App Store) or Google LLC (Google Play) using their own payment infrastructure. We do not receive, store, or process your payment card or banking details at any point.

We receive from Apple or Google a purchase receipt and a transaction identifier, which we use solely to credit your reflection balance and verify entitlements. We store only the minimum purchase metadata needed to operate your account correctly.

2.3 Reflection History

The personalised reflections you request and receive through the App are stored to allow you to review them within the App and to manage your balance. This content may reflect your chosen category (e.g. Gratitude, Strength, Evening Reflection) but does not include any additional personal profiling beyond what you explicitly request.

2.4 Usage Data

We collect anonymised and pseudonymised data about how you use the App — such as which features are accessed, how frequently the App is opened, and which reflection categories are selected — to understand usage patterns and improve the product. This data is aggregated and not used to build individual user profiles for advertising.

2.5 Device and Technical Data

We collect your device type, operating system version, and a resettable app-instance identifier. This is necessary for app functionality, security, and resolving technical issues.

2.6 Crash and Diagnostic Reports

If the App crashes or encounters an error, anonymised diagnostic information (stack traces, device state at time of crash) is collected to help us identify and fix bugs. No personal identifiers are included in crash reports beyond what is technically unavoidable.

2.7 Support Communications

When you contact us by email or through any form on this website, we retain your name, email address, and the content of your message in order to respond to you and maintain a record of our communications.

2.8 What We Do Not Collect

We do not collect your precise location, contacts, camera data, microphone data, or any biometric data. We do not build advertising profiles or sell your data to any third party, ever, under any circumstances.

3. Special Category Data (Religious Beliefs)

Nuria is an Islamic spiritual app. By choosing to use it, you engage with content related to Islamic faith and practice. The categories you select (such as Prayer & Reflection or Faith & Trust) may, in some contexts, constitute data that reveals your religious beliefs — which is a special category of personal data under Article 9 of the GDPR.

We process this data on the basis of your explicit consent (Article 9(2)(a) GDPR), which you provide by creating an account and using these features. You may withdraw this consent at any time by deleting your account. We do not share your reflection history or category usage with any third party for any purpose other than operating the App.

4. Legal Bases for Processing

We process your personal data under the following legal bases (Article 6 GDPR):

Processing activity Legal basis
Creating and managing your account Performance of a contract (Art. 6(1)(b))
Processing and crediting in-app purchases Performance of a contract (Art. 6(1)(b))
Delivering reflections and spiritual content Performance of a contract (Art. 6(1)(b))
Storing reflection history for in-app display Performance of a contract (Art. 6(1)(b))
Sending transactional notifications Performance of a contract (Art. 6(1)(b))
Anonymised usage analytics to improve the App Legitimate interests (Art. 6(1)(f))
Crash and diagnostic reporting Legitimate interests (Art. 6(1)(f))
Responding to support requests Legitimate interests (Art. 6(1)(f))
Complying with legal obligations Legal obligation (Art. 6(1)(c))
Processing religious-category data (reflections) Explicit consent (Art. 9(2)(a))

5. How We Use Your Data

Specifically, we use your personal data to:

  • Create, authenticate, and maintain your Nuria account.
  • Verify your purchase entitlements (Standard, Barakah, top-ups) and credit your reflection balance accordingly.
  • Generate and deliver personalised spiritual reflections based on your chosen category.
  • Store your reflection history so you can review it within the App.
  • Deliver daily content (scripture, role model, daily reflection).
  • Respond to your support enquiries and process deletion requests.
  • Improve the App through analysis of anonymised, aggregated usage data.
  • Detect, investigate, and prevent fraud and security incidents.
  • Comply with applicable legal obligations, including tax and accounting requirements.

We will never use your data for targeted advertising, profiling for commercial purposes, or any purpose incompatible with the above.

