Privacy Policy

Last updated: June 12, 2026

1. Who we are & how to contact us

Controller: Nison Consulting, LLC (New Jersey, USA)

Email: evan@nisonco.com

Mailing address: 11 Bennington Ct, East Brunswick, NJ 08816

If we later appoint an EU/UK representative or Digital Services Act (DSA) contact point, we will add those details here.

2. What we collect (some or all, depending on your interactions)

We may collect the following categories of information, depending on the features you use, your account settings, and your region:

• Account & contact data. May include name, email, organization, role, plan tier, and communications with us.
• Billing & payment data. Handled by our third-party payment processor (Stripe). We may receive limited information (e.g., last 4 digits, card type, expiry status, transaction IDs) for fraud prevention, receipts, and support. We do not store full card numbers.
• Usage & device data. May include log files, IP address, device/browser, timestamps, pages/features used, crash/diagnostics, basic location inferred from IP, referral/UTM parameters, and in-product events for reliability and abuse prevention.
• Content & metadata. May include your prompts, uploads, simulated transcripts, project names/tags, and related metadata necessary to run the Services.
• Cookies & similar tech. See Section 7.

3. Sources of information

We may collect information (i) directly from you, (ii) automatically via the Services, and (iii) from third parties and integrations you enable (e.g., SSO, cloud storage, analytics), depending on your interactions.

4. How we use information (purposes & legal bases)

We use information to:

1. Provide the Services (create accounts, authenticate, run simulations, store transcripts, provide support). (GDPR: Art. 6(1)(b) contract).
2. Maintain safety & integrity (abuse/fraud prevention, security, rate limits, troubleshooting, legal compliance). (Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests).
3. Improve and develop features and quality/safety systems (e.g., de-identification, filters, relevance, UX). Where improvement relies on personal data beyond what's strictly necessary, we rely on consent or provide an opt-out control. (Art. 6(1)(a)/(f)).
4. Communicate with you (service messages, transactional emails, and marketing where you have given consent or it is otherwise permitted). You can opt out of marketing any time.
5. Comply with law and enforce our Terms (e.g., DMCA, sanctions/export compliance).

5. Your content, model training, and preferences

• You own your inputs and (subject to the rights of others) your outputs.
• Training & product improvement. We do not use your content to train AI foundation models (ours or anyone else's). We may use de-identified/aggregated signals to improve reliability and safety. Where a feature would rely on user-level signals for improvement, we provide opt-in/opt-out controls.
• You can manage your projects and data in-app where controls are available, and you can contact us at any time about access, export, or deletion.

6. Sharing & disclosure

We share information with:

• Service providers/processors who host, store, or process data under contracts limiting their use to providing services to us (e.g., cloud hosting and database providers, AI model providers, email delivery, analytics, payment processing, customer support).
• Integration partners you enable (only the minimum necessary data to provide that integration).
• Affiliates & corporate transactions. We may share with our affiliates for purposes consistent with this Policy. If we undergo a merger, acquisition, reorganization, or asset sale, personal information may transfer as part of that transaction; we'll honor your privacy choices and provide notice where required.
• Legal & safety. To comply with law, protect rights and safety, and respond to lawful requests.

Model provider (Anthropic, Claude API)

We send prompts and related metadata to Anthropic to generate AI outputs. For API usage, Anthropic states it does not use customer API inputs/outputs to train foundation models by default and may retain API inputs/outputs for a limited period for reliability, security, and abuse prevention (with longer retention if required by law or for policy enforcement). We do not currently enable Anthropic's optional zero-data-retention setting. Your use of Claude-powered features must comply with Anthropic's usage policy and other applicable terms. We may change model providers or routing and will update this disclosure as needed.

We do not sell personal information and do not share it for cross-context behavioral advertising.

7. Cookies & tracking

We use strictly necessary cookies (for example, the session cookie that keeps you signed in) and Google Analytics to understand how the site is used. Google Analytics is on by default until you opt out: a banner on your first visit lets you decline, and declining stops further Google Analytics collection on this device and removes the Google Analytics cookies we can access. If your browser sends a Global Privacy Control (GPC) signal, we treat it as a decline automatically: Google Analytics is disabled before it starts and its cookies are removed on each visit. Your choice is saved in this site's local storage; clearing site data resets it. You can also block or delete cookies in your browser settings; strictly necessary cookies are required for login to work.

8. International data transfers

If personal data is transferred internationally, we rely on appropriate safeguards, such as Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework or equivalent mechanisms, plus supplementary measures as needed. We monitor legal developments and will adjust our approach as required.

9. Data retention

We keep personal data only as long as necessary for the purposes described (including legal, accounting, and reporting requirements). Free accounts or projects may be deleted after reasonable inactivity. You can request deletion of your account and associated data at any time by emailing evan@nisonco.com.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, monitoring). No method of transmission or storage is 100% secure.

11. Your rights

Depending on your location, you may have rights to access, correct, delete, obtain a copy (portability), restrict or object to processing, and withdraw consent. U.S. state laws may grant additional rights to opt out of targeted advertising, sales of data, and certain automated profiling.

California & Colorado (examples)

We do not sell or share personal information. If that changes, we will provide required notices and tools (including a "Your Privacy Choices" link) and honor GPC signals. You may request access, correction, or deletion.

Exercising rights & appeals

Email evan@nisonco.com or use in-product tools (where available). We will verify your identity and respond within required timeframes. If we decline a request, you may appeal by replying to our decision (appeals are reviewed by a different reviewer). You may also contact your regulator.

12. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child provided information, contact us to delete it.

13. Automated processing & AI transparency

We use AI systems to generate simulated personas and synthetic discussions. Outputs are machine-generated and should be reviewed by humans. We do not make decisions with legal or similarly significant effects about you based solely on automated processing.

14. Third-party sites & services

Our Services may link to third-party sites or services. Their privacy policies govern those sites. We are not responsible for their practices.

15. Changes to this Policy

We may update this Policy from time to time. If changes are material, we'll provide notice (e.g., email or in-app). The updated Policy becomes effective when posted unless otherwise stated.

16. Contact

Questions or requests? Email evan@nisonco.com or write to 11 Bennington Ct, East Brunswick, NJ 08816.

Region-specific disclosures

EEA/UK

• Controller: Nison Consulting, LLC.
• Legal bases: As described in Section 4. You have rights under GDPR Articles 12-23, including the right to lodge a complaint with your data protection authority.
• International transfers: We rely on Standard Contractual Clauses and supplementary measures as necessary.

California (CCPA/CPRA)

• We do not sell or share your personal information for targeted advertising.
• You have rights to know, access, delete, correct, and portability.
• We honor Global Privacy Control (GPC) signals.
• Contact us at evan@nisonco.com to exercise your rights.

Other U.S. States

Similar provisions apply under Virginia CDPA, Colorado CPA, Connecticut CTDPA, and other state privacy laws. We do not sell or share personal information.