Privacy & Security Policy.

Privacy Policy

Nimbata complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States.  Nimbata has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Nimbata is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Introduction

Nimbata is committed to protecting the confidentiality, integrity, and availability of our customers’ data. Information required from our users is the minimum in order to perform our services.

The sections that follow describe our privacy and security policy, which relates to Nimbata’s publicly-accessible website and the Nimabta account portals or apps for our products and services. Nimbata deals with two types of personal data. One type is provided by people who access our website. For this type Nimbata has direct connection to the data and acts as a Controller entity. The other type is for personal data pertaining to the end-users of our customers. For this type of data Nimbata has not direct interest and acts as a Processor. More details about the definition of Controllers and Processors can be found at the EU General Data Protection Regulation website. Nimbata has no responsibility or liability for third party web sites, which are linked to our site. Please refer to their privacy policy for details.

In this Policy, the words “our,” “us,” “we,” and “Nimbata” refer to Nimbata, LLC. and our affiliates, including any person or entity that controls us, is controlled by us, or is under common control with us. This policy covers information we collect both as a controller and a processor when engaging with our app.

Nimbata reserves the right to modify this policy. Any changes will be in effect 30 days after they are posted in our web site.

Consent

By using the Nimbata site, app and services you acknowledge and consent to the terms of this Privacy Policy. If you do not agree to the terms and conditions of this Privacy Statement, including having your personally identifiable information used in any of the ways described in this Privacy Statement do not provide us with your information. If you don’t provide us with your information you may not be able to use certain parts or features of the website, app or the services.

Information We Collect And How We Use It (As Controllers)

Information Provided by You Directly

We collect information needed in order to fulfill your requests, which may take place using a form on our web site, when you call us or you send us an e-mail. If you just need to know about our services we will require contact information, such as your name, address, telephone number and e-mail address so that we can respond to your request.

Information Collected Automatically

When visiting the Nimbata Site, we and the service providers acting on our behalf, automatically collect certain data using tracking technologies, such as cookies and web beacons.

This data is used to understand how visitors of the Nimbata site or app are using it and which pages and features are most popular. It also helps us to improve our website and track performance of our advertisements. In addition, tracking technologies are used to help improve the navigation experience on the Nimbata site and app and to determine propensity to purchase.

Our site includes various types of cookies to enhance the user experience. These include:

  • Required: These cookies make it possible for you to access our account portal, navigate within the portal, and access information related to your account.
  • Functional: These cookies help you optimize your experience with the app, as they remember preferences or settings so that you don’t have to change them on each visit.
  • Performance: These cookies collect data on the visitor experience with the Nimbata site or app. It includes time spent on site, pages visited, etc. Third party providers currently used for performance include: Hotjar, Google Analytics and Optimizely.
  • Targeting & Advertising: These cookies are used to primarily track the performance of our advertising. Third party providers currently used for targeting & advertising include: Bing Ads, Google Adwords, Doubleclick, Facebook Audiences and Linkedin Ads.

Web Beacons are similar to cookies and they are used to improve the website functionality

Account Information

If you subscribe to our services, we will also need information that relates to the relationship between Nimbata and the customer (or subscriber). This may include: billing, contact, credit card information and in some cases the Tax Identification Number. All personal information is accessible and can be modified by the respective subscribers.

This account information is collected so that we know who you are and so we can communicate with you about your account, and we can recognize you when you communicate with us through the Nimbata app.

Your email address and your account password are used to authenticate your account and allow you to access your application. If two factor authentication is set up for your account, we’ll ask you to enter a telephone number to which we will communicate verification codes to verify that it is you logging into your account. When you sign up for a paid account or upgrade your account from a trial account, we’ll ask you to provide our payment processor (Stripe/Paypal) with information like your credit card data and/or your billing address. Our payment processor, acting on our behalf, gathers this so that we can bill you for your use of our services and will generally share your billing address with Nimbata.

