California Privacy Notice
Last updated: June 28, 2026
This California Privacy Notice supplements the Nimbalyst Privacy Policy. It explains the personal information we collect, how we use and disclose it, and the rights available to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”).
Nimbalyst is local-first. The desktop app stores workspace files, documents, and sessions on your device unless you choose to use a cloud feature such as Nimbalyst Share, Mobile App Session Sharing, or Nimbalyst Teams.
Personal information we collect
The table below describes the categories of personal information we collect or may have collected in the past 12 months.
| Category | Examples | Sources | Purposes | Recipients |
|---|---|---|---|---|
| Identifiers | Name, email address, account identifiers, support contact details | You, authentication providers | Account access, support, communications, security | Authentication, email, infrastructure, and support providers |
| Customer records and commercial information | Subscription status, billing email, payment metadata, purchase history | You, payment providers | Billing, subscriptions, accounting, fraud prevention | Payment processors and accounting/support providers |
| Internet or network activity | Website pages visited, referrer, product usage events, device/browser metadata | Website and app telemetry | Analytics, product improvement, security | Analytics and infrastructure providers |
| Approximate geolocation | Country or region inferred from IP address | Website and app telemetry | Security, analytics, regional reporting | Analytics and infrastructure providers |
| User-generated content | Documents, sessions, prompts, responses, shared links, synced sessions, team content when you opt into cloud features | You | Sync, sharing, collaboration, and support you request | Cloud infrastructure providers and authorized recipients |
| Support communications | Emails and messages you send us | You | Customer support, troubleshooting, business records | Email, support, and CRM providers |
| Sensitive personal information | Account credentials or tokens, payment-related information handled by Stripe, and user content you choose to sync or share if it contains sensitive data | You, authentication/payment providers | Authentication, payment processing, security, and user-directed cloud features | Authentication, payment, infrastructure, and authorized recipients |
Sale and sharing
We do not sell personal information.
We do not share personal information for cross-context behavioral advertising as those terms are defined by the CCPA. We also do not knowingly sell or share the personal information of consumers under 16.
Our website uses analytics tools to understand site usage and improve Nimbalyst. We do not use advertising cookies, retargeting, or ad personalization on nimbalyst.com.
Sensitive personal information
We use sensitive personal information only to provide requested services, process payments, authenticate users, secure accounts, detect security incidents, and operate cloud features you choose to use. We do not use sensitive personal information to infer characteristics about you.
Because of that current use, we do not provide a separate “Limit the Use of My Sensitive Personal Information” link. If our practices change, we will update this notice and provide the required choice mechanism.
Your California privacy rights
Subject to legal exceptions, California residents may have the right to:
- know the categories and specific pieces of personal information we have collected;
- know the categories of sources, purposes, and recipients for that information;
- delete personal information we collected from you;
- correct inaccurate personal information;
- opt out of sale or sharing of personal information;
- limit certain uses and disclosures of sensitive personal information;
- use an authorized agent to submit a request;
- not be discriminated against for exercising CCPA rights.
How to submit a request
Email privacy requests to [email protected]. You may also contact [email protected], and we will route the request internally.
We may need to verify your identity before responding to access, deletion, or correction requests. We will not require identity verification for sale/share opt-out requests. If you use an authorized agent, we may ask for proof that you authorized the agent to act for you.
Response timing
We aim to respond to access, deletion, and correction requests within 45 calendar days. If reasonably necessary, we may extend the response period once by up to 45 additional calendar days and will notify you.
If we ever sell or share personal information, we will process opt-out requests as soon as reasonably possible and no later than required by law.
Global Privacy Control
Nimbalyst does not sell or share personal information for cross-context behavioral advertising. As an additional privacy measure, when your browser sends a Global Privacy Control signal on nimbalyst.com, we treat it as a request not to load non-essential analytics scripts for that browser session.
Financial incentives
We do not currently offer financial incentives or price/service differences in exchange for collecting, retaining, selling, or sharing personal information.
Contact
Privacy and data protection questions: [email protected]