Privacy policy

Account information. When you create an account we collect your email address and a hashed password (we never store your password in plain text). If you sign in with Google or another OAuth provider, we store the provider's user ID and your email; no OAuth token is persisted after login.

Journal entries. Nimbera includes a private wellness journal. Anything you write there — symptoms, remedies you've tried, notes, dates — is stored in our database associated with your account. No one on the Nimbera team reads your journal.

AI chat history. If you use the AI assistant feature, your messages and the assistant's responses are stored so the conversation persists across sessions. These messages are sent to Anthropic's API to generate responses (see "Third parties" below). We do not use your chat history to train any AI model.

Billing information. If you subscribe to a paid plan, Stripe collects and holds your payment card details. We receive only a token and basic subscription metadata (plan type, renewal date, last-four digits). We never see or store your full card number.

Usage data. We log standard web server information — pages visited, timestamps, browser type, and IP address — for debugging and security purposes. We do not run ad-targeting analytics or sell this data.

Email address for transactional mail. We use your email to send account confirmations, password-reset links, and (if you opt in) a weekly digest. We do not send marketing email without your explicit opt-in.

Your data lives in a PostgreSQL database hosted on Railway, a managed cloud platform. Railway encrypts data at rest and in transit. The database is not publicly accessible; connections require credentials held only by the Nimbera application.

File uploads (if any) are stored in cloud object storage with private access controls. No uploaded file is publicly accessible by URL without an authenticated request.

We keep backups for up to 30 days for disaster recovery. Backup data is subject to the same access controls as live data.

We share your data with as few parties as possible. Here is the full list:

• Anthropic — your AI chat messages are sent to Anthropic's Claude API to generate responses. Anthropic processes this data under its own privacy policy. Per Anthropic's API terms, data submitted via API is not used to train their models.
• Stripe — handles payment processing. When you enter card details you are submitting them directly to Stripe's servers, not ours. Stripe is PCI-DSS Level 1 certified. See Stripe's privacy policy.
• Resend — handles transactional email delivery (account confirmations, password resets). Resend receives your email address to deliver these messages. See Resend's privacy policy.
• Railway — our hosting and database provider. Railway personnel have infrastructure-level access for platform operations; they operate under a strict access policy and do not read application data in the normal course of business.

We do not sell, rent, or trade your data to any other party. We do not use data brokers or advertising networks.

Active accounts. We keep your data for as long as your account is open.

Deleted accounts. When you delete your account (see below), we remove your personal data — account record, journal entries, and chat history — within 30 days. Anonymized aggregate statistics (e.g. "how many journal entries were created this month") may be retained but cannot be linked back to you.

Billing records. We are legally required to retain billing and transaction records for 7 years. These records contain only the minimal information needed for accounting: date, amount, plan type, and a masked card identifier. They do not contain your journal or chat data.

Server logs. Standard access logs are rotated and deleted after 90 days.

You have the following rights over your data, regardless of where you live:

• Access. You can export all of your journal entries and chat history from your account settings page at any time.
• Correction. You can edit or delete individual journal entries and chat messages at any time within the app.
• Deletion. You can delete your entire account (see below). We will confirm deletion within 30 days.
• Portability. Your data export is provided in JSON format, which is machine-readable and can be imported into other tools.
• Opt-out of email. You can unsubscribe from any non-essential email at any time using the link in the message footer.

If you are in the European Economic Area (EEA), the UK, or California (CCPA), you also have the right to lodge a complaint with your local data protection authority. We will cooperate fully with any such inquiry.

Go to Settings → Account → Delete account. You will be asked to confirm with your password. Once confirmed, deletion is irreversible. We will begin processing within 24 hours and complete full removal within 30 days.

If you cannot access your account, email us at privacy@nimbera.app from the address associated with your account. We will verify your identity before proceeding.

We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can delete this cookie at any time by logging out.

Nimbera is not intended for children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has created an account, please contact us at privacy@nimbera.app and we will delete it promptly.

If we make a material change — one that meaningfully affects how we use your data — we will email you at least 14 days before it takes effect and update the "Effective" date at the top of this page. Minor clarifications (fixing typos, adding links) may be made without notice.

Questions, concerns, or data requests: privacy@nimbera.app

We aim to respond to all privacy inquiries within 5 business days.