Nimbalyst Privacy Policy

Effective Date: July 6, 2026

At Nimbalyst, we take your privacy seriously. This Privacy Policy explains how Nimbalyst, Inc. (“Nimbalyst,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Nimbalyst desktop application (the “App”) and our marketing website at nimbalyst.com (the “Website”). By downloading, installing, or using the App, and/or by visiting our Website, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy.

The App employs a local-first data architecture. Your session data, workspace settings, and project files are stored locally on your device using and your local file system. Core App data is not transmitted to or stored on Nimbalyst servers unless you opt into Nimbalyst Share, Mobile App Sync, Nimbalyst Teams, or other specific features as described below.

Quick Summary

What We DoDetails
Your documents stay localYour files and workspace data are stored on your device, not our servers
We collect anonymous analyticsUsage patterns and performance data to improve the App
You can opt outDisable analytics anytime in App settings
Optional email/accountOnly if you choose to provide it
No advertisingWe do not sell your data or use it for advertising
AI providers are your choiceYou configure which AI services to use; your relationship is directly with them
Sharing, sync, and teams are opt-inNimbalyst Share, Mobile App Sync, and Nimbalyst Teams use Cloudflare when you choose to share, sync, or collaborate
California rightsCalifornia residents can review our California Privacy Notice
EU/EEA, UK, and Swiss usersDataRep is our appointed data protection representative; see EEA, UK, and Swiss Privacy Rights below

Part A: Desktop Application

This section applies to your use of the Nimbalyst desktop application.

Information We Collect (App)

Information Stored Locally

The following information is stored in Nimbalyst only on your device and is not transmitted to Nimbalyst:

  • Your Documents and Files - All content you create, edit, or store in the App
  • Workspace Configuration - Your preferences, settings, and workspace organization
  • Local Nimbalyst Data - Cached data, undo history, and other App state
  • Your Sessions - your prompts and the AI’s response

You are solely responsible for backing up this locally stored data.

Analytics Data (Collected Automatically)

When analytics are enabled (the default), we automatically collect:

CategoryExamplesPurpose
Usage DataFeatures used, actions taken, session durationUnderstand how people use the App
Performance DataLoad times, memory usage, errorsIdentify and fix performance issues
Device DataOperating system, App version, screen resolutionEnsure compatibility and prioritize platform support
Crash ReportsError logs, stack tracesFix bugs and improve stability

What we do NOT collect through analytics:

  • Content of your documents
  • File names or paths
  • Personal identifiers (unless you opt in)

Information You Provide Voluntarily

If you choose to provide additional information, we may collect:

TypeWhen CollectedPurpose
Email AddressWhen you sign up for updates or create an accountCommunicate with you, link to analytics for better insights
Role/Job TitleDuring optional onboardingUnderstand our user base and tailor the product
Survey ResponsesWhen you respond to in-app surveysGather feedback to improve the App
Support RequestsWhen you contact supportRespond to your inquiries

AI Features and Third-Party AI Providers

The App includes AI-powered features that connect to third-party AI providers. You configure which AI providers to use through the App settings by providing your own API keys or credentials.

What is sent to AI providers:

When you use AI features, the App transmits the following to your chosen AI provider:

  • Your prompts and questions
  • Content from files or documents you are viewing or have selected as context
  • Relevant workspace context needed to fulfill your request

Important: Nimbalyst acts as a local conduit to transmit your data to the AI provider you have selected and the AI’s response back.. Your relationship with the AI provider is directly between you and that provider. Nimbalyst does not control how AI providers process, store, or use your data.

Your responsibilities:

  • Review and accept the terms and privacy policies of any AI provider you choose to use
  • Ensure you have the right to share any content you send to AI providers
  • Understand that AI providers may retain and process your data according to their own policies

What Nimbalyst does NOT do:

  • We do not send your prompts or AI conversations to our servers
  • We do not store your prompts or AI conversations on our servers
  • We do not have access to your AI provider API keys after you enter them (they are stored locally)
  • We do not receive or retain responses from AI providers on our servers

Nimbalyst Share is an optional, free feature that lets you generate a shareable link to a markdown document or session. When you use Nimbalyst Share:

  • How it works: Your content is encrypted in transit and uploaded to Cloudflare, where it is also encrypted at rest. A unique link is generated that you can share with anyone.
  • Nimbalyst cannot see your content. Shared content is encrypted and stored on Cloudflare infrastructure. Nimbalyst does not have access to the content of what you share.
  • Expiration: Shared links expire after a limited number of days, after which the content is automatically deleted from Cloudflare.
  • Your choice: This feature is entirely opt-in. No content is shared unless you explicitly choose to generate a link.

