Privacy Policy
Last updated: 20 June 2026
Nimblesite operates nimblesite.ai and the agent platform at api.nimblesite.ai. This page explains, in plain terms, what we do with your data. It complements the broader Nimblesite privacy policy; where the two differ for the agent platform, this page governs.
Privacy is at the forefront of our minds as we design this system. We understand how concerned everyone is about it, and we treat that concern as a first-class engineering constraint — not an afterthought.
Our approach
- We minimise. We avoid storing personally identifiable information (PII) wherever we can. The platform is built around generic primitives — tenants, agents, wallets, tokens — not your customers' identities.
- We tell you. Whenever we store information that identifies you, we aim to make that obvious — in the dashboard, the docs, or this policy.
- We can't promise what we never controlled. Agents are conversational. Users routinely paste names, emails, addresses, and other PII into chat messages, tool arguments, and configs — often without meaning to. We cannot guarantee that content you or your users send is free of PII, and once it is sent it is processed and may be stored as conversation history.
- We obey the law. We comply with applicable data-protection law, and we honour valid requests to access, correct, or delete personal information.
- We are transparent. If we discover something went wrong — a leak, a breach, an exposure — we will tell affected users and the relevant authorities as the law requires, and we will be straight with you about what happened.
The most important thing to understand
Anything sent to a model — by you or by your own users — is sent to that model's provider.
When you choose a model in your agent config, Nimblesite forwards the prompts, conversation history, and tool data to that provider so it can run the inference. This is not limited to content you send directly: anything the end-users of whatever you build on Nimblesite type into your agents flows to the provider in exactly the same way. That content leaves our systems and is handled under the provider's own privacy policy — not ours. For the time being, we cannot control what those third parties do with the data they receive. Choose your model — and what you and your users send it — accordingly.
Your users will enter personal data into your agents — often without realising they're doing it. It is your responsibility, not ours, to make your own users aware — in your own privacy notice — that what they type is sent to and processed by the model provider you select.
Provider (model_config.provider) |
Where your content goes | Their privacy policy |
|---|---|---|
anthropic |
Anthropic (Claude models) | anthropic.com/legal/privacy |
openai |
OpenAI | openai.com/policies/privacy-policy |
moonshotai |
Moonshot AI PTE. LTD. (Kimi) — Singapore | platform.kimi.ai · user privacy |
deepseek |
DeepSeek (Hangzhou DeepSeek Artificial Intelligence Co., Ltd.) — China | deepseek.com · privacy policy |
minimax |
MiniMax (Nanonoble Pte. Ltd.) — Singapore | minimax.io · privacy policy |
gemini |
Google (Gemini models) | policies.google.com/privacy |
groq |
Groq, Inc. — USA (hosted inference for open models) | groq.com/privacy-policy |
ollama |
Local development only — a local Ollama instance on your own machine | No third party (local-dev convenience; not a hosted/production option) |
Nimblesite may add further providers over time. Whichever model you select, your content is processed under that provider's own privacy policy — check it before sending anything sensitive.
You cannot host your own production models on Nimblesite, and there is no hosted option today that keeps your content off a third-party provider. ollama is a local-development convenience only, not something your production users can use. The privacy-preserving path is the GPU-as-a-Service work described below — not yet available; until it ships, selecting any hosted model means accepting that provider's data handling.
Where we're heading: GPU as a Service
We are working towards a GPU-as-a-Service model that runs inference on infrastructure we control, so your model interactions are not logged or retained by a third-party model host. That will give privacy-sensitive workloads a materially higher level of privacy than routing through external providers. It is on the roadmap, not yet shipped — until it lands, the third-party reality above applies, and we'd rather tell you that plainly than imply otherwise.
Security is the other half of privacy
Privacy guarantees are only as good as the system that enforces them, so we put a huge emphasis on engineering cyber security as tightly as we can, and we defend the platform in depth. How to report an issue is on the For cyber security professionals page.
What we collect
- Account & billing — the email and details you register with, and prepaid-wallet transactions. Card payments are processed by Stripe; we never see or store full card numbers. (stripe.com/privacy)
- Usage — metering and operational telemetry (tokens, container-seconds, request metadata) needed to bill you and run the service. We log structured operational fields, never your secrets.
- Content you send — prompts, tool calls, and results, persisted as conversation history scoped to your tenant so your agents have memory. As above, this can contain PII you or your users include.
- Website analytics — the marketing site uses Google Analytics. You can disable cookies in your browser.
Who can read your conversations
We store your conversations by default — every turn is saved as history so your agents have memory. There is no "don't store" mode today, and no automatic expiry. That history is protected by per-row access control (row-level security) on every request:
- An end-user can read only their own conversations — never another end-user's. If you authenticate your users to Nimblesite (bring-your-own-IdP), each end-user is locked to their own transcript at the database layer.
- You, the tenant operator, can read the conversations under your tenant. Owner, admin, and member roles can list and read your tenant's conversation history — it is your product's data, and your support and audit flows rely on it. So if you run a product on Nimblesite, treat your end-users' conversations as visible to you, and tell your users that in your own privacy notice.
- No other tenant can ever read your conversations. Every row is keyed by
tenant_id; a caller outside the owning tenant gets zero rows. There is no cross-tenant path. - Nimblesite staff do not browse your conversations. Access happens only under a verified incident-response procedure via a direct database connection — never as a routine feature — subject to the breach and transparency commitments above.
Conversations are stored as-is — not end-to-end encrypted, and they can't be: the model has to read them to answer, and a third-party provider runs that model, so there is no way today to send content a model can act on while keeping it hidden from the provider. Encryption and useful inference are fundamentally at odds. The only real control today is data minimisation — don't send anything you wouldn't want stored and forwarded to your chosen provider, and redact sensitive values before they reach the API.
We are looking into a genuinely end-to-end approach as part of the GPU-as-a-Service work described above — running inference on infrastructure we control, so there is no third party that could leak your data. That is a goal, not today's reality.
Deleting conversations. Today, removing conversation data is handled at the tenant level by you, the operator, and we will action a verified deletion request sent to support at nimblesite.ai. Per-end-user self-service delete and export are planned, not yet available. We are also actively considering letting operators turn off their own ability to read end-user conversations, for privacy-sensitive deployments.
Who else touches your data
- Model providers — as described above. This is the main one to understand.
- Stripe — payment processing.
- Infrastructure providers — hosting, database, and CDN/edge services that run the platform, under data-processing terms. Email us for the current subprocessor list.
We do not sell, rent, or trade your personal information.
Breaches
If we discover a breach affecting your data, we will notify affected users and the appropriate authorities within the timeframes the law requires, describe what we know, and tell you what we are doing about it.
Your rights
You can ask us to access, correct, export, or delete your personal information. Email support at nimblesite.ai and we will action it in line with applicable law.
Changes
We may update this policy as the platform evolves — not least when GPU-as-a-Service ships. Material changes are reflected here with a new "last updated" date.
Contact
Questions about privacy, or a request about your data: support at nimblesite.ai.
Reporting a security issue? See For cyber security professionals.