Nox privacy whitepaper — how your data actually moves

A plain-language walkthrough of how Nox handles your data — what is collected, where it goes, who can see it, and the controls you have. The legally binding document is the Privacy Policy; this whitepaper explains the same practices in the way a person would actually ask about them.

What happens to a message you send

When you send a message, it travels encrypted (TLS) to Nox's servers, where Leo's deterministic safety layer screens it first. It is then sent to OpenAI to generate the answer, under terms that do not allow your conversations to be used to train OpenAI's models. The conversation is stored in Nox's managed PostgreSQL database so you can return to it — unless you are in Incognito mode, in which case it is never stored at all.

What Nox collects — and what it doesn't

Nox stores your account basics (from your sign-in provider), your conversations, any facts you let Memory keep, your plan and billing state, and the check-in inputs you log (like sleep hours or stress level). Nox does not sell your data, does not run third-party advertising trackers in the app, and does not collect data from your device beyond what you type, say, or attach.

Health data is treated as sensitive by default

Anything health-related you share — symptoms, medications, photos, check-in logs, remembered facts — is treated as sensitive: used to answer you and to run the features you invoke, and not for advertising or sale. The Privacy Policy describes this handling in binding detail.

Who processes your data

Nox uses a small set of service providers to run: OpenAI (answer generation — no training on your chats), Stripe (payments — Nox never sees your full card number), Clerk (sign-in), and the managed database and hosting infrastructure the app runs on. Each provider receives only what its job requires. If you connect apps like Google Calendar, Nox accesses them only for the action you confirm.

Who at the company can see your chats

There is no routine human review of conversations. Access to production data is limited to what is needed to operate the service, debug a problem you report, or meet a legal obligation — the narrow cases the Privacy Policy spells out.

Nox is not a HIPAA-covered service

Nox is a consumer wellness product, not a healthcare provider, and is not covered by HIPAA. That does not lower Nox's own obligations — the practices described here apply regardless — but it does mean your Nox conversations are not 'medical records' in the legal sense, and Nox says so plainly rather than implying otherwise.

The controls you have

Delete any conversation. Review and delete every fact Memory holds, or turn Memory off. Use Incognito for conversations that are never saved. Disconnect connected apps at any time. Cancel billing in the Stripe portal. For a copy of your data or full account deletion, email privacy@aurenaring.com.

How long data is kept

Conversations and memories are kept until you delete them or your account is deleted. Incognito conversations are never written to storage. Billing records are retained as required for accounting and tax law. The Privacy Policy's retention section governs the specifics.

What we're still improving (honestly)

Nox has not yet completed an independent third-party security audit or certification (such as SOC 2), and the product's data-handling documentation is still growing alongside the product. This whitepaper will be updated as those milestones are reached — the same measured-not-promised approach as the rest of Nox's transparency pages.