Mobile App Session Sharing

You can optionally configure Nimbalyst to sync sessions to the Nimbalyst mobile app. When you enable Mobile App Session Sharing:

  • How it works: Session data is transmitted through Cloudflare and stored there for a limited number of days so your mobile app can retrieve it.
  • Encryption: Sessions are encrypted in transit and encrypted at rest on Cloudflare.
  • Nimbalyst cannot see your content. Session content is encrypted and stored on Cloudflare infrastructure. Nimbalyst does not have access to the content of your sessions.
  • Expiration: Session data is automatically deleted from Cloudflare after a limited number of days.
  • Your choice: This feature is entirely opt-in. No session data is transmitted unless you configure mobile app sharing.

Nimbalyst Teams

Nimbalyst Teams is an optional collaboration feature. When you create or join a team workspace and choose to share documents, trackers, or related team content:

  • How it works: Shared team content is transmitted through Cloudflare and hosted there so authorized team members can collaborate.
  • Encryption: Team content is encrypted in transit and encrypted at rest on Cloudflare.
  • Access: Team content is available to authorized team members according to the team’s access settings.
  • Retention: Team content remains available while the team workspace or shared content remains active, unless deleted according to the applicable product controls and retention practices.
  • Your choice: This feature is entirely opt-in. Local-only work is not sent to Nimbalyst Teams unless you choose to use team collaboration.

Browser Extension (Web Clipper)

The Nimbalyst Web Clipper is an optional Chrome browser extension that clips web pages to your Nimbalyst workspace as markdown files.

  • How it works: When you click “Clip Page” or use the right-click context menu, the extension reads the current page’s HTML, converts it to markdown, and sends it to the Nimbalyst desktop app running on your machine via http://127.0.0.1.
  • All communication is local. Clipped content is sent only to your locally running Nimbalyst app. No page content, URLs, or browsing data is transmitted to Nimbalyst servers or any third party.
  • No browsing data is collected. The extension does not track your browsing history, collect cookies, or monitor page visits. It only reads page content when you explicitly initiate a clip.
  • No analytics or tracking. The extension contains no analytics, telemetry, or tracking code.

Part B: Marketing Website

This section applies to your use of nimbalyst.com (the “Website”).

Information We Collect (Website)

Information Collected Automatically

When you visit our Website, we automatically collect:

CategoryExamplesPurpose
Device DataIP address, browser type, operating systemEnsure compatibility and security
Web AnalyticsPages visited, time on site, referring URLUnderstand how visitors use the Website
Geolocation DataCountry/region based on IP addressAnalyze geographic reach

Cookies and Tracking Technologies

The Website uses cookies and similar technologies to:

  • Essential Cookies - Enable core Website functionality (e.g., staying logged in)
  • Functional Cookies - Remember your preferences
  • Analytics Cookies - Understand how visitors use the Website

You can control cookies through your browser settings. Disabling cookies may affect Website functionality.

Information You Provide

If you interact with the Website, we may collect:

TypeWhen CollectedPurpose
Email AddressWhen you sign up for newsletters or download the AppSend updates and communications
Contact InformationWhen you submit a contact formRespond to your inquiry
Payment InformationWhen you purchase a subscriptionProcess your payment (via Stripe)

Part C: General Provisions

The following sections apply to both the App and the Website.

How We Use Your Information

We use the information we collect for the following purposes:

Providing and Improving Our Products

  • Operating and maintaining the App and Website
  • Fixing bugs and improving performance
  • Developing new features based on usage patterns
  • Ensuring security and preventing abuse

Communications (If You Opt In)

  • Sending product updates and release notes
  • Responding to support requests
  • Sharing tips and best practices

Analytics and Research

  • Understanding how users interact with the App and Website
  • Identifying popular features and pain points
  • Making data-driven product decisions
  • Creating aggregated, anonymized reports
  • Complying with legal obligations
  • Protecting our rights and property
  • Ensuring the security of the App, Website, and our users

How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

Service Providers

We work with third-party service providers who assist us in operating the App and Website:

Provider TypePurposeData Shared
Analytics (PostHog)App usage analyticsAnonymous usage data
Analytics (Google Analytics)Website analyticsAnonymous usage data, IP address
Authentication (Stytch)Account login for cloud syncEmail, authentication tokens
Payment Processing (Stripe)Processing paid featuresPayment information (we don’t store full card numbers)
Cloud Infrastructure (Cloudflare)Hosting shared links, mobile app session sync, and Nimbalyst Teams collaborationShared, synced, or team collaboration content when you opt in

Our service providers are contractually obligated to protect your information and use it only for the purposes we specify.

International Transfers and Data Privacy Framework

Nimbalyst is based in the United States. If we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss adaptations to the Standard Contractual Clauses, as applicable.

