← NIMOGI

Privacy Policy

Last updated: 5 July 2026

01Controller

Controller within the meaning of the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG): [full legal name(s) of operator(s)], [street address], [postal code, city], Austria — operating the Nimogi service at nimogi.com as a pre-incorporation project (GmbH registration planned). Contact: admin@nimogi.com.

02What data we process, and why

Waitlist. Email address, signup source, technical metadata (truncated IP hash, browser user agent). Purpose: managing the waitlist and sending a confirmation and early-access updates. Legal basis: Art 6(1)(b) GDPR (steps prior to entering a contract) and Art 6(1)(f) (abuse prevention). You can leave the waitlist anytime via the unsubscribe link or by emailing us.

Account. Email, name, authentication identifiers (managed by Clerk, our sign-in provider; if you use Google sign-in, we receive your Google account email and name). Purpose: providing your account. Legal basis: Art 6(1)(b).

Journal and performance data. Trades you log or import, notes, screenshots, tags, discipline and psychology self-assessments, and derived scores. This can reveal information about your emotional state. Purpose: the core journaling and analysis service you signed up for. Legal basis: Art 6(1)(b); for behavioral/emotional analysis features, your consent (Art 6(1)(a)), given by actively using those features and revocable at any time by deleting the relevant entries or your account.

Voice notes. If you record voice notes, the audio is stored and processed into a transcript and an emotional/prosody analysis. This is optional. Legal basis: consent (Art 6(1)(a)) — you trigger each recording yourself and can delete recordings at any time.

Usage and log data. Server logs, error reports (Sentry), and rate-limiting counters. Purpose: security, stability, abuse prevention. Legal basis: Art 6(1)(f) (legitimate interest in operating a secure service).

03Cookies and local storage

We use only technically necessary cookies (authentication/session cookies set by Clerk) and browser local storage for your own preferences (theme, UI settings). We do not use advertising or cross-site tracking cookies, which is why there is no cookie consent banner (§ 165(3) TKG 2021).

04Processors and international transfers

We use the following processors under Art 28 GDPR data processing agreements. Where providers process data outside the EU/EEA (in particular in the USA), transfers rely on the EU–US Data Privacy Framework and/or EU Standard Contractual Clauses (Art 46 GDPR):

ProviderPurposeLocation / transfer basis
VercelHosting and content deliveryUSA/global — DPF/SCCs
SupabaseDatabase and file storageEU (Ireland, AWS eu-west-1)
ClerkAuthentication and account managementUSA — DPF/SCCs
AnthropicAI analysis of journal content you submitUSA — SCCs
GroqVoice note transcription (Whisper)USA — SCCs
Hume AIVoice prosody/emotion analysis (optional feature)USA — SCCs
ResendTransactional email and waitlist mailing listUSA — DPF/SCCs
UpstashRate limiting and usage counters (Redis)EU region configured
SentryError monitoringUSA — DPF/SCCs

AI providers process your content to provide the requested analysis; we have API terms with these providers under which the data is not used to train their models.

05Retention

  • Waitlist data: until you unsubscribe or the waitlist phase ends, then deleted or moved to your account if you join.
  • Account and journal data: for the life of your account; deleted upon account deletion, with backups purged on a rolling basis within 30 days.
  • Server and error logs: up to 90 days.
  • Data we must keep to comply with legal obligations is retained for the statutory period.

06Your rights

Under the GDPR you have the right to access (Art 15), rectification (Art 16), erasure (Art 17), restriction (Art 18), data portability (Art 20), and objection to processing based on legitimate interests (Art 21). Where processing is based on consent, you may withdraw it at any time with effect for the future.

To exercise any right, email admin@nimogi.com. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, dsb.gv.at) or your local supervisory authority.

07No automated decision-making

Nimogi’s scores and AI insights are informational tools for your own reflection. We do not carry out automated decision-making that produces legal effects concerning you (Art 22 GDPR).

08Security

Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production systems is restricted to the operators. Uploaded files are stored in private buckets accessible only via short-lived signed URLs.

09Children

The Service is intended for adults. We do not knowingly process data of persons under 18.

10Changes

We will update this policy as the Service evolves (e.g. incorporation of a GmbH, new features or providers) and announce material changes in the app or by email. The current version is always available at nimogi.com/privacy.