Effective date: September 01, 2025
Who we are. This Privacy Policy explains how NiftyBot Inc. (“NiftyBot,” “we,” “us,” or “our”) collects, uses, and shares information when you visit our websites, use our dashboards and portal, and access our application programming interfaces and related services (together, the “Service”). Capitalized terms not defined here have the meanings in the Terms of Service.
You send Source Data from your datasets, and we return Enrichments using advanced AI and third-party data connectors. You choose what to send and which Enrichments to request.
Roles. For routing, processing, and returning Enrichments, we generally act as a processor/service provider. For security, abuse prevention, analytics, product improvement, and model training, we act as an independent controller/business.
Golden Rule for Inputs. You control what you send. Do not send proprietary, confidential, personal, or other sensitive data unless you have all necessary rights and comply with law.
A. Account and Billing Information: name, email, company, role/title, authentication artifacts, billing contact, billing address, tax information, and limited payment details handled by our payment processor.
B. Source Data: your dataset inputs (for example CRM, finance, advertising, legal, supply chain) and your requested enrichment fields.
C. Enrichments: content generated by the Service in response to your Source Data and requests.
D. Technical and Usage Data: logs, request and response metadata, IP address, device and browser type, timestamps, referrers, performance metrics, feature usage, and similar telemetry.
E. Communications: messages you send us such as support requests and feedback.
We rely on contract performance, legitimate interests (security, abuse prevention, analytics, product improvement and model training, and defense of legal claims), legal obligations, and consent where we ask for it. When you submit personal data in Source Data, you represent that you have a lawful basis and required notices and consents.
Indefinite by default. We retain Account Data, Source Data, Enrichments, and Technical and Usage Data as long as necessary to provide, secure, and improve the Service and to develop new features. We may retain de-identified or aggregated information indefinitely. There is no default opt-out of retention or training. Any deviation requires a separate written agreement. We may retain information to comply with law, resolve disputes, enforce agreements, and maintain backups and archives for a reasonable period.
We share information with service providers and subprocessors that support the Service, with affiliates for purposes consistent with this Policy, with professional advisors under confidentiality, as required by law or to protect rights and safety, and in connection with corporate transactions under standard confidentiality.
We do not sell personal information or share it for cross-context behavioral advertising. We do not host third-party ads in the Service.
Processing occurs in the United States. If you access the Service from outside the United States, you authorize transfer and processing in the United States. If a transfer mechanism is required by law, such as EU Standard Contractual Clauses, we may execute it by separate agreement.
We implement reasonable and appropriate technical and organizational measures including encryption in transit, access controls, and monitoring. No system is perfectly secure. You are responsible for securing your environments and API keys. If you believe your account or data have been compromised, contact us.
Control your inputs, validate outputs, and provide end-user transparency. You must provide legally adequate notices to your end users and obtain any required consents before sending their data to the Service.
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or export certain personal information.
How to exercise: contact us with information sufficient for verification. Where we process data as a processor on behalf of a customer, we will forward your request to that customer and assist as required. We may deny or limit requests where an exemption applies.
Categories: Identifiers, customer records, internet or network activity, and inferences.
Sources: you, your use of the Service, and your submissions.
Purposes: as listed above.
Retention: as described in Section 5.
Selling/Sharing: we do not sell personal information or share it for cross-context behavioral advertising.
Sensitive personal information: we do not use or disclose it for purposes that require the CPRA limit-use right.
Non-discrimination: we will not discriminate for the exercise of rights.
The Service is not directed to children. Do not use it to submit children’s data. If you believe we collected personal data from a child, contact us.
We may update this Policy. If we make material changes, we will provide notice. Your continued use after the effective date constitutes acceptance.
