Last updated: March 06, 2026
Security
Nimbloo is committed to protecting your personal data and being transparent about how
we collect, use, and safeguard your information. This policy describes our practices in
compliance with the LGPD and international regulations.
Security Pillars
What You Need to Know First
Transparency, security, and legal compliance as the foundation of our data processing.
Full Transparency
You have control over your data and can request access, correction, or deletion at any time.
Advanced Security
We use encryption, access controls, and continuous monitoring to protect your information.
Legal Compliance
We adhere to the LGPD, GDPR, and all other applicable data protection regulations.
Data Collected
What Data We Collect
Identification, navigation, and platform usage — with clarity about what is necessary and why.
Identification Data
We collect information you provide directly when you get in touch, create an account, or use our services:
Full name, corporate email, and phone number
Company name, job title, and industry
Payment and billing information (when applicable)
Navigation Data
Data collected automatically as you interact with our website and platform.
IP address, browser type, and operating system
Pages visited, time spent on the page, and source of access
Cookies and similar technologies (see specific section)
Platform Usage Data
Information generated through your use of our APIs and Decision Engine.
Images sent for analysis (processed and not permanently stored)
Data extracted from images (structured and anonymized)
Logs of requests, responses, and usage metrics.
Purposes
How We Use Your Data
To provide the service, communicate, improve the experience, and maintain security and compliance.
Service Delivery
We process your data to provide, operate, and improve our image analysis APIs and Decision Engine, including technical support and onboarding.
Security and Compliance
We monitor activity to detect fraud, prevent abuse, and fulfill legal and regulatory obligations.
Communication
We send essential communications for service operation — such as confirmations and system alerts — as well as marketing and support content. You may opt out of communications at any time.
Product Improvement
We analyze aggregated and anonymized data to improve our AI models, identify bugs, and develop new features.
LGPD — Legal Basis for Processing
What Grounds Permit Processing
We process your personal data based on the following legal grounds established by the LGPD:
Contract Performance
To provide contracted services and process requests (Art. 7, V of the LGPD).
Legitimate Interest
To improve our products, ensure security, and prevent fraud
(Art. 7º, IX of the LGPD).
(Art. 7º, IX of the LGPD).
Consent
When we request your explicit permission to process sensitive data or send marketing communications (Art. 7º, I of the LGPD).
Fulfillment of Legal Obligation
To meet regulatory and judicial requirements (Art. 7º, II of the LGPD).
Sharing and Retention
Who Your Data Is Shared With and How Long It Is Stored
We explain when data is shared with third parties and the timeframes and criteria for
retention and disposal — with transparency and control.
Service Providers
Cloud infrastructure (AWS, Google Cloud), analytics tools, customer support, and payment processing. All vendors sign DPAs (Data Processing Agreements).
Legal Requests
When required by law, court order, or competent authority.
Change of Control
In the event of a merger, acquisition, or asset sale, your data may be transferred to the
new controller under the same protections of this policy.
Active customer data
Duration of contract + 5 years (tax legislation).
Processed images
Up to 90 days after processing, unless otherwise requested.
Leads and commercial contacts
Up to 2 years of inactivity or consent withdrawal.
Audit logs
1 year, in accordance with security best practices.
Security
How We Protect Data
Controls and practices to mitigate risks and support InfoSec assessments:
Encryption in transit (TLS 1.3) and at rest (AES-256)
Role-based access controls (RBAC) and multi-factor authentication
Continuous monitoring, audit logs, and incident response
Periodic security testing and external audits (SOC 2, ISO 27001)
Regular team training and information security policies
Your Rights
What You Can Request
Access, correction, deletion, portability, and other rights provided under the LGPD.
Access
Request a copy of the data we hold about you
Correction
Update or correct incomplete or incorrect data
Deletion
Request the removal of data, subject to legal obligations
Portability
Receive your data in a structured, machine-readable format
Objection
Object to processing based on legitimate interest
Consent Withdrawal
Withdraw previously given consent at any time
To exercise your rights, contact our DPO (Data Protection Officer) at: dpo@nimbloo.com or via the contact form.
International Data Transfer
Data Protection Beyond Borders
When we use providers outside Brazil, we apply safeguards such as standard clauses, regulatory requirements, and equivalent protection levels to keep your data safe.
Standard contractual clauses approved by the ANPD
International certifications (Privacy Shield, GDPR adequacy decisions)
Equivalent levels of personal data protection
Our services are directed at businesses and professionals. We do not intentionally collect data from individuals under 18. If we identify inadvertent collection, we will delete the data immediately. Guardians may contact us at privacidade@nimbloo.com.
cookies
How We Use Cookies
Separated by type and purpose to meet corporate policies and regulatory requirements.
Essential Cookies
Required for basic site operation (login, navigation, security).
Analytics Cookies
Google Analytics, to understand how visitors interact with the site.
Marketing Cookies
Conversion tracking and ad personalization (requires consent).
Technical Governance
Enterprise-Ready Controls
Encryption, access control, and audit trails as fast evidence of governance.
Documentation & Privacy
Download essential materials and policies or access our Privacy Policy to understand how we handle and protect your data.
View Privacy Policy