Nimbalyst Privacy Policy
Effective Date: October 1, 2025
At Nimbalyst, we take your privacy seriously. This Privacy Policy explains how Nimbalyst, Inc. (“Nimbalyst,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Nimbalyst desktop application (the “App”) and our marketing website at nimbalyst.com (the “Website”). By downloading, installing, or using the App, and/or by visiting our Website, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy.
The App employs a local-first data architecture. Your session data, workspace settings, and project files are stored locally on your device using and your local file system. Core App data is not transmitted to or stored on Nimbalyst servers unless you opt into Nimbalyst Share, Mobile App Sync, or other specific features as described below.
Quick Summary
| What We Do | Details |
|---|---|
| Your documents stay local | Your files and workspace data are stored on your device, not our servers |
| We collect anonymous analytics | Usage patterns and performance data to improve the App |
| You can opt out | Disable analytics anytime in App settings |
| Optional email/account | Only if you choose to provide it |
| No advertising | We do not sell your data or use it for advertising |
| AI providers are your choice | You configure which AI services to use; your relationship is directly with them |
| Sharing is opt-in and encrypted | Link sharing and mobile app sync go through Cloudflare, encrypted in transit and at rest. We cannot see your content |
Part A: Desktop Application
This section applies to your use of the Nimbalyst desktop application.
Information We Collect (App)
Information Stored Locally
The following information is stored in Nimbalyst only on your device and is not transmitted to Nimbalyst:
- Your Documents and Files - All content you create, edit, or store in the App
- Workspace Configuration - Your preferences, settings, and workspace organization
- Local Nimbalyst Data - Cached data, undo history, and other App state
- Your Sessions - your prompts and the AI’s response
You are solely responsible for backing up this locally stored data.
Analytics Data (Collected Automatically)
When analytics are enabled (the default), we automatically collect:
| Category | Examples | Purpose |
|---|---|---|
| Usage Data | Features used, actions taken, session duration | Understand how people use the App |
| Performance Data | Load times, memory usage, errors | Identify and fix performance issues |
| Device Data | Operating system, App version, screen resolution | Ensure compatibility and prioritize platform support |
| Crash Reports | Error logs, stack traces | Fix bugs and improve stability |
What we do NOT collect through analytics:
- Content of your documents
- File names or paths
- Personal identifiers (unless you opt in)
Information You Provide Voluntarily
If you choose to provide additional information, we may collect:
| Type | When Collected | Purpose |
|---|---|---|
| Email Address | When you sign up for updates or create an account | Communicate with you, link to analytics for better insights |
| Role/Job Title | During optional onboarding | Understand our user base and tailor the product |
| Survey Responses | When you respond to in-app surveys | Gather feedback to improve the App |
| Support Requests | When you contact support | Respond to your inquiries |
AI Features and Third-Party AI Providers
The App includes AI-powered features that connect to third-party AI providers. You configure which AI providers to use through the App settings by providing your own API keys or credentials.
What is sent to AI providers:
When you use AI features, the App transmits the following to your chosen AI provider:
- Your prompts and questions
- Content from files or documents you are viewing or have selected as context
- Relevant workspace context needed to fulfill your request
Important: Nimbalyst acts as a local conduit to transmit your data to the AI provider you have selected and the AI’s response back.. Your relationship with the AI provider is directly between you and that provider. Nimbalyst does not control how AI providers process, store, or use your data.
Supported AI Providers:
| Provider | Privacy Policy |
|---|---|
| Anthropic (Claude, Claude Code) | https://www.anthropic.com/privacy |
| OpenAI | https://openai.com/privacy |
| Local models (e.g., via LM Studio) | Data stays on your device |
Your responsibilities:
- Review and accept the terms and privacy policies of any AI provider you choose to use
- Ensure you have the right to share any content you send to AI providers
- Understand that AI providers may retain and process your data according to their own policies
What Nimbalyst does NOT do:
- We do not send your prompts or AI conversations to our servers
- We do not store your prompts or AI conversations on our servers
- We do not have access to your AI provider API keys after you enter them (they are stored locally)
- We do not receive or retain responses from AI providers on our servers
Nimbalyst Share (Link Sharing)
Nimbalyst Share is an optional, free feature that lets you generate a shareable link to a markdown document or session. When you use Nimbalyst Share:
- How it works: Your content is encrypted in transit and uploaded to Cloudflare, where it is also encrypted at rest. A unique link is generated that you can share with anyone.
- Nimbalyst cannot see your content. Shared content is encrypted and stored on Cloudflare infrastructure. Nimbalyst does not have access to the content of what you share.
- Expiration: Shared links expire after a limited number of days, after which the content is automatically deleted from Cloudflare.
- Your choice: This feature is entirely opt-in. No content is shared unless you explicitly choose to generate a link.
Mobile App Session Sharing
You can optionally configure Nimbalyst to sync sessions to the Nimbalyst mobile app. When you enable Mobile App Session Sharing:
- How it works: Session data is transmitted through Cloudflare and stored there for a limited number of days so your mobile app can retrieve it.