For some products such as Tracking Numbers (in certain countries), we may have to obtain a physical address from you in order to abide by local regulations. This information may be kept on record and shared with the telecommunications carrier from whom Nimbata obtained the phone number from or local government authorities upon their request. Unless prohibited by law, we will always let you know if we have to share your address under such circumstances.

Furthermore, when you interact with our customer support team, sales team or account management team, you will be asked to give your account information and share with us the question or problem you’re experiencing. We gather this information so that we can help you with your question or problem.

If using a Nimbata API, you will also be given access to an authentication key specific to your account. This will be used in connection with making requests to our platform. We keep a record of these credentials, so that we know that it is you making the requests.

Usage Information

Customer Usage Information includes operational information like call logs, origination and termination points (i.e. to/from phone numbers), call traffic routing information, API requests or app activity information.

We collect this information so that we can appropriately manage and route customer traffic, analyze and improve our products and services, and identify and solve problems that may come up. We also collect it so that we can properly bill you for your use of our services and to support regulatory requirements, such as calculation and reporting of tax or similar obligations.

Information We Collect And How We Use It (As Processors)

Our customers are generally marketing agencies or businesses that use the Nimbata products and services to track performance of their marketing campaigns, sales teams or operations. As such, our customers have their own customers or users that we are reporting on (called end-users).

Nimbata does not interact directly with our customers’ end-users. Instead, end-users interact with our customers’ websites or contact our customers (or their customers) via phone, text or form, which may interact with our products and services. End-users visiting a site which has Nimbata tracking code on it or end-users that call a phone number that is managed by a Nimbata customer, should check the customer’s terms of service and privacy policy to find out how information is collected, used, stored and shared. We are not responsible for our customers’ privacy policies or privacy practices.

Our customers who use the Nimbata app, products and services, act as the controllers of personal data for the end-user For residents in the EU and Switzerland, it is important to emphasize that by calling our phone numbers, Nimbata operates only as a processor, and is not a controller in relation to any personal information processed about you.

In cases where there are special agreements between the customer and Nimbata, if the special agreements and this policy are in conflict, those special agreements will apply.

Customer Content

Customer Content consists of information obtained from the communications aspect of the Nimbata products and services, such as phone calls. We may collect Customer Content in connection with your use of the services to transmit voice calls to and from the carrier networks. In doing so this information is exchanged to route calls appropriately, and present that information in our app and API. In case recording and transcriptions are enabled, we will also collect those recordings or transcriptions.

If you are using our tracking code on your web properties, we also may collect (on your behalf) information on your visitors such as their IP address, landing page, referring URL, and online ads that led them to your site. The tracking code uses cookies to identify visitors in order display the correct tracking number to your end users and associate ensuing phone calls to the correct visit.

Customers have the control over which information they want to collect and what they are doing with that information. We simply provide the tools to collect the information.

Customer content is used primarily for the purposes of reporting in your account and app or through our API. We convey it to and from telecommunications carrier networks, record and transcribe it as per your instruction. Customer content stored on our systems may also be used to to troubleshoot issues or manage call quality concerns.

Information Sharing

As controllers or processors, Nimbata or its successor(s) may share your information in the manner and for the purpose described below:

  • Third-party service providers: We may share information collected with third-party service providers or consultants who need access to the data to perform their work on Nimbata’s behalf. For example a website analytics company or our third-party advertising partners may use this information for their task at hand. Such service providers are limited to only accessing and using this data to provide services to Nimbata and must provide reasonable assurances that they will appropriately safeguard the information.
  • In compliance with the law: We may disclose your information if necessary (i) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) to obtain legal advice; (iii) to protect ourselves, other customers, or the public from harm or illegal activities. If Nimbata is required by law to disclose any of your information that directly identifies you, then we will use reasonable efforts to provide you with policy of that disclosure requirement, unless we are legally prohibited from doing. We will not positively respond to requests that were not issued properly.

