Last updated: 5 July 2026
Controller within the meaning of the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG): [full legal name(s) of operator(s)], [street address], [postal code, city], Austria — operating the Nimogi service at nimogi.com as a pre-incorporation project (GmbH registration planned). Contact: admin@nimogi.com.
Waitlist. Email address, signup source, technical metadata (truncated IP hash, browser user agent). Purpose: managing the waitlist and sending a confirmation and early-access updates. Legal basis: Art 6(1)(b) GDPR (steps prior to entering a contract) and Art 6(1)(f) (abuse prevention). You can leave the waitlist anytime via the unsubscribe link or by emailing us.
Account. Email, name, authentication identifiers (managed by Clerk, our sign-in provider; if you use Google sign-in, we receive your Google account email and name). Purpose: providing your account. Legal basis: Art 6(1)(b).
Journal and performance data. Trades you log or import, notes, screenshots, tags, discipline and psychology self-assessments, and derived scores. This can reveal information about your emotional state. Purpose: the core journaling and analysis service you signed up for. Legal basis: Art 6(1)(b); for behavioral/emotional analysis features, your consent (Art 6(1)(a)), given by actively using those features and revocable at any time by deleting the relevant entries or your account.
Voice notes. If you record voice notes, the audio is stored and processed into a transcript and an emotional/prosody analysis. This is optional. Legal basis: consent (Art 6(1)(a)) — you trigger each recording yourself and can delete recordings at any time.
Usage and log data. Server logs, error reports (Sentry), and rate-limiting counters. Purpose: security, stability, abuse prevention. Legal basis: Art 6(1)(f) (legitimate interest in operating a secure service).
We use only technically necessary cookies (authentication/session cookies set by Clerk) and browser local storage for your own preferences (theme, UI settings). We do not use advertising or cross-site tracking cookies, which is why there is no cookie consent banner (§ 165(3) TKG 2021).
We use the following processors under Art 28 GDPR data processing agreements. Where providers process data outside the EU/EEA (in particular in the USA), transfers rely on the EU–US Data Privacy Framework and/or EU Standard Contractual Clauses (Art 46 GDPR):
| Provider | Purpose | Location / transfer basis |
|---|---|---|
| Vercel | Hosting and content delivery | USA/global — DPF/SCCs |
| Supabase | Database and file storage | EU (Ireland, AWS eu-west-1) |
| Clerk | Authentication and account management | USA — DPF/SCCs |
| Anthropic | AI analysis of journal content you submit | USA — SCCs |
| Groq | Voice note transcription (Whisper) | USA — SCCs |
| Hume AI | Voice prosody/emotion analysis (optional feature) | USA — SCCs |
| Resend | Transactional email and waitlist mailing list | USA — DPF/SCCs |
| Upstash | Rate limiting and usage counters (Redis) | EU region configured |
| Sentry | Error monitoring | USA — DPF/SCCs |
AI providers process your content to provide the requested analysis; we have API terms with these providers under which the data is not used to train their models.
Under the GDPR you have the right to access (Art 15), rectification (Art 16), erasure (Art 17), restriction (Art 18), data portability (Art 20), and objection to processing based on legitimate interests (Art 21). Where processing is based on consent, you may withdraw it at any time with effect for the future.
To exercise any right, email admin@nimogi.com. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, dsb.gv.at) or your local supervisory authority.
Nimogi’s scores and AI insights are informational tools for your own reflection. We do not carry out automated decision-making that produces legal effects concerning you (Art 22 GDPR).
Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production systems is restricted to the operators. Uploaded files are stored in private buckets accessible only via short-lived signed URLs.
The Service is intended for adults. We do not knowingly process data of persons under 18.
We will update this policy as the Service evolves (e.g. incorporation of a GmbH, new features or providers) and announce material changes in the app or by email. The current version is always available at nimogi.com/privacy.