Privacy Policy

How we collect, use, and protect your personal data on the Nubiq AI Chat Platform.

Last updated: March 2026

1. Data Controller Information

Nubiq AI ("we", "us", "our") acts as the data controller for account-level data (your registration, billing, and platform usage data). When you use the Service to process your end-users' data, you act as the data controller and Nubiq acts as the data processor under our Data Processing Agreement (/dpa). For any questions about this Privacy Policy or your data, contact our Data Protection Officer: • Email: dpo@nubiq.ai • Website: https://nubiq.ai

2. Types of Data Collected

We collect and process the following categories of personal data: Account data: Name, email address, password (hashed), organization name, role, and profile settings. Collected when you register and update your account. Conversation data: Messages exchanged between end-users and your AI chatbot or human agents, including timestamps, channel identifiers, and conversation metadata (tags, status, CSAT scores). Stored to provide chat history and analytics. Documents: Files you upload to build your knowledge base (PDF, DOCX, XLSX, etc.). Processed to generate vector embeddings for AI-powered retrieval. Document contents are stored in Cloudflare R2 and embeddings in PostgreSQL with pgvector. Analytics data: Aggregated usage statistics including message counts, response times, resolution rates, and channel distribution. Used to power your dashboard analytics. Technical data: IP addresses, browser type, device information, and access logs. Collected automatically for security and service improvement. Cookies: We use strictly necessary cookies for authentication (JWT session) and optional analytics cookies. See Section 10 for details.

4. How We Use Data

We use collected data to: • Provide and maintain the Service, including AI chat responses, document retrieval, and multi-channel message delivery • Process your documents into vector embeddings for semantic search (RAG) • Manage your account, subscriptions, and billing through Stripe • Send transactional notifications (password resets, billing alerts, handoff notifications) • Monitor and improve Service performance, reliability, and security • Detect and prevent abuse, fraud, and security threats • Generate aggregated, anonymized analytics and insights • Comply with legal obligations and respond to lawful requests • Provide customer support We do not sell your personal data to third parties. We do not use your conversation data or documents to train our AI models.

5. Data Sharing

We share personal data only with the subprocessors necessary to deliver the Service: • Google LLC (Gemini API): AI text generation and embedding computation. Data sent includes document text and conversation context for generating responses. Google's data processing terms apply. • Cloudflare Inc (R2 Storage): Secure document storage and content delivery. Uploaded files are stored in Cloudflare R2 with encryption at rest. • Stripe Inc (Payments): Subscription billing and payment processing. Stripe receives your billing information (name, email, payment method). Stripe's privacy policy applies. • ClamAV (self-hosted): Malware scanning of uploaded documents. Runs entirely within our infrastructure — no data is sent to external servers. A detailed list of subprocessors with their purposes and DPA links is available at /legal/subprocessors. We may also share data when required by law, to protect our rights, or in connection with a merger or acquisition (with prior notice to affected users).

6. International Transfers

The Nubiq AI platform serves customers globally. Your data may be processed in jurisdictions outside your country of residence, including the United States and the European Union. When personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through: • Standard Contractual Clauses (SCCs) approved by the European Commission • Subprocessor DPAs that include appropriate safeguards • Technical measures including encryption in transit (TLS 1.3) and at rest (AES-256) You may request a copy of the applicable transfer safeguards by contacting dpo@nubiq.ai.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy: Account data: Retained while your account is active, plus 30 days after deletion to allow recovery. Conversation data: Retention period is configurable by you (the customer) in Dashboard → Settings. Default retention: 12 months for active conversations, 6 months for closed conversations. Documents and embeddings: Retained while your account is active. Deleted within 30 days of account termination or when you manually remove them. Billing data: Retained for 7 years as required by tax and accounting regulations. Technical logs: Retained for 90 days for security and debugging purposes. Analytics data: Aggregated analytics (no personal data) may be retained indefinitely. Upon account termination, we will permanently delete your data within 30 days, except where longer retention is required by law.

8. Your Rights (GDPR Art. 15-22)

If you are located in the European Economic Area or a jurisdiction with similar protections, you have the following rights regarding your personal data: • Right of access (Art. 15): Request a copy of the personal data we hold about you. • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data. • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"). • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format or request transfer to another controller. • Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances. • Right to object (Art. 21): Object to processing based on legitimate interest, including profiling. • Right to withdraw consent (Art. 7): Withdraw consent at any time without affecting the lawfulness of prior processing. • Right to lodge a complaint: File a complaint with your local data protection authority. To exercise any of these rights, contact dpo@nubiq.ai. We will respond within 30 days (extendable by 60 days for complex requests). We may verify your identity before processing your request.

9. Chilean Law 21.719 Compliance

For users located in Chile, we comply with Law 21.719 on the Protection of Personal Data. You have the following ARCO rights: • Acceso (Access): Request information about whether we process your personal data and obtain a copy. • Rectificación (Rectification): Request correction of inaccurate, incomplete, or outdated data. • Cancelación (Deletion): Request deletion of your personal data when processing is no longer necessary or lawful. • Oposición (Objection): Object to the processing of your personal data for specific purposes. These rights may be exercised by contacting dpo@nubiq.ai. We will respond within the timeframes established by Chilean law. If you are unsatisfied with our response, you may file a complaint with the relevant Chilean data protection authority.

10. Cookie Policy

We use cookies and similar technologies on the Service: Strictly necessary cookies: Required for authentication and core functionality. These cannot be disabled. • Session cookie: JWT-based authentication token • CSRF token: Cross-site request forgery protection Optional cookies (require consent): • Analytics cookies: Help us understand how the Service is used (page views, feature adoption) • Preference cookies: Remember your settings (theme, language, sidebar state) You can manage cookie preferences at any time through the cookie consent banner or your browser settings. Disabling optional cookies will not affect core Service functionality. The chat widget placed on your customers' websites uses only strictly necessary cookies (session token for the guest chat session).

11. Children's Privacy

The Nubiq AI Chat Platform is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child under 16 has provided us with personal data, please contact us at dpo@nubiq.ai. We will take steps to delete such data promptly. If you are a customer using Nubiq to serve end-users who may include minors, you are responsible for ensuring compliance with applicable child protection laws (such as COPPA in the US or equivalent regulations in your jurisdiction).

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. • Material changes will be communicated via email and/or a prominent notice in the Service at least 30 days before they take effect. • The "Last updated" date at the top of this page indicates when the policy was last revised. • Your continued use of the Service after changes take effect constitutes acceptance of the revised policy. • Previous versions of this policy are available upon request.

13. Contact & Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or your personal data: Data Protection Officer (DPO): • Email: dpo@nubiq.ai General inquiries: • Email: privacy@nubiq.ai • Website: https://nubiq.ai • Support: Dashboard → Help or support@nubiq.ai We aim to respond to all privacy-related inquiries within 5 business days, and to data subject requests within 30 days as required by applicable law.

Related documents: Terms of Service · Data Processing Agreement · Subprocessors

Privacy Policy — Nubiq AI | Nubiq Hub