Skip to main content

Privacy Policy

Updated: April 13, 2026 · v2.0

In short: We only collect what is strictly necessary to provide the service. Your data belongs to you. We never sell it. You can request deletion at any time. Nilo AI is operated by Smart Zend LLC.

1Data Controller

The data controller for your personal data is Smart Zend LLC, operator of the Nilo AI platform, accessible at niloai.org.

For privacy inquiries: privacy@niloai.org

2Data We Collect

Account data: Name, email, company name, profile photo (if using Google login). Collected upon registration.

Meeting data: Audio transcripts from your sales meetings. Only processed when you activate recording from the Chrome extension.

CRM data: Contacts, opportunities, and pipeline data you import from your CRM or generate within Nilo AI.

Usage data: Pages visited, features used, session duration, plan type. To improve the product and diagnose errors.

Payment data: Processed entirely by Stripe. Nilo AI never stores, accesses, or processes credit/debit card numbers.

Technical data: IP address, browser type, OS, screen resolution. For error diagnostics and security.

3Legal Basis for Processing

Contract performance (Art. 6(1)(b) GDPR): For core service delivery: transcription, analysis, CRM synchronization.

Legitimate interest (Art. 6(1)(f) GDPR): For platform security, fraud prevention, and product improvement with anonymized data.

Consent (Art. 6(1)(a) GDPR): For optional features such as marketing emails and usage analytics.

4How We Use Your Data

Service delivery: Process transcripts, generate AI-powered sales insights, sync intelligence with your CRM.

Product improvement: Analyze usage patterns to improve features. Always with anonymized, aggregated data.

Communications: Product updates, security alerts, invoices, and operational notifications.

Security: Detect and prevent fraud, abuse, unauthorized access, and suspicious activity.

5Third Parties Receiving Data

We share data exclusively with the following providers, necessary for service delivery:

Anthropic / OpenAI: AI processing for transcript analysis. Data is sent in anonymized form.

Deepgram: Speech-to-text service for real-time transcription.

Stripe: Payment processing. Stripe is PCI-DSS Level 1 certified.

Railway: Application hosting and database.

Neon: PostgreSQL database with at-rest encryption.

Resend: Transactional email delivery (confirmations, alerts, invoices).

We do not sell, rent, or share your personal data with third parties for marketing, advertising, or commercial profiling purposes.

6Data Retention

Account data: Retained while your account is active. 90 days after account deletion.

Meeting transcripts: Per your plan settings. Deletable at any time from the app.

CRM data: While your account is active. Deletable upon request.

Audit logs: 12 months for security and compliance requirements.

Session data: 30 days from last activity.

7Your Rights

Under the GDPR, Argentine Data Protection Law 25,326, and other applicable laws, you have the right to:

Access: Request a complete copy of all your personal data at any time.

Rectification: Update or correct your data from your account settings.

Erasure: Delete your account and all data permanently. Executed within 30 business days.

Portability: Export your data in JSON or CSV format from your account settings.

Objection: Object to processing for marketing purposes at any time.

Restriction: Request processing restriction while a dispute is being resolved.

To exercise any of these rights, contact us at privacy@niloai.org. We respond within 30 business days.

8Data Security

We implement technical and organizational measures to protect your data:

  • TLS 1.3 encryption in transit and AES-256 at rest
  • OAuth 2.0 authentication (Google, GitHub)
  • Access auditing on all critical systems
  • Infrastructure on Railway and Neon with enterprise-grade security
  • Rate limiting and DDoS protection
  • Periodic security reviews
  • Source code access restricted on least-privilege principle

9Cookies & Tracking Technologies

We use strictly necessary cookies for:

  • User session: Maintaining your active session (authentication cookie)
  • Preferences: Remembering your theme and language settings

We do not use third-party advertising or cross-site tracking cookies. We do not use Google Analytics or similar tracking tools.

10International Transfers

Your data may be transferred to and stored on servers located in the United States of America. These transfers are made under appropriate safeguards in accordance with the GDPR, including EU-approved Standard Contractual Clauses.

11Children's Data

Nilo AI is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If we discover that we have collected data from a minor, we will delete it immediately.

12Changes to This Policy

Smart Zend LLC reserves the right to update this Policy. Material changes will be notified 30 days in advance via email. The current version is always available at niloai.org/privacy.

13Contact & DSAR Requests

To exercise your rights, privacy inquiries, or data subject access requests (DSAR):

Smart Zend LLCNilo AI · Privacy Team

Email: privacy@niloai.org

Response time: maximum 30 business days

Are you a contact imported from a user's CRM and want to exercise your rights?

Send a DSAR to privacy@niloai.org with your email and request type (access, rectification, or erasure).

© 2026 Smart Zend LLC · Nilo AI

TermsPrivacySecurity