Privacy policy

NUCU PRIVACY POLICY

Last update: 12/2/2025

1. ABOUT THIS POLICY

Nucu develops well-being solutions.

At Nucu Oy (“Nucu”), we take data protection seriously. We collect and process personal data for customer relationship management and Nucu website visitor analysis.

This Privacy Policy has been put together to provide our visitors and customers (“Customers” or “you”) with transparent information about the privacy policies of Nucu. This Privacy Policy aims to answer the following questions:

• What personal data we collect when you browse on Nucubaby.com site or otherwise are in contact with us

• Why we collect data

• How we may use and share your personal data
• The use of cookies on this site
• Your legal rights and how to exercise them


This Privacy Policy may be updated from time to time. You can determine when this Privacy Policy was updated from the “LAST UPDATE” date at the top of this page.

2. OUR CONTACT INFORMATION

Nucu Oy
Business ID: 2785473-5
Address: Hoitajanrinne 1, 90220 Oulu, Finland
E-mail address: info@nucubaby.com
Website: https://nucubaby.com
Contact: Juha Hannula, data@nucubaby.com

3. WHAT PERSONAL DATA DO WE PROCESS?

The data we collect can be categorized into three groups: Customer data, Analytics data and Sensitive Personal Data. Analytics data is automatically collected when you visit the site. 

Although we do not normally use Analytics data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with Customer data. In such situations, Analytics data shall also be considered as personal data under applicable laws and we will treat the combined data as personal data.

Nucu may collect and process the following Customer data:

• Your name and contact details
• Phone number
• E-mail address
• Possible communication with us
• Invoicing and billing information
• Possible claims or refunds
• Delivery information (if different from contact information)
• Your purchase information (service and value)


Analytics data may include for example the following data:

• IP address
• Device type
• Operating system
• Time of visit
• Browser type and version
• Language settings


SENSITIVE PERSONAL DATA


Nucu's services are powered by data collected from our product, the Nucu Pad. We collect and process certain types of sensitive information, such as heart rate data, but always with your explicit consent.


We use this data to enhance our current and future products and with your additional consent, for scientific research purposes. Importantly, we do not sell any of the data we collect to third parties.


You may deny the consent and opt out of the processing of your sensitive personal data, but note that it may prevent the use of some features of your Nucubaby products.


WHAT SENSITIVE PERSONAL INFORMATION DO WE PROCESS?


Nucu may collect and process the following sensitive personal information:


  • Physical

    • Breathing rate

    • Heart Rate

    • Heart rate variability

    • Body movement

  • Anthropometrics

    • Age

  • Sleep Analytics

    • Sleep stages

    • Sleep patterns

    • Sleep continuity


4. DATA SOURCES

Your Customer data is primarily received directly from you when you purchase a service from Nucu or contact us with a question, complaint or support request. In business to business contacts we may get information also from your employer.

Analytics data is automatically collected when you visit the site.

Sensitive Personal Data as outlined above is collected by the Nucu Pad if you have given the consent for it upon creating your Family Account.

5. PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING

In addition to the purposes stated below, certain data is processed under the principle of legitimate interest. This includes device usage data and personal data to improve our products, enhance user experience, and develop tailored marketing strategies . We take necessary steps to balance these interests against your fundamental rights and freedoms, ensuring robust safeguards and transparency.

Purposes of processing


Processing and delivering your service
We process personal data to process and handle your service.


Customer communication
We may process personal data for the purpose of communicating with Customers. If you contact our customer service, we will use the provided information to answer your questions and for solving any issues you may have.


Analytics and service improvements
We may process information regarding the use of our site to improve our service quality. This may involve the use of analytics or the assessment of any trends on our website. When possible, we will do this using only aggregated, non-personally identifiable data.


Marketing

With your consent, we may send you marketing materials such as offers and advertisements and newsletters. We do not send marketing emails without proper permission.


We use an email marketing application called Klaviyo to communicate our products and services to our customers.


Legal grounds for processing
We process personal data to perform our contractual obligations towards Customers or to facilitate their entry into a contract at their request. We also process certain information to comply with legal obligations, such as accounting legislation.

Furthermore, we process personal data to pursue our legitimate interest to run, maintain and develop our business, for analytics and trend detection, direct marketing and to create and maintain customer relationships. We may also process data for responding to consumer claims, cases regarding product warranty and similar situations. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

6. COOKIES AND ANALYTICS

We use various technologies to collect and store Analytics data and other information when Customers use our site, including third party cookies.

Cookies are small text files sent and saved on your device that allows us to identify visitors of our websites and facilitate the use of our site and to create aggregate information of our visitors. This helps us to improve our service and better serve our Customers. The cookies will not harm your device or files. We use cookies to tailor our site and the information we provide in accordance with the individual interests of our Customers.

You may choose to set your web browser to refuse cookies, or to alert when cookies are being sent.

Please note that some parts of our site may not function properly if use of cookies is refused.

Web analytics services
We use Google Analytics services to compile Analytics Data and reports on visitor usage and to help us improve the Services. Please visit their privacy policies for more information.


Use of Firebase Crashlytics in Our Applications

To enhance the reliability and performance of our applications, we use Firebase Crashlytics, an advanced real-time crash reporting tool provided by Google. This tool helps us monitor, prioritize, and fix stability issues that could negatively affect user experience. Firebase Crashlytics is integrated into our applications to collect data on app behavior, particularly in the event of crashes or other performance issues.

Data Collected by Firebase Crashlytics

Firebase Crashlytics collects a variety of information that assists us in diagnosing and resolving issues within our applications effectively. The types of information gathered include:

  • Device state information, such as OS version, device model, and system configurations.

  • Performance data, including app launch times and network conditions.

  • Sequence of actions in the application leading up to a crash.