As a processor, Nimbata will not share customer content, customer account data or customer usage data with any third parties. However, usage data may be shared with communication providers and telephony operators so that they may route and connect communications from the caller to the intended recipient. How those providers and telephony operators handle your Customer Content and Customer Usage Data is generally determined by those operators’ own policies and applicable regulations.

In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, Nimbata is potentially liable.

Nimbata does not sell or provide any of your information to third parties unless it is done for purposes as outlined above.

International Operations With E.U. & Switzerland

When using our app, products or service, your account data, customer content and usage data may be sent to the United States and possibly other countries. While some of this may be in connection with routing your communications in the most efficient way, we also store customer information on servers located in the United States. We may also store this information on servers and equipment in other EU countries however.

When transferred, we take appropriate steps to protect your privacy, personal data and interests, including encryption during transit and storage and in accordance with applicable law. Transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.

Nimbata commits to provide to individuals the contents of their data and the capability to correct or erase personal data on their behalf.

In compliance with the Privacy Shield Principles, Nimbata commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact:

Spyros Photopoulos                                privacy@nimbata.com

Chief Privacy Officer                               Phone: (888) 340-8380

Nimbata, LLC

10 Pole Plain Rd

Sharon, MA 02067

Nimbata has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

Promotional Emails

We may use your email address to send you information about other Nimbata products, services, or events that you might be interested in. In doing so, we will have obtained your prior consent before marketing to you.

You can choose not to receive marketing promotions from Nimbata at any time by unsubscribing in the email or through the settings in the app.

Children’s Privacy

Nimbata does not intend the site, app and services to be used by individuals under the age of 16. We do not seek or knowingly collect any personal information on children under 16 years of age. If we discover we have received any personal information from a child under the age of 16 in violation of this Policy we will make commercially reasonable efforts to delete such information from our database as quickly as possible. If you believe we have any information about anyone under the age of 16, please contact us at privacy@nimbata.com.

Data Retention And Destruction

Information collected by Nimbata is retained indefinitely and available to our client for as long as they remain a client in good standing. If a client cancels their account (or is terminated for any reason), we cannot guarantee that their data will remain if they wish to return later. Customers can use the Nimbata redaction features to remove sensitive data from the app. However, while an automatic data sunset policy does not exist today, we plan to incorporate one in the near future. If you wish to have your data redacted or fully scrubbed, please contact us at privacy@nimbata.com and we will under reasonable efforts expedite the request.

Security

We take measures to protect the security of our customers’ and our customers’ end-user information both online and offline. These vary based on the sensitivity of the information that we collect, process and store and the current state of technology. While we strive to protect your information, we cannot guarantee that unauthorized access, hacking, information loss or an information breach will never occur. Security practices that we follow include:

  • Secure physical facilities with round-the-clock surveillance, multi-factor authentication, redundancy zones, and logging. Our data centers reside with Amazon Web Services (AWS), which complies with AICPA SysTrust, ISO 27001, and other leading physical security frameworks.
  • Employing best practices for network security and taking preventative measures include network firewalls, denial-of-service (DoS) and distributed-DoS prevention.
  • Data encryption and SSL to securely access any data from the site or app.
  • Strict data privacy, multi-level access and restrictions to only authorized employees and agents for the exclusive purpose of delivering our services.
  • If a spam caller is detected, we provide tools to block those calls from our app. We regularly also report such instances to local carriers.

Sub-Processors

Nimbata uses sub-processors like Amazon AWS, Twilio, Plivo and others, to facilitate specific communication applications. An up to date list of all Sub-processors Nimbata engages with, can be found below:

NameDescription / UseCountry
Amazon Web ServicesInformation technology infrastructure and storage of dataUSA
TwilioTransmission to or from Nimbata to the customer’s telephone network and termination point(s).USA
PlivoTransmission to or from Nimbata to the customer’s telephone network and termination point(s).USA
FlowrouteTransmission to or from Nimbata to the customer’s telephone network and termination point(s).USA
Google CloudTranscription services, converting audio to text.USA

Contact Information

Nimbata LLC | privacy@nimbata.com

Last Updated: Oct 2018