Privacy

When you sign in with Google, we store your Google account ID, email, name, and avatar URL. If you subscribe to Pro, we also store the Stripe customer and subscription IDs returned by Stripe. Payment details (card numbers, billing addresses) are handled entirely by Stripe — we never see them.

For each active sign-in we store an opaque session token, the user-agent string, and a SHA-256 hash of your IP address. We keep the hash, not the raw IP, so we can detect token replay without holding a log of where you connect from.

When you say "remember X" or Claude extracts a fact from a conversation, the resulting short memory string is stored against your account so it can sync across your devices. Deleting a memory in the app marks it deleted on the server; deleting your account removes them entirely.

Nokoro proxies your chat and voice requests to Anthropic (Claude) and xAI (Grok). Those upstream providers see the content of your messages and audio; their own privacy policies apply.

Our backend itself does not store the text of your prompts, the model's replies, or the audio you record. We record per-call metadata only — token counts, character counts, seconds of audio, model used, timestamp, and computed cost — aggregated into a daily counter per user. This is what powers the usage indicator in the app and enforces plan limits.

On first launch the app registers an opaque device ID with the backend and may submit an Apple-issued attestation token so we can tell real Macs from automated abuse. We store the device ID, the vendor identifier from your OS, a hash of the attestation token, and the device's daily token usage. We do not collect a hardware serial, MAC address, IMEI, or anything similar.

When something fails server-side we log a short error message, a context blob (request shape, status codes, internal flags), and your user ID if the request was authenticated. Logs are retained for debugging and rotated out over time.

If you enter your email in the "download" form on the landing page, we store the email and a timestamp so we can let you know when the public release ships. One row per email; we de-dupe.

• No advertising. No ad networks. No third-party trackers on the website.
• No selling, renting, or sharing your data with marketers.
• No reading or training on your chat content. We don't store it; we can't train on it.
• No location tracking beyond the coarse signal implicit in an IP hash.

The backend relies on these third parties:

• Anthropic — Claude model inference.
• xAI — Grok models and voice (TTS / speech-to-text).
• Google — sign-in.
• Stripe — payments and subscription billing.
• Railway — hosting (Postgres + Next.js).
• Apple — DeviceCheck attestation for abuse prevention.

You can delete your account from the app's settings panel, or by emailing the address below. Deletion cascades through sessions, memories, usage counters, and device links. If you have an active Pro subscription it is cancelled at the same time. Aggregated, non-identifying counters used for global spend tracking may be retained.

Nokoro is not directed at children under 13 and we don't knowingly collect data from them.

If this policy changes in a way that materially affects what we collect, we'll update the "last updated" date at the top and, where reasonable, surface it in the app.

Questions, deletion requests, or "what do you have on me" requests: [email protected].