← NOSIBLE World

Privacy Policy

Last updated: April 29, 2026

1. Introduction

NOSIBLE World is operated by NOSIBLE Inc. (“Nosible”, “we”, “us”). This Privacy Policy explains what personal data we collect when you use NOSIBLE World (the “Service”), why we collect it, how we store and protect it, and the rights you have over it. It applies to all users of the Service, regardless of where they are located, and we commit to meeting the standards required by the EU General Data Protection Regulation (“GDPR”) for all users.

If you have any questions about this Policy, please contact us at privacy@nosible.com.

2. Data We Collect

2.1 Demo / unauthenticated mode

When you browse NOSIBLE World without signing in, we do not collect any personal data beyond the anonymous technical data described in section 2.3. No account is created, no identifier is stored server-side, and no profile is built.

2.2 Authenticated accounts

Once you create an account, we may collect and process:

  • Identity data — name, email address, and optionally an organisation name you provide during registration.
  • Authentication credentials — password hashes (never stored in plain text) or OAuth tokens from your identity provider.
  • Billing data — subscription plan, payment method tokens (managed by Stripe; we never see raw card numbers), and transaction history.
  • Usage data — API call logs, filter selections, feature interactions, and session metadata used to improve the Service and enforce rate limits.
  • Support communications — any messages you send to our support or legal teams.

2.3 Technical data (all visitors)

  • IP address and rough geolocation (country-level) for security and abuse prevention.
  • Browser type, OS, and device class for compatibility monitoring.
  • Referrer URL and page-view sequence, for internal analytics only.
  • Error logs and crash reports (via Sentry) for reliability monitoring.

3. Legal Basis and Purpose

We process your data on the following legal bases under GDPR Article 6:

  • Contract performance — to create and manage your account, process payments, and deliver the Service you have subscribed to.
  • Legitimate interests — to detect abuse, secure the platform, troubleshoot errors, and carry out internal analytics that help us improve the Service.
  • Legal obligation — to comply with applicable laws, including financial record-keeping requirements.

4. Data Storage and Security

Your data is stored on servers located in EU and US datacenters provided by [cloud provider — to be specified]. All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Access is restricted to authorised Nosible personnel on a need-to-know basis, and all access is logged and audited.

5. Cookies

NOSIBLE World does not use cookies. No cookie consent banner is displayed, and no cookie preferences are stored. Browser local storage may be used for purely client-side preferences (e.g. UI settings) that never leave your device.

6. Third-Party Processors

We share data with the following sub-processors, each bound by a Data Processing Agreement and, where applicable, the EU Standard Contractual Clauses:

  • Stripe — payment processing and subscription management.
  • Sentry — application error monitoring and session replay.
  • PostHog — product analytics and session recording (no cookies set; server-side only).
  • OpenRouter — LLM request routing for AI-generated content features within the Service.

We do not sell your personal data to third parties, ever.

7. Your Rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data where we no longer have a legal basis to retain it.
  • Portability — receive your data in a machine-readable format and have it transferred to another controller.
  • Restriction — ask us to stop actively processing your data while a dispute is resolved.
  • Objection — object to processing based on legitimate interests, including profiling.
  • Withdraw consent — withdraw any consent you have previously given at any time by contacting us at privacy@nosible.com.

To exercise any of these rights, email privacy@nosible.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Data Retention

  • Account data — retained for the duration of your account and deleted within 30 days of a verified deletion request.
  • Usage logs — retained for 90 days in hot storage for debugging and abuse detection, then deleted or anonymised.
  • Billing records — retained for 7 years to comply with financial regulations.
  • Error reports — retained for 30 days in Sentry, then purged automatically.

9. International Data Transfers

Some of our sub-processors operate outside the European Economic Area. Where data is transferred to countries not deemed adequate by the European Commission, we rely on the EU Standard Contractual Clauses (SCCs, as adopted June 2021) or equivalent transfer mechanisms to ensure your data receives an equivalent level of protection.

10. Contact and Complaints

For any privacy-related enquiries or to exercise your rights, please contact our Data Protection team:

Email: privacy@nosible.com
NOSIBLE Inc., [Registered address — to be confirmed]

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence.