GDPR at Nimbalyst

Nimbalyst, Inc. applies GDPR-aligned practices across our product and operations. This page summarizes how we handle personal data. For the full detail, see our Privacy Policy.

Our role

  • For the content and data you and your team put into Nimbalyst, you are the controller and Nimbalyst is the processor. We process it only to provide the product and on your instructions.
  • For our own account, billing, and analytics data, we are the controller, as described in the Privacy Policy.

Where your data lives

Nimbalyst is local-first. Your workspace files stay on your device. We process personal data on our servers only when you turn on a cloud feature such as sync, share, or Teams.

AI providers

When you enable AI features, your prompts and content go to the AI provider you configure, such as Anthropic or OpenAI, using your own key or subscription and under your own agreement with that provider. The provider acts as your processor, not ours.

International transfers

Where we transfer EU, UK, or Swiss personal data to the United States, we rely on the European Commission’s Standard Contractual Clauses and the equivalent UK and Swiss mechanisms. Our sub-processors are bound by the same.

Your rights

You can request access, correction, deletion, portability, restriction, or objection for your personal data. Email [email protected]. Where we process data on behalf of a customer, we will direct your request to that customer.

Data Processing Agreement

Customers who process personal data through Nimbalyst can use our Data Processing Agreement, which includes the Standard Contractual Clauses.

Contacts