← Back to NASCORA

Privacy Policy

Last updated: March 2026

1. Who we are

NASCORA is operated by Dev AI LTD, a company registered in Bulgaria. We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR), Romanian ANSPDCP guidelines, and applicable data protection laws.

Data Controller: Dev AI LTD
Contact: privacy@nascora.com

2. What data we collect

2.1 Data you provide

Waitlist registration: email address only. Risk Checker searches: we do NOT store your search queries. All risk assessments are performed client-side in your browser. No health data is transmitted to our servers.

2.2 Automatically collected data

If you accept analytics cookies: anonymized page views, browser type, country (via Plausible Analytics \u2014 no personal identifiers, no cookies, GDPR-compliant by design). If you decline cookies: zero tracking data is collected.

3. How we use your data

Email addresses collected via the waitlist are used exclusively to notify you about NASCORA launch updates. We never sell, share, or rent your email address to third parties. We never use your data for advertising purposes.

4. Legal basis for processing (GDPR Art. 6)

Consent (Art. 6(1)(a)): Waitlist registration, analytics cookies. Legitimate interest (Art. 6(1)(f)): Website security, fraud prevention.

5. Data retention

Waitlist emails: retained until you unsubscribe or request deletion. Analytics data: automatically deleted after 24 months. We do not store any health-related data.

6. Your rights under GDPR

You have the right to: access your personal data, rectify inaccurate data, request erasure ("right to be forgotten"), restrict processing, data portability, object to processing, and withdraw consent at any time. To exercise these rights, email privacy@nascora.com. We will respond within 30 days.

7. Data transfers

Your data may be processed by service providers in the EU and US (Vercel, Plausible). All transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions under GDPR.

8. Security

We implement appropriate technical and organizational measures including HTTPS encryption, access controls, and regular security reviews.

9. Children

NASCORA is not directed at individuals under 16 years of age. We do not knowingly collect data from children.

10. Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your national supervisory authority. In Romania: ANSPDCP (Autoritatea Na\u021bional\u0103 de Supraveghere a Prelucr\u0103rii Datelor cu Caracter Personal), anspdcp.ro.

11. Changes

We may update this policy from time to time. Material changes will be communicated via email to registered users.