How it worksWho it's for
Nazr vs LinearThe plan above the tracker, kept trueNazr vs JiraA living, reviewed plan vs a visibility layer
Open app
← Back to Nazr

Legal

Privacy Policy

Last updated: 9 July 2026

This policy explains how NAZR AI LTD collects, uses, and protects personal data when you use Nazr (app.nazr.com) or visit this website. Nazr is a business-to-business product: most of the content processed in Nazr is submitted by your organization, and your organization decides what to connect and what to submit.

1. Who we are

NAZR AI LTD is a private limited company registered in Scotland (Company No. SC892023), with its registered office at Suite 2, Ground Floor Orchard Brae House, 30 Queensferry Road, Edinburgh, EH4 2HS, United Kingdom.

We are the controller for account and usage data described in this policy, and we process organization content on behalf of the customer organization that submits or connects it. We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our supervisory authority is the UK Information Commissioner's Office (ICO).

You can contact us about anything in this policy at privacy@nazr.com.

2. Data we collect

Account data

  • Name, email address, and a password hash.
  • If you sign in with Google, the basic profile details Google shares with us (name, email, avatar). We never see your Google password.

Organization content

  • Plan items (priorities, work streams, tasks) and the signals raised against them.
  • Text you upload or paste into Nazr, including meeting excerpts.
  • Content ingested from integrations your organization connects (see section 4 for what we store from each source).

Integration credentials

  • OAuth tokens and API keys for connected services (Linear, Granola, GitHub, Notion, Slack). These are encrypted at rest (see section 8).

Usage and telemetry

  • Records of AI calls made by the product, including the prompts sent and outputs received, kept for debugging, quality, and cost accounting.
  • Error and diagnostic data when something goes wrong.

Cookies

  • Session cookies used to keep you signed in to the app. Nothing else — see section 10.

3. Why we process it, and our lawful bases

  • Providing the service — creating your account, storing your organization's plan, generating plans and analysing signals with AI, and syncing connected integrations. Lawful basis: performance of a contract (UK GDPR Article 6(1)(b)).
  • Security, debugging, and service improvement — telemetry, AI call records, and error monitoring. Lawful basis: legitimate interests (Article 6(1)(f)) in running a secure, reliable service.
  • Communicating with you — service messages about your account or changes to the service. Lawful basis: performance of a contract and legitimate interests.
  • Legal obligations — where we must retain or disclose information to comply with the law. Lawful basis: legal obligation (Article 6(1)(c)).

We do not sell personal data, and we do not use your data for advertising.

4. AI processing

AI is Nazr's core function: it turns strategic priorities into a plan hierarchy and analyses incoming signals against that plan. To do this, content your organization submits or connects — plan items, signals, pasted text, integration excerpts — is sent to third-party AI model providers (for example, Google) via the Vercel AI Gateway.

Under the API terms we rely on, our AI providers do not use this content to train their models. We record each AI call (prompt and output) in our own systems for debugging, quality evaluation, and cost accounting.

AI agents (such as Claude or ChatGPT) that your organization connects via our MCP endpoint act on behalf of your organization: they can read your plan, complete tasks, and raise signals. Signals raised by agents go to a human review queue — a human in your organization approves every change to the plan.

5. What we store from integrations (excerpt-only)

When your organization connects a source such as Granola, Notion, or Slack, Nazr does not copy the full corpus of your meetings, pages, or messages. Ingestion is excerpt-only: we store AI-generated summaries plus short verbatim excerpts of the relevant meeting, page, or message content — never the full body.

For GitHub, we store commit metadata only — the commit subject line, author, and SHA. We never store diffs or source code.

6. Subprocessors

We use the following service providers to run Nazr. Each processes data only for the purpose listed.

SubprocessorPurposeLocation
Fly.ioApplication hosting and infrastructureUnited States / EU
NeonPostgreSQL database hostingUnited States / EU
Vercel AI GatewayRouting of AI requests to third-party model providers (e.g. Google) for AI processing of customer-submitted and connected contentUnited States
GoogleAI model provider (via Vercel AI Gateway); OAuth sign-in (optional)United States / EU
LangfuseLLM observability (traces of AI calls, including prompts and outputs)EU / United States
SentryError monitoring and diagnosticsUnited States

7. International transfers

Some of the providers above process data in the United States. Where personal data is transferred from the UK to the US (or any country without a UK adequacy decision), we rely on UK GDPR transfer safeguards — the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

8. Security

  • Integration credentials (OAuth tokens and API keys) are encrypted at rest using AES encryption.
  • Passwords are stored only as salted hashes, never in plain text.
  • All data in transit is encrypted with TLS.
  • Access to production systems is restricted and organization content is scoped to your organization (multi-tenant isolation).

9. Retention

  • Account data and organization content are kept for as long as your organization's account is active, and deleted or anonymised within a reasonable period after account closure.
  • Integration content is excerpt-only by design (section 5), so the footprint we retain from connected sources is deliberately minimal.
  • AI call records and error data are kept for a limited period for debugging, quality, and cost accounting, then deleted.
  • Integration credentials are deleted when you disconnect the integration or close your account.

10. Cookies

The app uses cookies solely for session authentication — keeping you signed in and remembering your active organization. We do not use advertising or third-party analytics cookies, on the app or on this website.

11. Your rights

Under the UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate personal data corrected;
  • have your personal data erased;
  • restrict or object to our processing of your personal data;
  • receive your personal data in a portable format (data portability);
  • withdraw consent at any time, where consent is the basis of processing.

To exercise any of these rights, email privacy@nazr.com. We will respond within one month. If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Note that for organization content, your organization is usually the controller and we act as its processor — in that case we may refer your request to your organization's administrator.

12. Children

Nazr is a business product and is not directed at anyone under 18. We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and revise the “Last updated” date above. For material changes, we will notify account holders by email or in the app.

14. Contact

NAZR AI LTD
Suite 2, Ground Floor Orchard Brae House
30 Queensferry Road, Edinburgh, EH4 2HS, United Kingdom
privacy@nazr.com

How it worksWho it's forNazr vs LinearNazr vs JiraPrivacyTermsOpen app
Nazr AI LtdCompany no. SC892023hello@nazr.com