Trust and Compliance

Nimbalyst is built local-first: your workspace data stays on your device, and we process it on our servers only when you opt into a cloud feature such as sync, share, or Teams. This page links to the policies and resources that explain how we protect your data.

Security

• SOC 2 Type II. Our controls for security, availability, and confidentiality are independently audited.
• Encryption in transit and at rest, access controls, logging, and vendor due diligence.
• For our SOC 2 report or other security documentation, email [email protected].

Privacy

• Privacy Policy — how we collect, use, and protect personal data.
• GDPR at Nimbalyst — our roles, international transfers, and your rights under the GDPR.
• California Privacy Notice — California privacy disclosures, including CCPA-aligned rights instructions and our non-sale/non-sharing posture.
• Cookie Policy — the cookies and analytics we use, and your choices.

Data processing

• Sub-processors — the third parties that help us deliver the product, and how we notify you of changes.
• Data Processing Agreement — our DPA for customers who process personal data through Nimbalyst.

Contact

• Privacy and data protection: [email protected]
• Data Protection Officer: Karl Wirth, [email protected]