Nano AI logo
Nano AI
/

Trust & Transparency

NanoAI Privacy Policy

Last updated: April 2024

This document explains how NanoAI collects, uses, stores, and protects the prompts, assets, and account details you share when using our studio.

Scope. Applies to every NanoAI website, desktop client, mobile experience, and API call.

Data footprint. We store prompts, outputs, and billing metadata strictly to provide and improve the studio.

Retention. Free workspaces keep creative assets 30 days; paid workspaces retain up to 12 months by default.

Contact. support@nanoai.love handles access, export, deletion, and DPA requests within 30 days.

Information We Collect

We gather the minimum amount of information needed to authenticate you, render images, and secure the platform. You can review or delete most records inside NanoAI at any time.

Account essentials: Email address, password hash or OAuth identifiers, workspace names, avatar, and billing details when you subscribe.

Usage signals: Prompts, uploaded inspiration files, generated outputs, feature toggles, device fingerprints, IP-derived region, and performance telemetry.

Support history: Messages, attachments, and troubleshooting notes when you contact support or participate in research interviews.

How We Use Information

Your data powers the experience you asked for. We do not sell or rent personal information; we only process it to deliver, secure, and improve NanoAI.

Service delivery: Authenticate sessions, allocate GPU time, render, store, and share your creations with teammates you invite, and process payments.

Product quality: Aggregate telemetry and prompt statistics to tune models, design new workflows, and debug outages without identifying you directly.

Security and compliance: Monitor abuse, block automated scraping, enforce rate limits, investigate fraud, and comply with export, tax, and accounting obligations.

Sharing & Processors

We only share information when a vendor is required to run NanoAI or when the law compels us to do so. Each processor signs a data protection agreement with strict confidentiality obligations.

Core infrastructure: Hosting, object storage, content delivery, observability, and cache providers process encrypted data under regional residency rules.

AI model partners: We transmit prompts and references to compute partners strictly to fulfill a requested generation. Partners may not reuse your content to train third-party models.

Legal and safety requests: We may disclose information if required by law, court orders, or to protect someone from imminent harm, but we will notify you whenever legally possible.

Cookies & Local Storage

Cookies keep you signed in, remember preferences, and help us understand aggregate performance. We keep their footprint deliberately small.

Essential cookies: Authentication and security cookies maintain your session, route traffic, and prevent cross-site request forgery. They are required to use NanoAI.

Performance & analytics: First-party analytics cookies track feature adoption and latency. They do not follow you across other websites or sell behavioral data.

Controls: You can clear cookies in your browser or use private browsing. Doing so may sign you out, but the core experience still works with minimal degradation.

Storage, Retention & Security

We design the studio with layered security. Encryption is standard at rest and in transit, and access to personal data is tightly logged and reviewed.

Regional storage: Primary data centers operate in the United States with failover in the EU. Enterprise plans can request EU-only storage.

Retention windows: Outputs stay 30 days on the Free plan and 365 days on paid plans unless you delete them sooner or configure a shorter window in workspace settings.

Security controls: Role-based access, hardware security modules for encryption keys, quarterly penetration tests, and incident response playbooks protect your data.

Your Controls & Rights

Regardless of where you live, we extend the same privacy controls so you can understand, export, or remove your information without friction.

Access & export: Download your prompts, generations, and billing history from workspace settings or by emailing support@nanoai.love.

Deletion: Delete individual assets, clear prompt history, or close your account to remove data from active systems. Backups roll off within 30 days.

Communication choices: Marketing emails include an unsubscribe link. Transactional messages are limited to receipts, policy updates, and critical incidents.

International Data Transfers

When data leaves your region we rely on standard contractual clauses, encryption, and strict access reviews to maintain protection levels.

Safeguards: We map every transfer, document processors, and require them to match our security posture with regular audits.

EU, UK, and California residents: You can invoke GDPR, UK GDPR, or CCPA rights using the same contact channels. We respond within 30 days and note the reason if we need extra time.

Need a custom DPA or want to exercise a privacy right?

Email support@nanoai.love with your workspace ID and request details. Our security and legal teams review every message and reply within one business week.

Primary contact: support@nanoai.love

Mailing address: NanoAI Inc., 44 Tehama St, San Francisco, CA 94105