Skip to main content

Legal

Privacy Notice

Last updated April 2026

1. Who we are

Nila is operated by Ask Nila Solutions Limited, a company incorporated in British Columbia, Canada, trading as "Ask Nila" ("Ask Nila," "we," "us," "our"). For the personal data described in this notice, we are the organization responsible for your information (the data controller under GDPR / UK GDPR; the equivalent role under PIPEDA and BC's Personal Information Protection Act).

Privacy Officer. In line with PIPEDA Principle 1 (Accountability) and Quebec's Law 25, Ask Nila Solutions Limited has designated a Privacy Officer who is responsible for our compliance with this notice. You can reach the Privacy Officer at privacy@asknila.com.

How to contact us. By email at info@asknila.com (general) or privacy@asknila.com (privacy and data requests). By post: Ask Nila Solutions Limited, Victoria, British Columbia, Canada. (A street address is available on written request for formal legal notices.)

2. Data we collect

We collect the following categories of personal data:

  • Account data: name or display name, email address, password (hashed), and optional profile details such as journey stage, bio, and avatar.
  • Content you create: community posts, comments, upvotes, symptom logs, check-ins, journal entries, goals, milestones, suggested research, reports of content, and partner inquiries.
  • Newsletter data: email and name (if you subscribe).
  • Support and correspondence: messages you send us.
  • Nila chat & AI-assisted tools: the questions and context you send to the Nila chat, and the inputs you provide to Premium tools such as the "draft a letter for your GP" feature, are processed to generate a response.

    See section 5a below for how AI providers are involved.
  • Shared pathway snapshots: if you create a shareable link from your pathway (/shared/<token>), we generate a token and store a point-in-time snapshot of the non-identifying summary you chose to share (your current focus area, pathway answers, and aggregate signals).

    We do not include your name, email, journal entries, or chat history in shared snapshots. You can revoke the link at any time from your account.
  • Usage and device data: log data, IP address, browser type, device identifiers, pages visited, and approximate location, collected via cookies and our hosting provider.
  • Subscription metadata: plan, status, and billing period (for Premium members). Card details are handled directly by our payment processor (Stripe), we never see or store them.

3. How we use your data

  • To create and manage your account and provide the Service;
  • To enable community features (posts, comments, upvotes, reporting);
  • To deliver newsletters and product updates you've signed up for;
  • To respond to support requests and partner inquiries;
  • To prevent fraud, abuse, and security incidents;
  • To improve the Service, including aggregated, non-identifying analytics;
  • To comply with legal obligations.

4. Legal bases for processing

For users in Canada, we rely on PIPEDA and BC's Personal Information Protection Act (PIPA), which generally require meaningful consent for the collection, use, and disclosure of personal information. For users in the UK and EEA, we rely on the following legal bases under GDPR and UK GDPR:

  • Contract: to provide the Service and process subscriptions you've purchased.
  • Legitimate interests: to keep the Service secure, improve it, and communicate with you about your account.
  • Consent: for newsletter sign-ups and any non-essential cookies, where required.
  • Legal obligation: to meet tax, accounting, and regulatory requirements.

5. Who we share data with

We share personal data only with:

  • Service providers / subprocessors who help us run Nila, includingSupabase, Inc. (United States), which hosts our application database, authentication, and file storage; our email delivery provider; and analytics tooling. They are contractually bound to protect your data and act only on our instructions.
  • Stripe, Inc., our payment processor, for processing Premium subscriptions, recurring billing, invoicing, and fraud prevention. We pass Stripe your email address and the plan you selected; Stripe collects and stores your payment-card details directly, we do not see or store them. See Stripe's Privacy Policy.
  • AI model providers, accessed through an AI gateway, for generating responses in the Nila chat and Premium AI-assisted tools.

    When you send a message, the text of that message (and recent conversation context) is transmitted to a large language model operated by Google (Gemini) or OpenAI (GPT) so it can generate a reply.

    We do not pass your account email, billing details, or unrelated profile data with these requests, and our gateway agreements prohibit providers from using your inputs to train their public models. See section 5a for more detail.
  • Professional advisers such as legal and accounting professionals, when needed.
  • Authorities when required by law, court order, or to protect our rights and safety.

We do not sell, rent, trade, or licence your personal data to advertisers, brokers, or any third party for their own marketing. We have never done this and have no plans to. Per our published principles. We will not pass member-level data to affiliates or sponsors at any price.

Automated decision-making. We do not use your personal data to make automated decisions that produce legal or similarly significant effects about you (Quebec Law 25 disclosure).

