Privacy Policy

Effective Date: April 28, 2026

This Privacy Policy explains how Nino, operated by Malbec ("we", "us", "our"), collects, uses, and protects your personal data when you use our service at ninocrm.com.

1. Information We Collect

Information you provide:

• Account details (name, email, password hash)
• Workspace and team information
• Customer Data: claims, contacts, files, messages, calendar events, and any other data you input
• Payment-related identifiers (handled by Polar.sh — see Section 5)
• Email and calendar content if you connect Gmail or Outlook integrations
• Communications you send to support

Information collected automatically:

• Device and browser type, IP address, operating system
• Usage data: pages visited, features used, timestamps
• Cookies and similar technologies necessary for authentication and core functionality

We do not use third-party advertising trackers.

2. How We Use Your Data

• To provide and operate Nino
• To authenticate users and secure accounts
• To process payments through Polar.sh
• To deliver AI features (your messages may be sent to language model providers — see Section 4)
• To send transactional emails (account confirmation, billing notices, security alerts)
• To improve performance and fix bugs
• To comply with legal obligations

We do not sell your data to third parties.

3. Legal Basis for Processing (GDPR / similar laws)

We process your data based on:

• Contract — to deliver the service you signed up for
• Legitimate interest — to secure, improve, and operate Nino
• Consent — for optional features such as email/calendar integrations
• Legal obligation — to comply with applicable laws

4. AI and Third-Party Processors

Nino uses the following AI providers to power its AI assistant:

• Google Gemini (Google LLC) — primary AI model
• Anthropic Claude (Anthropic PBC) — for specific AI tasks
• Groq Whisper — for audio transcription

When you interact with Nino's AI, the relevant message and contextual data are sent to the AI provider for processing. None of these providers train their models on your data under our enterprise/API agreements.

5. Payment Processing

All subscription payments are processed by Polar.sh, Inc. acting as our Merchant of Record. Polar collects payment-card details, billing address, and tax information directly. We do not store your full payment-card details on our servers. Polar's privacy policy applies to that data: https://polar.sh/legal/privacy.

6. Data Storage and Security

• Hosting: Customer Data is stored in Supabase (PostgreSQL) and Vercel infrastructure, located in the United States.
• Encryption: Data is encrypted in transit (TLS) and at rest.
• Access controls: Row-level security ensures workspace data is only accessible to authorized team members.
• Backups: Daily database backups with 7-day retention.

While we apply industry-standard safeguards, no system is 100% secure. Notify us immediately at nino@malbec.team if you suspect a breach.

7. Data Retention

• Active accounts: Customer Data is retained for as long as your account is active.
• Cancelled accounts: Customer Data is deleted within 30 days of account closure unless legal obligations require longer retention.
• Backups: Deleted data may persist in encrypted backups for up to 30 additional days before being purged.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent (for consent-based processing)
• Lodge a complaint with a data-protection authority

To exercise these rights, email nino@malbec.team. We respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in the United States, where our infrastructure providers operate. We rely on Standard Contractual Clauses or equivalent safeguards where required by law.

10. Children

Nino is not intended for users under 18. We do not knowingly collect data from minors.

11. Cookies

We use cookies strictly necessary for:

• Authentication and session management
• Security (CSRF protection)
• Remembering your preferences (theme, etc.)

We do not use advertising or tracking cookies.

12. Changes to This Policy

We will notify you of material changes by email or in-app at least 14 days before they take effect.

13. Contact

Data controller: Malbec, operating Nino Email: nino@malbec.team Web: https://ninocrm.com