Privacy Policy

At Nido AI, we are committed to protecting your privacy and ensuring the security of your personal data.

This Privacy Policy is designed to help you understand how we collect and process your personal data when you use our Services.

We believe that everyone has the right to control their personal data, and as such, we have also outlined the various rights you have with regards to your personal data, including your right to object to certain uses or the right to access, update or delete your data.

1. Definitions

The capitalized words in this document will have the meaning given below:

  • “Data Controller”: means the person who makes decisions on Your Personal Data. For instance, the Data Controller decides which Personal Data to collect, where to store such data, for how long, etc.

  • “Data Processor”: means the person who uses Your Personal Data on behalf of the Data Controller and under the Data Controller’s instructions. For instance, our hosting services provider acts as Data Controller when it stores Your Personal Data on Our behalf and under Our instructions.

  • “Nido AI” or “We”: means Nido, a Singapore entity registered at Singapore under number 202400465M.

  • “Model”: means any of Our artificial intelligence models that we make available to You as part of Our Services.

  • “Personal Data”: means any data that directly or indirectly relates to You.

  • “Platform”: means the platform We operate.

  • “Privacy Policy”: means this document describing the Processing activities carried-out by Nido AI as Data Controller. This Privacy Policy covers the Processing activities relating to Your use of Our Services.

  • “Processing”: means any operation relating to Your Personal Data (for instance: collection, use, access, transfer, deletion, etc.).

  • “Services”: means any services provided by Nido AI to You, including but not limited to the Platform, the Model, along with any associated software, application and website.

  • “User” or “You”: means any person who subscribes to, accesses or uses Our Services.

  • “User Data”: means

    • the “Feedback”: means Your feedback pertaining to the accuracy, relevance, and effectiveness of the Outputs, including but not limited to any identified discrepancies or errors.

    • the “Prompts”: means any and all instructions, queries or textual cues given by You to the Model in order to generate an Output.

    • the “Outputs”: means any and all content generated by Our Services in response to Your Prompts.

2. Who is the Data Controller ?

2.1. Nido AI as Data Controller

Nido AI”: means Nido, a Singapore entity registered at Singapore under number 202400465M (" Nido AI" or “Nido”, also referred to with the possessive adjective “Our” or “Us”).

Your Personal Data may also be processed by Our affiliate located in the Singapore.

You can contact us :

  • By email at privacy@Nido.sg

2.2. Nido AI as Data Processor

If You are a business, Nido AI may also process Personal Data on Your behalf, as Data Processor.

In such a case, the Processing activities We carry-out are described in the Data Processing Agreement entered into between You and Us.

This Privacy Policy only covers the Processing activities We carry out as Data Controller.

3. What kind of Personal Data do We collect ?

3.1. Personal Data You provide to Us

  • Identity, account and contact data. We collect Personal Data about Your identity when You sign-up to Our Services (first name, last name, email address, identifiers, etc.), when You subscribe to receive information from Us (newsletters, etc.) and/or when You contact Us.

  • Payment and billing information. We collect Your payment details (payment method, applicable fees, etc.) and your billing information (billing address, billing contact, etc.) when You subscribe to Our fee-based Services.

  • Prompts and Outputs. We only use Your Prompts and/or Outputs:

    • To monitor abuse, meaning any breach by You of the Terms of Use or the applicable Terms of Service, or

    • When You report an illicit Output. In such a case, we may use Your Prompt and/or Your Outputs to improve our services.

  • Feedback. Where applicable, We may collect and use the Feedback You provide to Us.

3.2. Personal Data generated by Your Use of Our Services

  • Security Logs. We collect security logs to monitor and analyze system activities, maintain the integrity and security of Our Services, and comply with the applicable security standards and regulatory requirements. These logs document activities such as access attempts, changes made to the Services, and potential security incidents. They may contain information such as IP addresses, timestamps, user actions, and device information.

  • Technical Information. We may use cookies to collect technical information that is essential for the proper functioning of Our Services, such as Your language preferences.

3.3. Personal Data that is indirectly provided to Us

Our Models are trained on data that are publicly available on the Internet, which may contain Personal Data. Consequently, We may use Your Personal Data to train Our Models. We take steps to make sure that Your Personal Data remains protected and secure throughout the training of Our Model. To know more about Your rights regarding the training data set, please refer to Section 8 of this Privacy Policy.

4. Why do we use Your Personal Data?

We use Your Personal Data for the following purposes:

Provide Our Services

  • Create and administer Your account on the Platform.

  • Manage the security of the Services.

  • Generate Outputs based on Your Prompts.

  • Communicate with You for purposes other than marketing.

  • Answer to your assistance requests.

  • Provide technical support (fixing the bugs You notify us).

  • Train Our Models, possibly, if such Personal Data is publicly available, and even if we apply best practices to filter such data.

  • Conduct research and improve the Services.

  • Make aggregated statistics about the use of the Services.

Legal basis: Performance of the contract. Our legitimate interest in (1) providing quality Services and continuously improving our Services and (2) developing Our Models for the purpose of providing them to You.

Marketing operations

  • Send you Our newsletters about Our Services.

  • Lead development.

  • Invite You to Our events.

Legal basis: Your Consent. Our legitimate interests to promote Our Services and to grow Our business.

Commercial Management

  • Contract management.

  • Invoice the applicable fees.

  • Processing Your payment.

