Legal

Privacy Policy

Last updated: March 3, 2026

1. Introduction

NimbleBrain, Inc. ("we," "us," or "our") provides AI consulting, implementation, and infrastructure services. This Privacy Policy describes how we collect, use, and protect your information when you use our services or visit our websites.

2. Information We Collect

Contact and Engagement Information

When you engage with us, we collect:

  • Name and email address
  • Company information and job title
  • Communication records from our engagement

Usage Data

We automatically collect information about how you interact with our services:

  • Website analytics and page views
  • Feature usage within delivered systems
  • Performance metrics and error logs

Technical Information

We collect technical data to ensure security and performance:

  • IP addresses and device information
  • Browser type and version
  • Operating system information
  • Connection and network data

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our services
  • Process transactions and billing
  • Improve our services and deliverables
  • Provide support during and after engagements
  • Ensure security and prevent abuse
  • Comply with legal obligations
  • Send important service communications

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the services you requested (engagement management, service delivery, billing)
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, where these interests are not overridden by your rights
  • Legal Obligation: Processing required to comply with applicable laws and regulations
  • Consent: Where required, we will obtain your consent before processing (e.g., marketing communications)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these limited circumstances:

Service Providers (Subprocessors)

We work with trusted third-party service providers:

  • Amazon Web Services (AWS) — Cloud infrastructure and hosting (United States)
  • Stripe — Payment processing (United States)
  • Google Analytics — Website analytics (United States)
  • Customer.io — Email communications (United States)

All subprocessors are contractually bound to protect your data and only process it as instructed by us.

Legal Requirements

We may disclose information if required by law or in response to valid legal process.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication
  • Regular security audits and vulnerability assessments
  • Role-based access controls and monitoring
  • Secure development practices

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Upon termination of an engagement, we will delete your personal information within 30 days upon request, except where retention is required by law.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured format
  • Restriction: Limit how we process your information
  • Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@nimblebrain.ai.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information as necessary to provide our services
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Personal Information Collected: In the preceding 12 months, we have collected: identifiers (name, email, IP address), commercial information (billing records), internet activity (usage data, analytics), and professional information (company name, job title).

To submit a request, email privacy@nimblebrain.ai. We will verify your identity before processing your request.

8. International Data Transfers

Our services are hosted in the United States. If you are accessing our services from outside the US, your information may be transferred to, stored, and processed in the US.

For transfers from the European Economic Area, United Kingdom, or Switzerland, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all subprocessors
  • Technical and organizational security measures

To request a copy of our Data Processing Agreement or Standard Contractual Clauses, contact us at privacy@nimblebrain.ai.

9. AI and Machine Learning

We do not use your data to train AI models. Your content, queries, and business data processed through NimbleBrain engagements are never used to train, improve, or develop machine learning models.

When we build and deploy AI systems for your organization:

  • Your data is processed only to provide the requested functionality
  • Outputs are generated in real-time and not stored for training purposes
  • We do not share your data with AI providers for their model training
  • Data handling specifics are documented in your engagement agreement

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze website usage and performance
  • Provide personalized experiences

You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.

11. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notification for significant changes
  • Updating the "Last updated" date

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Email: privacy@nimblebrain.ai

Address:
NimbleBrain, Inc.
1151 Walker Rd Ste 100 #191
Dover, DE 19904
United States