Legal

Privacy Policy

Last updated: December 16, 2025

1. Introduction

NimbleBrain, Inc. ("we," "us," or "our") operates the NimbleBrain platform. This Privacy Policy describes how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Company information
  • Authentication credentials

Usage Data

We automatically collect information about how you use our platform:

  • API requests and responses
  • Feature usage analytics
  • Performance metrics
  • Error logs and debugging information

Technical Information

We collect technical data to ensure platform security and performance:

  • IP addresses and device information
  • Browser type and version
  • Operating system information
  • Connection and network data

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our services
  • Process transactions and billing
  • Improve platform performance and features
  • Provide customer support
  • Ensure platform security and prevent abuse
  • Comply with legal obligations
  • Send important service communications

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested (account management, service delivery, billing)
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, where these interests are not overridden by your rights
  • Legal Obligation: Processing required to comply with applicable laws and regulations
  • Consent: Where required, we will obtain your consent before processing (e.g., marketing communications)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these limited circumstances:

Service Providers (Subprocessors)

We work with trusted third-party service providers who assist us in operating our platform:

  • Amazon Web Services (AWS) - Cloud infrastructure and hosting (United States)
  • Stripe - Payment processing (United States)
  • Google Analytics - Website and product analytics (United States)
  • Mixpanel - Product analytics (United States)
  • Intercom - Customer messaging and support (United States)

All subprocessors are contractually bound to protect your data and only process it as instructed by us.

Legal Requirements

We may disclose information if required by law or in response to valid legal process.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication
  • Regular security audits and vulnerability assessments
  • Role-based access controls and monitoring
  • Secure development practices

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured format
  • Restriction: Limit how we process your information
  • Objection: Object to certain types of processing

To exercise these rights, please contact us at privacy@nimblebrain.ai.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information as necessary to provide our services
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Personal Information Collected: In the preceding 12 months, we have collected: identifiers (name, email, IP address), commercial information (billing records), internet activity (usage data, analytics), and professional information (company name, job title).

To submit a request, email privacy@nimblebrain.ai. We will verify your identity before processing your request.

8. International Data Transfers

Our services are hosted in the United States. If you are accessing our services from outside the US, your information may be transferred to, stored, and processed in the US.

For transfers from the European Economic Area, United Kingdom, or Switzerland, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all subprocessors
  • Technical and organizational security measures

To request a copy of our Data Processing Agreement or Standard Contractual Clauses, contact us at privacy@nimblebrain.ai.

9. AI and Machine Learning

We do not use your data to train AI models. Your content, queries, and business data processed through NimbleBrain are never used to train, improve, or develop machine learning models.

When you use AI features within NimbleBrain:

  • Your data is processed only to provide the requested functionality
  • Outputs are generated in real-time and not stored for training purposes
  • We do not share your data with AI providers for their model training

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze platform usage and performance
  • Provide personalized experiences

You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.

11. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notification for significant changes
  • Updating the "Last updated" date

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@nimblebrain.ai

Address:
NimbleBrain, Inc.
1151 Walker Rd Ste 100 #191
Dover, DE 19904
United States