- Encryption: Sessions are encrypted in transit and encrypted at rest on Cloudflare.
- Nimbalyst cannot see your content. Session content is encrypted and stored on Cloudflare infrastructure. Nimbalyst does not have access to the content of your sessions.
- Expiration: Session data is automatically deleted from Cloudflare after a limited number of days.
- Your choice: This feature is entirely opt-in. No session data is transmitted unless you configure mobile app sharing.
Part B: Marketing Website
This section applies to your use of nimbalyst.com (the “Website”).
Information We Collect (Website)
Information Collected Automatically
When you visit our Website, we automatically collect:
| Category | Examples | Purpose |
|---|---|---|
| Device Data | IP address, browser type, operating system | Ensure compatibility and security |
| Web Analytics | Pages visited, time on site, referring URL | Understand how visitors use the Website |
| Geolocation Data | Country/region based on IP address | Analyze geographic reach |
Cookies and Tracking Technologies
The Website uses cookies and similar technologies to:
- Essential Cookies - Enable core Website functionality (e.g., staying logged in)
- Functional Cookies - Remember your preferences
- Analytics Cookies - Understand how visitors use the Website
You can control cookies through your browser settings. Disabling cookies may affect Website functionality.
Information You Provide
If you interact with the Website, we may collect:
| Type | When Collected | Purpose |
|---|---|---|
| Email Address | When you sign up for newsletters or download the App | Send updates and communications |
| Contact Information | When you submit a contact form | Respond to your inquiry |
| Payment Information | When you purchase a subscription | Process your payment (via Stripe) |
Part C: General Provisions
The following sections apply to both the App and the Website.
How We Use Your Information
We use the information we collect for the following purposes:
Providing and Improving Our Products
- Operating and maintaining the App and Website
- Fixing bugs and improving performance
- Developing new features based on usage patterns
- Ensuring security and preventing abuse
Communications (If You Opt In)
- Sending product updates and release notes
- Responding to support requests
- Sharing tips and best practices
Analytics and Research
- Understanding how users interact with the App and Website
- Identifying popular features and pain points
- Making data-driven product decisions
- Creating aggregated, anonymized reports
Legal and Safety
- Complying with legal obligations
- Protecting our rights and property
- Ensuring the security of the App, Website, and our users
How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
Service Providers
We work with third-party service providers who assist us in operating the App and Website:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Analytics (PostHog) | App usage analytics | Anonymous usage data |
| Analytics (Google Analytics) | Website analytics | Anonymous usage data, IP address |
| Authentication (Stytch) | Account login for cloud sync | Email, authentication tokens |
| Payment Processing | Processing paid features | Payment information (we don’t store full card numbers) |
| Cloud Infrastructure (Cloudflare) | Hosting shared links, mobile app session sync | Shared/synced content when you opt in (encrypted in transit and at rest) |
Our service providers are contractually obligated to protect your information and use it only for the purposes we specify.
Legal Requirements
We may disclose information if required to do so by law or in response to valid legal requests (e.g., subpoena, court order) and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Nimbalyst or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.
Business Transfers
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
Data That Is Not Personal Information
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Website or Services and promote our business, provided that we will not disclose such data in a manner that could identify you.
With Your Consent
We may share information with third parties when you explicitly consent to such sharing.
Your Choices and Rights
Opt Out of Analytics (App)
You can disable analytics collection at any time:
- Open the App
- Go to Settings > Privacy
- Toggle off Send anonymous usage data
When you opt out:
- We stop collecting new analytics data from your device
- Previously collected data is retained in aggregate form
- Core App functionality is not affected
Manage Cookies (Website)
You can control cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored
- Delete individual or all cookies
- Block cookies from specific or all sites
Delete Your Account
If you have created an account:
- Contact us at mailto:[email protected]
- Request deletion of your account and associated data
- We will process your request within 30 days
Access and Portability
You can request a copy of any personal data we have about you by contacting mailto:[email protected]
Correction
If any information we have about you is incorrect, please contact us to have it corrected.
Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in Transit - All data transmitted to our servers uses TLS encryption
- Encryption at Rest - Cloud-synced data is encrypted at rest
- Access Controls - Limited employee access to user data
- Security Audits - Regular security assessments
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
Data Retention
| Data Type | Retention Period |
|---|---|
| Analytics Data | Retained indefinitely |
| Account Information | Retained while account is active, deleted upon request |
| Support Communications | Retained indefinitely |
| Shared Links (Nimbalyst Share) | Automatically deleted after expiration period |
| Mobile App Session Data | Automatically deleted after expiration period |
| Aggregated/Anonymous Data | May be retained indefinitely |
Children’s Privacy
The App and Website are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at mailto:[email protected], and we will delete such information.
State Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at mailto:[email protected]. Additionally, please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App, Website, or by other means before the changes take effect.
The “Effective Date” at the top of this policy indicates when it was last revised.
Contact Information:
- Email: mailto:[email protected]
- Website: https://nimbalyst.com