عربيEN
Get early access
Back to home
Chapter 3 · Your data with us

Privacy Policy.

Your health data is a trust, and we're committed to protecting it as if it were our own. This policy explains transparently and clearly what we collect, how we use it, and the rights you never give up.

Version 1.0Last updated: 2026Saudi PDPL compliant

3.1Our commitment to you

At NUA, we believe your health data belongs to you — not to us, and not to any third party. This policy explains how we handle the information you share with us, and the rights afforded to you under the Saudi Personal Data Protection Law (PDPL).

Four principles — non-negotiable1. We will never sell your data.
2. We will never share it for advertising.
3. You are in full control of your data.
4. Transparency at every step.

3.2The data we collect

Basic personal information

We collect the following information when you register and use the app:

  • Identity information: full name, email, phone number, date of birth, gender.
  • Physical information: height, weight, body fat percentage (optional).
  • Health goals: your weight goal, lifestyle, activity level.
  • Payment information: last 4 digits of the card only — full details are processed via a certified payment provider and not stored with us.

Health and biometric data

  • Records of meals, calories, and nutrients.
  • Sleep data: duration, quality, stages.
  • Physical activity: steps, workouts, calories burned.
  • Biometrics: heart rate, breathing rate, blood oxygen.
  • Medical records you choose to add (entirely optional).

Technical data

  • Device type, operating system, and version.
  • IP address and approximate geographic location (city only).
  • Usage logs within the app (to improve the experience).

3.3How we use your data

We use your data exclusively for the following purposes:

PurposeLegal basis
Providing services and operating the platformContract performance
Displaying your unified health dashboardContract performance
Personalized health advice and suggestionsExplicit consent
Sending notifications and remindersConsent (revocable)
Aggregated, de-identified analyticsLegitimate interest
Compliance with legal obligationsLegal obligation

3.4Sharing data with third parties

We share your data only in the following limited cases:

  • Technical service providers (cloud storage, performance analytics) under strict confidentiality agreements, and for service operation only.
  • Official authorities when there is a binding legal request under the laws of the Kingdom of Saudi Arabia.
  • Health specialists whom you yourself choose to share your data with.
  • Aggregated, anonymized analytics only, used for research and service development.
We will never sell your data — a firm promiseYour personal or health data will never be sold under any circumstance. This isn't a legal clause we work around; this is a foundational commitment in NUA's design.

3.5Storage and retention

Your data is stored on secure servers within the Kingdom of Saudi Arabia or in internationally certified data centers that comply with high security standards.

Retention periods

  • Active data: as long as your account is active.
  • After account termination: deleted within a maximum of 90 days.
  • Financial data and invoices: 5 years (legal obligation).
  • Aggregated analytics: indefinitely — but completely anonymized.

3.6Security

We follow the highest applicable security standards to protect your data:

  • Data encryption in transit using TLS 1.3.
  • Data encryption at rest using AES-256.
  • Mandatory two-factor authentication for all staff with administrative access.
  • Internal access restricted to "need-to-know" basis only.
  • Regular security reviews and annual penetration tests.
  • Encrypted backups stored in geographically separate locations.

In the event of any potential security breach, we commit to notifying affected users and the relevant regulatory authorities within 72 hours of discovery.

3.7Your rights

Under the Saudi Personal Data Protection Law (PDPL), you have the following guaranteed rights:

  • Access: request a full copy of the data we hold about you.
  • Correction: request modification of any inaccurate data in your account.
  • Deletion: request deletion of your data (right to be forgotten) at any time.
  • Restriction: request restriction of processing for a specific purpose.
  • Portability: request transfer of your data in a machine-readable format (JSON or CSV).
  • Objection: refuse processing for marketing or analytics purposes.
  • Withdraw consent: withdraw your prior consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@nua.fit — we commit to responding within 30 days at the latest.

3.8External devices and apps

When you connect an external device or app to NUA (such as Apple Health, Samsung Health, Garmin Connect, Whoop), then:

  • The data transferred from those sources is governed by their own privacy policies.
  • NUA only receives the data you explicitly authorize sharing.
  • You can disconnect any device at any time from the app settings.
  • NUA is not responsible for the privacy practices of external parties.

3.9Children and minors

The NUA platform is not intended for children under 16 years of age. We do not knowingly collect data from children. If we learn that a child has provided their data without parental consent, we delete that data immediately. If you are a parent and believe your child registered with NUA without your permission, contact us immediately at privacy@nua.fit.

3.10Updates to this policy

We may update the privacy policy from time to time to reflect changes in our services or new legal requirements. We will notify you of any material changes via email and in-app notifications at least 14 days before the effective date. Continued use of the platform after the update constitutes consent to the new policy.