Privacy Policy

1.1 Account Information. When you create an account, we collect identifiers such as name, work email, organization, and authentication credentials (or the OAuth identifier from your identity provider).

1.2 Customer Data. Datasets, files, prompts, configurations, and other content that you or your organization submit to the Service. Customer Data is processed on your behalf under the Terms of Service.

1.3 Usage and Device Data. Logs related to feature usage, performance, errors, IP address, browser, device type, and approximate location, used to operate, secure, and improve the Service.

1.4 Communications. Information you provide when you contact sales or support, respond to surveys, or subscribe to updates.

1.5 Cookies. We use a limited set of cookies and similar technologies. Strictly necessary cookies (for authentication, security, and core functionality) are always active. Any non-essential cookies (such as product analytics) are used only with your consent, which you can grant or withdraw at any time through our cookie controls. We do not use advertising cookies. See our cookie controls for details and to change your choices.

We use the information described above to: (a) provide, maintain, secure, and improve the Service; (b) authenticate users and protect accounts; (c) provide customer support and respond to inquiries; (d) monitor performance, debug issues, and prevent abuse; (e) communicate service notices and, where permitted, product updates; and (f) comply with legal obligations.

3.1 Ownership. Customer Data and Output belong to the Customer. We process Customer Data to provide the Service to you under the Terms of Service.

3.2 Platform Improvement (Shared-Cloud Plans). For accounts on our shared-cloud plans (Starter, Student, and Professional), we may use Customer Data to operate, maintain, secure, troubleshoot, and improve the Niobia platform and its features. We implement these improvements so that one customer's Confidential Information is not exposed to other customers. Where practical, we use aggregated or de-identified data for improvement work.

3.3 No Training of Foundation Models. We do not use Customer Data to train or fine-tune foundation models or any general-purpose models that are made available to other customers or to third parties. Where the Service relies on third-party AI providers, those providers operate under zero-retention and zero-training terms with respect to Customer Data.

3.4 No Sale; Limited Sharing. We do not sell Customer Data or personal information. We share information only as described in Section 4.

3.5 Enterprise Plans - Data Isolation. For Enterprise plans using dedicated single-tenant deployments with customer-controlled keys, or platform-native deployments inside your own cloud or data warehouse (for example, Snowflake or Databricks), Customer Data remains within your controlled environment and is not accessed by Niobia AI for platform improvement. In these models we cannot access raw Customer Data without your explicit, audited permission.

We share information only as needed to operate the Service: (a) with subprocessors that provide hosting, authentication, observability, and email delivery, under written confidentiality and data-protection terms; (b) with your organization's administrators; (c) when required by law or to protect rights, safety, and the integrity of the Service; and (d) in connection with a business transfer, subject to equivalent privacy protections. We do not sell personal information. A current list of subprocessors is available on request and, where published, at the link in our Security documentation.

Account and usage data are retained for the duration of the subscription and for a reasonable period thereafter for legal, accounting, and security purposes. Customer Data is retained according to the Customer's configuration and the Terms of Service, and is deleted upon Customer request or termination, subject to legal retention requirements.

We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, role-based access controls, audit logging, and least-privilege access for personnel. No system is perfectly secure; we continue to invest in our security posture and welcome responsible disclosure.

We may process information in countries other than your own. Where required, we use appropriate transfer mechanisms (such as Standard Contractual Clauses) to provide an adequate level of protection.

Depending on your jurisdiction, you may have rights to access, correct, delete, or port personal information, and to object to or restrict certain processing. For Customer Data, please direct requests to your organization's administrator; we will support our Customers in responding to verified requests as set out in the Terms of Service and any Data Processing Addendum. To exercise rights regarding your own account information, contact us at contact@niobia.ai.

The Service is intended for business and academic use and is not directed to children under 16. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy with a new "Last updated" date and, where appropriate, by additional notice or by requesting renewed acceptance.

For privacy questions or requests, contact us at contact@niobia.ai.