Privacy Policy

1. The short version

Niralabs builds an AI tool that helps small businesses watch their public reviews, reply to them, and understand what customers are saying. To do that, we need some data about you and your business. We try to use as little of it as possible, we never sell it, and you can delete your account and your data at any time.

Specifically:

• What we collect: your account info (email, password, business details), the public review URLs you give us, payment info handled by our PCI compliant payment processor, and how you use the app.
• What we DON'T collect: your customers' personal data beyond what's already public on review platforms. We don't track you across the web. We don't sell anything to advertisers.
• How we use it: to actually run the product (monitor your reviews, draft replies in your voice, surface insights), and to bill you correctly.
• Who we share with: a small set of vetted service providers that help us run the product (categories include payment processing, AI processing, public review fetching, hosting, authentication, and email delivery). They only get the minimum data they need to do their job. The full list of categories is below.
• Your rights: access your data, correct it, export it, delete it. Just ask.

The full version follows. If anything is unclear, email privacy@niralabs.ai.

2. Who we are

Nira is a product of Nexaworks LLC, a Texas limited liability company doing business as Nira Labs, that operates the Nira product at niralabs.ai and app.niralabs.ai. In this policy, "Nira," "we," "us," and "our" all refer to Nexaworks LLC d/b/a Nira Labs. "You" and "your" refer to anyone who uses our website or application.

Our legal entity, business address, and registered representative are listed in the Contact section at the bottom of this policy.

This policy explains what data we collect when you visit our marketing site, sign up for an account, use the Nira application, or contact us. It applies to data we collect through the Nira product and its websites. It does not apply to third party services we link to.

3. Information we collect

3.1 Information you give us directly

• Account information: your email address, a password (which we store as a one way hash, never the original), your business name, and any other info you enter on signup.
• Business and location info: your business locations, addresses, the public profile URLs you connect on supported review and social platforms, and any brand voice samples you upload to teach Nira how you write.
• Payment information: when you subscribe, your card details are handled directly by our PCI compliant payment processor. We receive a token, your billing email, the last 4 digits of your card, and the card brand. We never see or store your full card number.
• Communications: when you email or message us, we keep that correspondence so we can help you.

3.2 Information we collect automatically

• Review data: we fetch reviews from the public review platforms you've connected. This includes the review text, star rating, reviewer name (as displayed publicly on the platform), and the date posted. We do not collect anything about the reviewer beyond what's publicly visible on the source platform.
• Social posts and comments: for connected social accounts, we fetch posts mentioning your business and the comments on them, again only what's publicly visible.
• Google Maps ranking data: for businesses on Growth and above, we periodically query Google Maps using your business pin coordinates and the keywords you choose to track. We collect your rank position for each keyword, the public business names of competitors who appear in those results, and their public ratings and review counts. We do not collect any information about the people who searched.
• Usage data: things like which features you use, when you log in, which dashboard tabs you open, and which AI replies you accept or edit. We use this to improve the product.
• Technical data: your IP address, browser type, device type, and similar standard logs. We use this for security, debugging, and basic analytics.

3.3 Information from third parties

• If you sign in with Google, we receive your email, name, and Google profile picture from Google.
• If our review discovery tools find your business on a public platform, we may store basic public business info (address, phone, hours) so we can show it to you in the dashboard.

4. How we use your information

We use your data to:

• Provide the Nira service: monitor reviews on your connected platforms, draft replies in your brand voice, surface insights about sentiment and trends, and send you alerts when something needs your attention.
• Track your Google visibility: on Growth and above, query Google Maps weekly for the keywords you choose, show your rank position over time, and compare you to competitors in your service area so you can decide what to improve.
• Run your account: log you in, charge your subscription, send transactional email (welcome messages, billing receipts, password resets, alerts you've configured).
• Improve the product: understand how features are used in aggregate so we can make them better. We don't tie this back to individual customers when we publish or share results.
• Keep things secure: detect fraud, prevent abuse, debug errors, and protect your account.
• Comply with the law: respond to legal requests if we get one, and fulfill our obligations under tax, accounting, and consumer protection laws.

We do not use your data to train general purpose AI models. We do not sell your data to anyone. We do not share your data with advertisers.

5. Who we share data with

We share data with a small set of vetted service providers that help us run the product. Each one only gets the minimum data it needs to do its job, and we remain the legal data controller for your information throughout. The categories are:

• Payment processing: a PCI compliant payment provider handles your subscription billing. Card details go to that provider directly. We share your email and a customer identifier so charges are routed correctly.
• AI processing: review text and your brand voice samples are sent to a large language model provider to classify reviews and generate replies and insights. By contract, your data is not used to train that provider's models, and the provider retains the data only briefly for safety and abuse prevention purposes before deletion.
• Public review fetching: a data collection provider runs the integrations that pull publicly visible reviews and posts from the platforms you connect. We share the URLs of your public business profiles only.
• Local search data (Google Visibility): a third-party search data provider queries Google Maps on a weekly cadence to retrieve your local ranking results. We share only the keywords you've chosen to track and your business location coordinates. We also use an open mapping service (OpenStreetMap Nominatim) to convert your pin coordinates into a human-readable street address for display in your dashboard.
• Static map imagery: the dashboard map preview is served by a static map tile provider. We share only your pin coordinates, search radius, and competitor pin coordinates so the map image renders correctly.
• Hosting: our application servers and database run on a managed hosting provider, with storage on a major cloud infrastructure provider.
• Authentication and email delivery: if you sign in with a third party identity provider, that provider handles authentication. Transactional email (welcome messages, alerts, billing receipts) is delivered through an email service provider that receives recipient addresses and message content.
• Operational tooling: standard infrastructure tools handle service health monitoring and the scheduling of background jobs. They do not receive any customer data.