5a. AI-assisted features

Parts of Nila use artificial intelligence to help you, including the Nila chat and the Premium "draft a letter for your GP" tool. When you use one of these features:

  • Your message text and recent conversation context are sent through an AI gateway to a third-party large language model (currently Google Gemini for free conversations and OpenAI GPT for Premium conversations and the GP letter drafter). The model returns a response, which we display to you.
  • Providers process this data on our behalf as service providers and, under our gateway agreements, are not permitted to use your inputs or outputs to train their general-purpose models.
  • We retain a record of your chats and drafted letters tied to your account so the feature can show conversation history and so we can investigate abuse, safety issues, or quality problems. You can delete your chat history from your account, or close your account entirely, at any time.
  • AI responses can be incomplete, out of date, or wrong. They are not medical advice. Please don't paste another person's identifying information (full name, contact details, medical record numbers) into the chat or letter tool, since that content will be sent to a third-party model on your behalf.
  • We do not use AI to make automated decisions that produce legal or similarly significant effects about you (Quebec Law 25).

6. International transfers

Nila is operated from British Columbia, Canada. Some of our service providers, including Stripe, Inc. (United States) for payments, Supabase, Inc. (United States) for database, authentication, and file storage, and our email delivery provider (United States), and the AI model providers used by our AI-assisted features (Google and OpenAI, principally United States), process personal data outside Canada. Where personal data is transferred internationally, we rely on appropriate safeguards (provider contracts, Standard Contractual Clauses, or equivalent mechanisms) and on the comparable-protection principle under PIPEDA. Quebec residents are notified, in line with Law 25, that their personal information may be communicated outside Quebec (principally to the United States) for the purposes described in this notice.

7. How long we keep data

We keep your personal data for as long as your account is active and for a reasonable period afterward to comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict or object to processing of your personal data, withdraw consent, and request data portability. Canadian users have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada and (for BC residents) the Office of the Information and Privacy Commissioner for BC. Quebec residents may also lodge a complaint with the Commission d'accès à l'information du Québec. UK and EEA users have the right to lodge a complaint with their local supervisory authority. We aim to respond within 30 days.

To exercise any of these rights, email our Privacy Officer at privacy@asknila.com.

9. Security

We use appropriate technical and organizational measures to protect your data, including encryption in transit, hashed passwords, role-based access controls, and row-level security in our database. No system is perfectly secure, but we work continually to keep your data safe.

Breach notification. If a breach of security safeguards creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada without unreasonable delay, in line with PIPEDA's mandatory breach-reporting requirements.

For Quebec residents, we will also notify the Commission d'accès à l'information as required by Law 25.

9a. Marketing email and CASL

For commercial messages sent to recipients in Canada, we comply with Canada's Anti-Spam Legislation (CASL). We send marketing email (such as our newsletter) only with your express consent at sign-up, identify Nila as the sender with our contact details, and include a working unsubscribe link in every commercial message that takes effect within 10 business days. You can withdraw consent at any time by clicking unsubscribe or emailing privacy@asknila.com.

10. Cookies

We use a small number of cookies and similar technologies. Essential cookies keep you signed in and the Service functioning. Analytics cookies, where used, help us understand how the Service is used in aggregate. You can control cookies through your browser settings.

11. Children

Nila is intended for adults aged 18 or older moving through perimenopause and menopause. We do not direct the Service to, or knowingly collect personal data from, anyone under 18. If you believe someone under 18 has provided personal data, please contact privacy@asknila.com and we will delete it.

11a. Sensitive health information

Some information you choose to share with Nila, including symptom logs, check-ins, journal entries, mood ratings, and notes about treatments, medications, or neurodivergence, is sensitive personal information about your health. We treat this data with extra care: it is stored under row-level access controls so only you (and, where strictly necessary, designated administrators investigating a safety or abuse issue) can read it; it is never sold, rented, or shared with advertisers, brokers, sponsors, or affiliates; and it is never used to make automated decisions about you. Nila is a wellbeing and education platform, not a medical record, and is not a "covered entity" under HIPAA or a "health information custodian" under PHIPA or equivalent regimes. You can export, delete, or close your account at any time from your account page.

12. Changes to this notice

We may update this notice from time to time. Material changes will be communicated through the Service or by email.

13. Contact

For privacy questions or requests, email our Privacy Officer at privacy@asknila.com. For everything else, email hello@asknila.com. See also our Terms of Service and Refund Policy.