Legal basis: The performance of the contract. Our legal obligation to invoice for Our Services.

Dispute resolution

  • Investigate and resolve disputes

  • Enforce Our contract (suspension of Your Account, monitor abuse, etc.)

Legal basis: Our legitimate interest in protecting and exercising Our legal rights. The performance of the contract.

Data Subject Requests

  • Reply to Your requests to exercise Your rights on Your Personal Data.

Legal basis: Our legal obligation to reply to Your requests.

5. How long do We store Your Personal Data ?

We may keep Your Personal Data for as long as necessary to achieve the purposes mentioned in Section 4 of this Privacy Policy. We may retain your Personal Data for longer periods when We are required by applicable law to do so or when it is necessary to exercise Our rights in legal proceedings.

For illustrative purposes, please find below the applicable data retention periods:

Personal Data We use to Provide the Services:

  • Identity and contract/subscription data : for the duration of your registration on the Platform and for 5 years from the end - of your registration for evidentiary purposes.

  • Account data : for the duration of your registration on the Platform and for 1 year from the end of your registration for - evidentiary purposes.

  • Security data: the security logs are stored for 1 rolling year.

  • Technical support/assistance requests: for the duration of the Processing the request and for 5 years from the processing of - Your request for evidentiary purposes.

Personal Data We use for commercial management purposes:

  • Identity, account and contact data, contract/subscription data: for the duration of your registration on the Platform and for 5 years from the end of your registration for evidentiary purposes.

  • Invoices: for ten (10) years from the year-end date.

Personal Data we use for marketing operations:

  • Leads identity and contact data: 3 years from the collection of Your Personal Data.

  • Guests identity and contact data: 1 year from the collection of Your Personal Data, unless You consent to Your Data being stored for a longer period of time.

Personal Data We use for dispute resolution purposes:

  • Prompts and Outputs: for 30 rolling days to monitor abuse, unless you validly opt out, and in case of voluntary reporting of illicit content.

  • Identity, account and contact data, contract/ subscription data: for the duration of your registration on the Platform and - for 5 additional years from the end of your registration for evidential purposes.

  • Legal data (e.g. court decision, legal evidence, etc. ): until the expiration of the appeal period. We may retain such legal data for archival purposes.

Personal Data we use to reply to Your requests to exercise Your rights:

  • Identity, account and contact data and any data regarding your request : for up to three (3) months and for an additional 6 years period for evidential purposes.

6. Who do we share Your Personal Data with ?

We may share Your Personal Data to the following persons on a need-to-know basis:

  • The authorized members of our teams,

  • Financial organizations (banks, etc.),

  • Where appropriate, the competent courts, mediators, accountants, auditors, lawyers, bailiffs, debt collection agencies.

We may also share all or part of Your Personal Data with Our providers. Before engaging with any provider, we conduct audits to assess their privacy and security standards and we sign a dedicated data protection agreement.

Our main providers are:

  • Azure: to host the Platform and any data associated with Our Services. The Platform and the Data are stored in Sweden.

  • Kong: to manage the security of Nido AI’s API. Kong is based in the United States.

  • Lago: to manage the billing of Our Services. Lago is based in France.

  • Mailjet: to send You emails. Mailjet is based in the United States and hosted in the European Union (DPA).

  • Ory: to manage user authentication on the Platform. Ory is based in Switzerland.

  • Stripe: to manage payments. Stripe is based in Ireland and in the United States.

7. Do we transfer Your Personal Data Outside of the European Union ?

We prioritize selecting providers within the European Union that strictly adhere to the GDPR. However, in exceptional cases, we may opt for non-EU providers that meet our high standards of data security and Personal Data protection.

We take the necessary steps to ensure that all contracts with service providers who process personal data outside the European Union have adequate safeguards in compliance with Article 46 of the GDPR. Additionally, We attach the most recent version of the European Commission’s Standard Contractual Clauses to all such contracts.

8. Your rights

You can exercise:

  • Access. You have the right to know if Nido AI processes Your Personal Data. You also have the right to request a copy of such Personal Data and to obtain further information about the way We process Your Personal Data.

  • Rectification. You have the right to update or correct Your Personal Data.

  • Deletion. You have the right to delete and/or ask us to delete Your Personal Data.

  • Objection. You have the right to object to the processing of Your Personal Data. This right does not apply when we have a legal obligation to process Your Personal Data.

  • Consent withdrawal. You have the right to withdraw Your consent to the processing of Your Personal Data at any time.

  • Limitation. You have the right to ask us to freeze the processing of Your Personal Data.

  • Automated decision. You have the right to not be subject to an automated decision (including profiling) and to appeal such a decision. Nido AI does not engage in profiling or automated decision-making in the Processing of Personal Data.

  • Portability. You have the right to obtain and transfer Your Personal Data to another entity.

  • Post mortem. You have the right to tell us how You would like us to process Your Personal Data after your death.

  • Lodge a complaint. You have the right to lodge a complaint before the competent data protection authority, including the French data protection authority (the CNIL).

We will take every step to make sure we reply to Your requests. However, when your request concerns the training of Our Models, it’s important to note that Your rights have technical limitations and fulfilling Your requests might involve a complex technical process.

You can exercise these rights:

  • By sending us an email at privacy@Nido.sg,

9. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time as Our Services continuously evolve. Make sure to check this Privacy Policy frequently.

Last updated