Nocera Labs ("we", "us", "our") operates the Nocera service at nocera.app. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
Account information. When you sign up, we collect your email address and a hashed password. We do not store your password in plain text.
Campaign and world data. Everything you type into Nocera — campaign names, entity descriptions, chat messages, notes, and relationships — is stored in our database so the service can function. This is your content and you own it.
Usage data. We track how many AI messages you have sent per month so we can enforce plan limits. We also store timestamps on records (created_at, updated_at) for display purposes.
Payment information. If you upgrade to Pro, payment is processed by Stripe. We store only your Stripe customer ID — we never see or store your card number, CVV, or billing address.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Nocera service
- Enforce plan limits (free vs. Pro) and process subscription billing
- Send AI requests on your behalf to Anthropic (see Third-Party Services below)
- Respond to support requests when you contact us
We do not sell your data. We do not use your campaign content to train AI models. We do not send marketing emails beyond transactional messages about your account.
3. Third-Party Services
Nocera relies on the following third-party providers to deliver the service:
Supabase
Our database and authentication provider. Your campaign data and account credentials are stored in Supabase's infrastructure. Supabase encrypts data at rest and in transit.
Anthropic
The AI powering the Loremaster. When you send a message, we transmit your recent chat messages and a summary of your campaign entities to Anthropic's API. Anthropic's data handling is governed by their own privacy policy. We send only what is necessary to generate a response.
Stripe
Our payment processor. All billing interactions happen on Stripe's hosted checkout pages. We receive confirmation events from Stripe via webhooks to activate or deactivate Pro access.
Vercel
Our hosting provider. Requests to Nocera are served through Vercel's infrastructure.
4. Data Retention
Your data is retained for as long as your account is active. If you delete a campaign, its entities, chats, and relationships are permanently deleted. If you close your account, all data associated with it is deleted.
AI message usage counters reset on a 30-day rolling basis from your first message.
5. Your Rights
You can access, edit, or delete your campaign data at any time through the app. To request deletion of your account and all associated data, email us at hello@nocera.app.
If you are located in the European Economic Area or the UK, you may have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.
6. Security
We take reasonable measures to protect your data: encryption at rest and in transit, row-level security policies that ensure users can only access their own data, and API keys that are never exposed to the client.
No system is completely secure. If you believe you have found a security vulnerability, please disclose it responsibly by emailing hello@nocera.app.
7. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the service after changes are posted constitutes your acceptance of the updated policy.
8. Contact
Questions about this Privacy Policy? Email us at hello@nocera.app.