We can identify the specific providers we work with on request. Email privacy@niralabs.ai and we'll respond.

We may also share data:

• If we are required to do so by law, regulation, court order, or other valid legal process.
• To protect our rights, property, or safety, or the rights, property, or safety of others.
• If our business is sold, merged, or otherwise transferred, in which case we'll give you notice and a chance to opt out where the law requires it.

6. How AI is involved

Nira's whole point is using AI to help you manage customer feedback. Here's exactly how AI fits in:

• Reading reviews: when a new review is fetched, the review text is sent to a large language model to classify it (sentiment, theme, urgency).
• Drafting replies: when you ask for a reply, the review text and your brand voice samples are sent to the model to generate a draft. You always have the chance to edit or reject before sending.
• Generating insights: we periodically batch process your accumulated reviews to surface patterns and themes (for example, that wait times are trending negative on Friday evenings, or that a particular menu item is your strongest signal in praise reviews). These insights are displayed in your dashboard.

The model provider acts as a processor of this data on our behalf. By contract, your data is not used to train that provider's models. Data sent for processing is retained only for a short time (currently 30 days) for safety and abuse prevention purposes, then deleted.

You can turn off AI auto response from your account settings if you prefer to draft replies yourself. Insight generation can also be paused on request.

7. Cookies and tracking

We use a small number of cookies, all functional. We do not use third party advertising or cross site tracking cookies.

• Session cookie: keeps you logged in across page loads. Set when you sign in, cleared when you log out or after 30 days of inactivity.
• CSRF cookie: protects you against cross site request forgery attacks on state changing endpoints.
• Payment processor cookies: when you go through checkout, our payment processor sets cookies to manage the payment session. They are governed by that processor's privacy policy.

We use a third party analytics tool on the marketing site (niralabs.ai) for basic visitor counts and traffic sources. It uses cookies. You can opt out by enabling "Do Not Track" in your browser, by using a browser that blocks tracking by default, or by emailing privacy@niralabs.ai.

We do not use any other analytics, advertising, or marketing trackers.

8. Your rights

You have rights over your data. Some of these come from specific laws (GDPR if you're in the EU, UK GDPR if you're in the UK, CCPA if you're in California). We honor them for everyone, regardless of where you live, because it's the right thing to do.

8.1 Rights everyone has

• Access: request a copy of the data we have about you.
• Correction: ask us to correct anything that's wrong.
• Deletion: delete your account and your data. Some records (billing records, security logs) may be retained briefly to satisfy legal obligations.
• Export: get your data in a portable format (JSON or CSV).
• Opt out: unsubscribe from nontransactional email (like product updates) at any time. We can't opt you out of essential billing or security email while you have an active account.

8.2 EU and UK users (GDPR)

If you're in the EU, EEA, or UK, you also have the right to object to processing, request restriction of processing, and lodge a complaint with your local data protection authority. The legal bases on which we process your data are: contract (to provide the service you signed up for), legitimate interests (to keep the service secure and improve it), and legal obligations (where the law requires us to process certain data).

8.3 California users (CCPA / CPRA)

If you're a California resident, you have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

8.4 How to exercise your rights

Email privacy@niralabs.ai with your request. We'll verify your identity (usually by replying from your account email), then respond within 30 days. There's no charge.

9. How long we keep data

After cancellation, account data may be retained for up to 30 days for reactivation, billing reconciliation, fraud prevention, or legal obligations. After that, data is deleted from active systems or anonymized unless we are required to retain it longer. Specifics:

• Active accounts: we keep your data for as long as your account is active.
• After cancellation: account data is retained for up to 30 days, then deleted or anonymized in our active systems.
• Backups: database backups are retained for up to 90 days, after which any deleted data is fully purged from backups.
• Billing records: records of invoices and payments are retained as required by tax and accounting law (typically 7 years).
• Security logs: authentication and security event logs are kept for up to 1 year for fraud prevention and incident response.
• Email correspondence: support email exchanges are retained for up to 3 years.

You can request earlier deletion at any time by emailing privacy@niralabs.ai. We will honor verified requests promptly subject to any legal holds.

10. How we protect your data

Security is something we take seriously, both because we have to and because it's the right thing to do. The specifics:

• All traffic to our application is encrypted via HTTPS (TLS 1.2+).
• Passwords are stored as bcrypt hashes, never in plaintext.
• Our database storage is encrypted at rest by our hosting provider.
• Payment card data is handled by our PCI compliant payment processor; we never see your card number.
• Access to production systems is limited to a small number of engineers, each authenticated with multi factor authentication.
• We log security relevant events and review them on a regular schedule.
• We have an incident response process if a security event occurs.

No system is perfectly secure, but we work hard to make ours strong, and we'll let you know if anything affecting your data ever happens.

11. International users

Nexaworks LLC d/b/a Nira Labs is operated from Texas, United States, and our application servers are hosted in the United States. If you use Nira from outside the US, your data will be transferred to and processed in the US.

For users in the EU, EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses where required for these international transfers. By using Nira, you consent to this transfer.

12. Children

Nira is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information about someone under 18, email us at privacy@niralabs.ai and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll let you know by email and by updating the "Last Updated" date at the top of this page. We'll never make changes that materially reduce your rights without giving you notice and a chance to delete your account first.

Older versions of this policy are kept on file. If you'd like a copy of a previous version, email privacy@niralabs.ai.

14. How to contact us

For general support and product questions: nira@niralabs.ai

For legal notices: legal@niralabs.ai

A mailing address is available on written request to legal@niralabs.ai.