6. Third-Party Processors and Sharing

We do not sell, rent, or trade your personal data. We share limited data only with the following categories of trusted third parties, each bound by appropriate data processing agreements:

  • Apple Inc. and Google LLC: As payment processors for App Store and Google Play purchases. Their respective privacy policies govern their processing of your payment data.
  • Cloud infrastructure providers: We use reputable cloud providers (operating within the EU/EEA or under standard contractual clauses) to host our backend, databases, and crash reporting infrastructure. These providers act as data processors under our instruction and are bound by data processing agreements compliant with GDPR.
  • Legal and regulatory authorities: Where we are required by applicable law, court order, or a lawful request by a competent authority to disclose personal data, we will do so. We will notify you of such a disclosure to the extent legally permitted.

No personal data is shared with any marketing, advertising, or data brokerage companies.

7. International Data Transfers

OakDev & AI AB is established in Sweden (EU). Where we use cloud infrastructure providers or services that operate outside the EU/EEA, we ensure that transfers are protected by one or more of the following safeguards:

  • An adequacy decision by the European Commission.
  • Standard contractual clauses (SCCs) approved by the European Commission.
  • Other appropriate safeguards under Chapter V of the GDPR.

You may request information about the specific transfer mechanisms we rely on by contacting us at hello@oakdev.app.

8. Data Retention

We retain your personal data for as long as your account is active. Specific retention periods are as follows:

  • Account and profile data: Retained until account deletion. Upon deletion, removed within 30 days.
  • Reflection history: Retained until account deletion and removed within 30 days thereafter.
  • Purchase records: Retained for 7 years from the date of purchase to comply with Swedish accounting and tax law (Bokföringslagen), even after account deletion. Only the minimum transactional data (amount, date, transaction ID) is retained for this purpose.
  • Support communications: Retained for up to 3 years after the last communication, unless you request earlier deletion.
  • Anonymised usage data: May be retained indefinitely, as it contains no personal identifiers.
  • Crash reports: Retained for up to 12 months.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. To exercise any of them, contact us at hello@oakdev.app with your request. We will respond within 30 days, and at no charge.

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you and information about how it is processed.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request that we delete your personal data ("right to be forgotten"), subject to any overriding legal retention obligations.
  • Right to restriction of processing (Art. 18): In certain circumstances, you may request that we restrict how we use your data while a dispute or review is pending.
  • Right to data portability (Art. 20): Where processing is based on contract or consent, you may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to withdraw consent (Art. 7(3)): Where we rely on consent as the legal basis (including for special category data), you may withdraw that consent at any time by deleting your account or contacting us. Withdrawal does not affect the lawfulness of processing before the withdrawal.
  • Right not to be subject to automated decision-making (Art. 22): We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority (see Section 14).

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

  • Encryption in transit (TLS) and at rest for sensitive data.
  • Access controls limiting data access to authorised personnel only.
  • Regular review of security practices and third-party processor agreements.
  • Incident response procedures for data breaches, including notification to supervisory authorities and affected individuals as required by GDPR Article 33–34.

While we take data security seriously, no system is completely secure. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay as required by law.

11. Children's Privacy

Nuria is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. Users between 13 and 18 may use the App with parental or guardian consent. If we become aware that a child under 13 has provided us with personal data without verifiable parental consent, we will delete that data as soon as reasonably practicable. If you believe we have inadvertently collected such data, please contact us at hello@oakdev.app.

12. Cookies and This Website

This website (nuria.app) is a static informational site. We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. We use only technically necessary resources (Google Fonts loaded via your browser at page load). No personal data is collected through this website beyond what you voluntarily submit via our contact forms.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you through a prominent notice in the App, or by email if you have provided one, at least 14 days before the changes take effect.

Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the updated policy, you may delete your account at any time.

14. Supervisory Authority

You have the right to lodge a complaint with a competent data protection supervisory authority if you believe we have processed your personal data in violation of the GDPR. In Sweden, the supervisory authority is:

Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
Website: imy.se
Email: imy@imy.se

You may also lodge a complaint with the supervisory authority in your EU member state of habitual residence or place of work.

15. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

OakDev & AI AB
Kristevik 633, 451 96 Uddevalla, Sweden
Email: hello@oakdev.app
Phone: +46 70 810 57 66

We aim to acknowledge all privacy-related requests within 72 hours and resolve them within 30 days.