Privacy Policy

Working draft — review before publishing. Replace every [BRACKETED] placeholder and have this reviewed by qualified legal counsel. It describes NanaLoco's data practices as built today; keep it in sync with the product as it changes.

Last updated: June 1, 2026

Nanaloco ("Nanaloco," "we," "us," or "our"), operated by Nuri Studios LLC, provides an AI-powered gift-discovery tool at Nanaloco.com (the "Service"). This Privacy Policy explains what we collect, how we use it, and the choices you have.

By using the Service, you agree to this Privacy Policy. If you don't agree, please don't use the Service.

The short version

You can use Nanaloco without an account or login.
We send the details you provide (your typed description, voice note, or photo, plus your filters) to a third-party AI provider (Google) to generate gift ideas.
If you save or share a list, we store that list for 30 days, then delete it automatically.
We use privacy-conscious analytics (no screen recordings, no heatmaps) and honor your browser's Do Not Track signal.
We earn affiliate commissions when you buy through our retailer links. This never affects what we recommend.
We do not sell your personal information.

1. Information we collect

Information you provide

Gift search inputs. The free-text description of your recipient, and your filter selections (budget, occasion, recipient gender and age range, preferred store, category, and anything to avoid).
Voice recordings (optional). If you use voice input, the audio clip you record (limited to 30 seconds).
Photos (optional). If you use photo matching, the image you upload.
Email address (optional). Only if you choose to save or share a gift list, ask for an occasion reminder, or subscribe to our gift guides/newsletter.
Messages you send us. If you contact us for support, feedback, or other requests.

Please avoid including sensitive personal information (such as health, financial, or government-ID details) in your descriptions, voice notes, or photos, and only describe other people in ways you're comfortable sharing.

Information we collect automatically

Usage and event data. Through our analytics provider (PostHog), we collect events such as page views, searches submitted, gift-card clicks, and similar interactions, along with general device and browser information and an approximate, coarse location derived from your IP address. We have disabled session recording, heatmaps, and surveys, and we configure analytics to respect the browser "Do Not Track" signal.
Local storage. We store a small amount of data in your browser's local and session storage — for example, to keep your in-progress description and to support analytics. This is similar to cookies (see Section 6).
IP address. We process your IP address temporarily to apply rate limits and protect the Service from abuse. It is not stored in a long-term database for this purpose.
Server logs. Our servers record technical event logs to operate and debug the Service. These logs are designed to exclude your free-text description, voice audio, and photos; where email is involved, we log only the domain portion (e.g., "example.com"), not the full address.

What we don't do

We don't require accounts, usernames, or passwords.
We don't record your screen or build behavioral heatmaps.
We don't sell your personal information.

2. How we use your information

We use the information above to:

Generate and display personalized gift recommendations (including via AI — see Section 3).
Create, save, and share gift lists, and send occasion reminders or newsletter emails you've requested.
Operate, secure, and improve the Service, including rate-limiting and abuse prevention.
Understand aggregate usage so we can make NanaLoco better.
Respond to your messages and requests.
Comply with legal obligations and enforce our Terms of Service.

3. AI processing

To generate gift ideas, we send your search inputs — your typed description and filters, and, if you use them, your voice recording or photo — to our AI provider, Google (via the Google Generative AI / Gemini API), which processes them to produce recommendations.

Voice and photo files are processed in real time to generate your results and are not stored by NanaLoco after the request completes.
Your free-text description is included in the AI request and, if you save or share a list, may be stored as part of that saved list (see Section 7).
Google's handling of data submitted through its API is governed by Google's own terms and privacy commitments. We encourage you not to submit sensitive information through these features.

Recommendations are produced by an automated system and may be inaccurate or unavailable; see our Terms of Service for details. This automated processing does not produce legal or similarly significant effects about you.

4. How we share information

We don't sell your personal information. We share it only with service providers and partners that help us run the Service:

Google — AI gift generation (Gemini API), database/session storage (Firebase / Firestore), and cloud hosting (Google Cloud).
PostHog — product analytics (processed in the United States).
Affiliate networks and retailers — when you click a product link, you're taken to a third party (e.g., Amazon, Walmart, Target, Etsy) or an affiliate network (e.g., Amazon Associates, Impact.com). See Section 5.
Email provider — email delivery is not yet active in Beta.
Legal and safety — if required by law, to enforce our terms, or to protect the rights, safety, and property of our users or others.
Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

5. Affiliate links and third-party retailers

NanaLoco participates in affiliate programs, including the Amazon Associates Program and others (such as Walmart via Impact.com). When you click a retailer link and make a qualifying purchase, we may earn a commission at no additional cost to you.

When you follow these links, the destination retailer or affiliate network may set its own cookies and collect information about you under its own privacy policy, which we don't control. We recommend reviewing the privacy policy of any site you visit.

6. Cookies and similar technologies

Nanaloco uses local storage and similar technologies (rather than traditional advertising cookies) to:

Remember your in-progress gift description during a session.
Support privacy-conscious analytics via PostHog (which may set a cookie or use local storage to count visits and events).

We honor the browser Do Not Track signal for analytics. You can also clear local storage and cookies in your browser settings at any time. Note that third-party sites you click through to may set their own cookies (see Section 5).

7. Data retention

Saved/shared lists. Stored for 30 days from creation, then automatically deleted.
Voice recordings and photos. Not retained by Nanaloco after your request is processed.
Analytics data. Retained according to our analytics provider's settings and our configured retention period of 12 months.
Server logs. Retained for up to 12 months for security and debugging.
Email address. Retained until you unsubscribe or ask us to delete it.

8. Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding your personal information: to access, correct, delete, or receive a copy of it, to object to or restrict certain processing, and to withdraw consent.

EEA/UK (GDPR). Our legal bases for processing are: performance of a contract (providing the Service you request), legitimate interests (securing and improving the Service), consent (e.g., optional analytics and marketing emails), and legal obligations. You may lodge a complaint with your local supervisory authority.
California (CCPA/CPRA). You have rights to know, access, delete, and correct your personal information, and to not be discriminated against for exercising them. We do not sell or "share" (for cross-context behavioral advertising) your personal information.
Marketing emails. Every email we send will include an unsubscribe link.
Analytics opt-out. Enabling "Do Not Track" in your browser signals us to disable analytics tracking.

To exercise any right, email us at admin@nuriapps.com. We may need to verify your request. Because we don't require accounts, we may have limited ability to associate data with you; saved lists are identified by a random link ID rather than your identity.

9. Data security

We use reasonable technical and organizational measures to protect your information, including encryption in transit, access controls, rate limiting, and input sanitization. However, no method of transmission or storage is completely secure, and we can't guarantee absolute security.

10. International data transfers

We are based in the United States of America, and our providers (including Google and PostHog) may process your information in the United States and other countries. These countries may have data-protection laws different from those where you live. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

11. Children's privacy

The Service is intended for adults and is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you shop for a child using NanaLoco, please share only the minimum detail needed and avoid identifying information. If you believe a child has provided us personal information, contact us and we'll delete it.

12. Third-party links

The Service contains links to third-party websites (including retailers). We are not responsible for the privacy practices or content of those sites. This Policy applies only to NanaLoco.

13. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we'll revise the "Last updated" date above and, for material changes, provide a more prominent notice. Your continued use of the Service after changes take effect means you accept the updated Policy.

14. Contact us

Questions or requests about your privacy? Reach us at:

Nuri Studios LLC — admin@nuriapps.com