1. Data controller
Nimbus S.L. (“Nimbus Notes”, “we”) is the controller of the personal data collected through nimbus.app. Contact: privacy@nimbus.app.
2. What data we process
- Account data: email address and name, when you sign up.
- Content: the notes and files you create in the app, so we can provide the service.
- Technical data: IP address, device and browser type, and error logs, for security and diagnostics.
- Usage analytics: only if you accept it in the cookie banner.
We do not process special categories of data and we do not make automated decisions with legal effects on you.
3. Why we use your data and on what legal basis
- To provide the service and sync your notes — performance of the contract (art. 6(1)(b) GDPR).
- To send transactional emails (verification, security alerts) — performance of the contract.
- To keep the service secure and prevent abuse — legitimate interest (art. 6(1)(f) GDPR).
- Usage analytics to improve the product — your consent (art. 6(1)(a) GDPR), revocable at any time.
4. Who we share data with
We do not sell your data. It is only shared with providers acting as our processors: EU-based hosting, transactional email and a payment processor. Each one is bound by a data processing agreement under art. 28 GDPR.
5. International transfers
Where a provider processes data outside the European Economic Area, the transfer is covered by the European Commission's standard contractual clauses or other Chapter V GDPR safeguards.
6. How long we keep your data
For as long as your account is active. If you delete it, we erase your content within 30 days and keep only what is needed for legal obligations (e.g. invoicing) for the legally required periods.
7. Your rights
You can access, rectify, erase, object to, restrict and port your data (arts. 15–22 GDPR) by writing to privacy@nimbus.app. You can also lodge a complaint with your supervisory authority.
If the CCPA/CPRA (California) or the UK GDPR applies to you, you have equivalent rights, including the right not to have your data “sold or shared” — which we do not do.
8. Security
We apply encryption in transit and at rest, role-based access control and daily backups. No system is infallible: if we detect a breach affecting you, we will notify you in line with art. 34 GDPR.
9. Children
Nimbus Notes is not directed at children under 14 and we do not knowingly profile minors.
10. Changes to this policy
If we change this policy materially, we will notify you by email or in the app before the change takes effect.
11. Contact
privacy@nimbus.app · Nimbus S.L., Spain.
⚖️ This document was generated 100% by AI against current regulations and has not been reviewed by a human lawyer. It does not constitute legal advice; for specific cases, consult a qualified lawyer.