  • Precise location data, only if the user has explicitly granted permission.

It is important to note that Firebase Crashlytics does not intentionally collect any personally identifiable information such as names, addresses, or email addresses, unless such information is inadvertently included in the crash logs.

Purpose of Data Collection

The data collected via Firebase Crashlytics is primarily used to:

  • Identify and resolve issues that cause the app to crash or behave unexpectedly.

  • Improve the performance and stability of our applications.

  • Enhance overall user experience by reducing the occurrence of crashes and other issues.

Data Sharing and Disclosure

Information collected by Firebase Crashlytics may be shared with our application development team and, when necessary, with third-party service providers who assist in analyzing and resolving app issues. Any third-party providers involved are strictly governed by confidentiality and data processing agreements that limit their use of the data to the purposes specified.

Data Retention

We retain the data collected by Firebase Crashlytics only for as long as necessary to achieve the purposes mentioned above, typically for no longer than 90 days. After this period, the data is securely deleted from all systems.

User Rights and Preferences

Users can opt out of data collection by Firebase Crashlytics at any time through the settings within our applications. Users also have the right to access, correct, or delete any personal data that may be inadvertently collected as part of the crash logs. Requests for data access, correction, or deletion can be directed to our support team at support@nucubaby.com

Updates to Our Use of Firebase Crashlytics

We may update this section of our Privacy Policy periodically to reflect any changes in our use of Firebase Crashlytics or to comply with legal and regulatory obligations. We encourage users to review this section regularly to stay informed about how we are protecting the information collected through our applications.


Microsoft Clarity

We use Microsoft Clarity on our website to help us understand how visitors interact with our site. This tool tracks user actions such as clicks, mouse movements, and scrolling. By doing so, we can analyze website usage and improve the overall user experience.


When you visit our website, you will be prompted to either allow or decline the use of cookies. Accepting our cookies means you consent to the processing of your data by Microsoft Clarity for the purposes described above. This includes the collection and storage of information about your site usage, which Microsoft processes to help us better understand and enhance our website.


For more details about how Microsoft Clarity uses data and for information on privacy practices, please visit Microsoft's Privacy Statement. Remember, the choice to allow or decline cookies is presented to you when you are prompted upon visiting our site.

7. DATA TRANSFERS TO COUNTRIES OUTSIDE EEA

Depending on the specific services you use, it is sometimes necessary for us to transfer personal data outside of the European Union (EU). This may occur because some of our service providers, such as Shopify, operate on a global scale and manage data on servers located in various countries around the world.

We take all necessary precautions to ensure that your personal data is protected according to the highest standards of privacy and security. When we transfer data outside the EU, we implement appropriate safeguards such as standard contractual clauses approved by the European Commission or rely on other legal mechanisms recognized under the General Data Protection Regulation (GDPR). These measures are designed to ensure that your personal data receives an adequate level of protection and that all transfers comply with applicable data protection laws.

We are committed to maintaining transparency about where and how your personal data is processed. If you have any questions regarding the transfer of your personal data or the protections we have in place, please do not hesitate to contact us.

8. SHARING YOUR PERSONAL DATA

We do not share personal data with third parties outside of our organization unless one of the following circumstances applies:

For legal reasons
We may share personal data with third parties outside Nucu’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of Nucu or our Customers in accordance with the law. Where possible, we will inform Customers about such transfer and processing.


To our authorized service providers
We may share personal data to authorized service providers who perform services for us (including data storage, sales, marketing and Customer support).


For other legitimate reasons
If Nucu is involved in a merger, acquisition or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all Customers concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.


With your explicit consent
We may share personal data with third parties outside Nucu’s organization for other reasons than the ones mentioned before, when we have the Customer’s explicit consent to do so. You have the right to withdraw this consent at all times.

9. DATA RETENTION POLICY

At Nucu, we are committed to retaining your personal data only for as long as necessary to fulfill the purposes for which it was collected. This includes providing you with our services, enhancing product functionality, and with your explicit consent, conducting scientific research.

We typically store your personal data for a period of six years after your last interaction with us, to fulfill legal, tax, and accounting requirements. In addition, data collected by our products, such as the Nucu Pad, are retained for one year after the expiration of your Nucu App subscription, after which it will be securely deleted or anonymized.

You may request the earlier deletion of your data at any time by contacting us at data@nucubaby.com. We encourage you to reach out should you have concerns or require information regarding the specific retention period applicable to your data.


10. YOUR RIGHTS

Right to access
You have the right to access your personal data processed by us. You may contact us to data@nucubaby.com and we will inform you what personal data we have collected and processed regarding you.


Right to withdraw consent
In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use our site. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


Right to correct
Customers have the right to have incorrect or incomplete personal data we have stored about the Customer corrected or completed. You may contact us to data@nucubaby.com and we will correct your personal data.


Right to erasure
Customers may also ask us to erase the Customer’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. You may contact us to data@nucubaby.com and we will erase your personal data when possible.


Right to object
Customers may object to the processing of personal data if such data are processed for other purposes than processing and delivering the service, customer communication or Nucubaby.com site analytics. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.


Right to restriction of processing
Customers may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our site or service.


Right to data portability
Customers have the right to receive their personal data from us in a structured and commonly used, machine-readable format and to independently transmit those data to a third party.


How to use the rights
The above mentioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, company name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the Customer. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.




11. DIRECT MARKETING

Notwithstanding any consent granted beforehand for the purposes of direct marketing, you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us to data@nucu.fi 

12. SAFEGUARDING YOUR DATA

We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. We regularly test our systems, and other assets for security vulnerabilities.

Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.

13. LODGING A COMPLAINT

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws please contact us to data@nucu.fi. Complaint may also be lodged with the data protection supervisory authority.