Nimbalyst is preparing to self-certify under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. Where applicable after certification is finalized, we may rely on the applicable Data Privacy Framework for covered transfers.

We may disclose information if required to do so by law or in response to valid legal requests (e.g., subpoena, court order) and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Nimbalyst or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

Business Transfers

All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).

Data That Is Not Personal Information

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Website or Services and promote our business, provided that we will not disclose such data in a manner that could identify you.

We may share information with third parties when you explicitly consent to such sharing.

Your Choices and Rights

Opt Out of Analytics (App)

You can disable analytics collection at any time:

  1. Open the App
  2. Go to Settings > Privacy
  3. Toggle off Send anonymous usage data

When you opt out:

  • We stop collecting new analytics data from your device
  • Previously collected data is retained in aggregate form
  • Core App functionality is not affected

Manage Cookies (Website)

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored
  • Delete individual or all cookies
  • Block cookies from specific or all sites

Delete Your Account

If you have created an account:

  1. Contact us at support@nimbalyst.com
  2. Request deletion of your account and associated data
  3. We will process your request within 30 days

Access and Portability

You can request a copy of any personal data we have about you by contacting support@nimbalyst.com

Correction

If any information we have about you is incorrect, please contact us to have it corrected.

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in Transit - All data transmitted to our servers uses TLS encryption
  • Encryption at Rest - Cloud-synced data is encrypted at rest
  • Access Controls - Limited employee access to user data
  • Security Audits - Regular security assessments

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

Data TypeRetention Period
Account informationWhile your account is active, and for up to 7 years after it closes where needed for tax and accounting and to establish or defend legal claims. Authentication credentials are deleted when the account closes. You can request deletion at any time, and we delete data we are not required to keep.
Billing and payment records7 years, to meet tax and accounting requirements.
Analytics and usage dataUp to 7 years, then deleted or anonymized.
Support communicationsUp to 7 years after the matter is resolved.
Marketing dataUntil you unsubscribe or withdraw consent.
User contentWhile your account is active, or until you delete it.
Shared Links (Nimbalyst Share)Automatically deleted after the expiration period.
Mobile App Session DataAutomatically deleted after the expiration period.
Aggregated / anonymized dataMay be retained indefinitely, as it no longer identifies you.

Children’s Privacy

The App and Website are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@nimbalyst.com, and we will delete such information.

California Privacy Rights

California residents can review our California Privacy Notice for CCPA-aligned California privacy disclosures. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined by the CCPA.

When your browser sends a Global Privacy Control signal on nimbalyst.com, we treat it as a request not to load non-essential analytics scripts for that browser session.

Under California Civil Code Sections 1798.83-1798.84, California residents may contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes. To submit a privacy request, please contact us at privacy@nimbalyst.com.

Other State Privacy Rights

Residents of other states with comprehensive privacy laws may have similar rights to access, delete, correct, or receive a copy of personal information, or to opt out of certain processing. To exercise a privacy right, please contact us at privacy@nimbalyst.com.

EEA, UK, and Swiss Privacy Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, applicable data protection law (including the EU GDPR, the UK GDPR, and the Swiss Federal Act on Data Protection) may give you additional rights, including the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, contact us at privacy@nimbalyst.com. You also have the right to lodge a complaint with your local data protection supervisory authority.

Data Protection Representative (EU/EEA, UK, and Switzerland)

Nimbalyst, Inc. is based in the United States. We have appointed DataRep as our Data Protection Representative in the European Union / European Economic Area for the purposes of Article 27 of the EU GDPR, in the United Kingdom for the purposes of Article 27 of the UK GDPR, and in Switzerland for the purposes of Article 14 of the Swiss Federal Act on Data Protection.

If you are in the EU/EEA, the UK, or Switzerland and want to raise a question about, or exercise a right in respect of, our processing of your personal data, you can contact DataRep in any of the following ways:

DataRep also maintains contact locations across EU/EEA member states, the United Kingdom, and Switzerland. When contacting DataRep by post at any location, please address your correspondence to “DataRep” so that it reaches our representative. “DataRep” means Data Protection Representative Limited (trading as DataRep), an Irish company with registration number 616588.

Please contact DataRep only for data protection matters. For general questions about Nimbalyst products, services, or your account, please contact support@nimbalyst.com.

We have appointed DataRep as our legal representative in the European Union for the purposes of Article 13 of the EU Digital Services Act (Regulation (EU) 2022/2065). Authorities and users in the EU can contact our DSA legal representative at digitalrequest@datarep.com or by post at DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Ireland.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App, Website, or by other means before the changes take effect.

The “Effective Date” at the top of this policy indicates when it was last revised.

Contact Information: