Nassima Privacy Policy

Last Updated: 2nd February 2026

Introduction: Garage Hero L.L.C-FZ, doing business as Nassima (“Nassima,” “we,” “us,” or “our”), is committed to protecting your privacy and handling personal data in compliance with applicable data protection laws. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you use our websites, applications, and services under the Nassima platform (collectively, the “Services”). It also explains your rights and choices regarding your personal data.

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. This Policy is incorporated into our Terms of Service, and any capitalized terms not defined here shall have the meanings given in the Terms. If you do not agree with our practices, please do not use the Services.

Scope: This Privacy Policy applies to personal information that Nassima collects or processes in providing the Services globally. It covers information collected from our direct users (business customers using the Nassima platform) as well as, in some cases, information about individuals with whom our users interact (for example, end-customers whose information is entered into Nassima by a user).

It is important to distinguish these roles: When Nassima collects information about you as a user or account holder of our platform, Nassima is acting as a data controller of that information. This includes data you provide when signing up, billing information, or data on your usage of our platform. In contrast, when you (as a business user of Nassima) input personal information about your end-customers or other individuals into our platform, you are the data controller with respect to that information, and Nassima acts only as a data processor or service provider on your behalf. We process such customer data only under your instructions (through the features of our Services) and as described in our Data Processing Addendum and this Policy. If you are an end-customer of a business that uses Nassima and have questions about your personal information, you should reach out to that business (the data controller) for more information – we only handle the data on their behalf.

This Policy applies to all users of our Services worldwide. Additional privacy disclosures may apply depending on your jurisdiction (for example, see sections for California residents and EU/EEA residents below). Nassima’s practices are designed to be compliant with major regulations like the EU General Data Protection Regulation (GDPR) and US state laws such as CCPA/CPRA.

We collect various types of information from and about users of our Services, including:

(A) Information You Provide Directly: You may provide information to us when you sign up for the Services, fill in forms, enter data into the platform, communicate with us, or otherwise use the features of the Service. This includes:

• Account Registration Data: When you register for a Nassima account, we collect information such as your name, business or company name, business address, email address, phone number, and account login credentials. We may also ask for information about your industry or business operations to tailor the Service (e.g. selecting an industry category). For identity verification and compliance, we might request additional documentation or business license information if needed.
• Billing and Payment Information: If you subscribe to a paid plan or use paid features, we (or our payment processor) collect payment information. This may include your credit card number or bank account details, billing address, and transaction history. Note that payment card information is typically handled directly by our third-party payment processors (like Stripe) and not stored on our systems, aside from basic details needed for records (such as the last four digits of your card, card type, and expiration date).
• Content and Communications: If you use our messaging features or otherwise input text, images, or files into the Services, we will collect and store that content as needed to provide the Service. For example, this includes messages you send through the platform, notes or attachments you add to work orders or customer records, images or logos you upload for your storefront, etc. It also includes correspondence you send to us for support, feedback you provide, or survey responses.
• Optional Information: You might provide optional information such as profile details or preferences. For instance, you could upload a profile photo, or provide a job title, or connect your social media account. Such information is voluntary. If you apply for a job with us via our website, we will collect the information you submit in your application (like your resume/CV, employment history, etc.), but that’s handled under a separate context outside the main Service.

(B) Information Collected Automatically: When you access or use Nassima, we (or our service providers) automatically collect certain technical and usage information through cookies, web beacons, and other tracking technologies. This may include:

• Device and Usage Data: We log information about your use of the Service, including the type of device you use, device identifier (like an IDFA or Android Advertising ID if applicable), browser type and version, operating system, the pages or screens you view on our app or site, your actions on the platform (such as features used, buttons clicked, time and date of access), and the website you visited before coming to our site (referring URL). We also capture IP addresses and general location information inferred from your IP (e.g., city or country level location). This helps us understand where our users are generally located and can be used for fraud prevention and localization.
• Cookies and Similar Technologies: We use cookies and similar tracking tools to enhance your experience and gather data. Cookies are small text files placed on your device. They help us recognize you, remember your preferences, and understand usage patterns. For example, we use session cookies to keep you logged in as you navigate through the platform, and persistent cookies to remember preferences or authentication tokens across sessions. We may also use web beacons (pixel tags) in emails to understand if you open or interact with them. You can control cookies through your browser settings — for instance, you can choose to block or delete cookies. However, note that if you disable certain cookies, parts of the Service might not function properly (like staying logged in). See the “Your Choices” section below for more on cookies.
• Analytics Data: We use third-party analytics services (such as Google Analytics) to collect information about Service usage and user interactions. These analytics services may use cookies and other identifiers to collect information about how you navigate and use our website or app, which helps us improve design and performance. For example, Google Analytics may collect your IP and device information to give us insights like which pages are most visited, how long users stay, etc. (Google provides an opt-out browser add-on if you wish to opt-out of its analytics tracking.)
• Log Data: Our servers keep log files that record requests made to them. These logs may include information like the requesting IP address, access times, pages viewed, and any errors or crashes that occurred. We use this primarily for security monitoring, troubleshooting, and performance optimization.

(C) Information from Third-Party Sources: We may receive information about you from other sources and combine it with information we collect through our Services. For example:

• Third-Party Integrations: If you choose to integrate or connect a third-party service with Nassima, that third party may send us certain information (depending on what you authorize). For instance, if you connect an email account or a calendar, we might receive certain data to facilitate syncing. If you use a single sign-on (SSO) or authentication provider to log in, we may receive an authentication token and basic profile info from them.
• Partners and Resellers: If you were referred to Nassima via an implementation partner, reseller, or marketplace, they might provide us with your basic business contact information so we can provision your account.
• Public Sources: We might obtain contact information or business demographic information from public databases or social media (for example, to pre-populate certain fields or to better tailor our marketing efforts).
• Customers About End-Users: As mentioned, if you are an end-customer whose data is being managed by a business through Nassima, we receive that data from the business (our user). For instance, an auto repair shop using Nassima might input your name, contact info, and vehicle details. In this scenario, we treat this information as Customer Data under the control of that business, and we process it as per our agreement with them (and this Privacy Policy).

(D) Customer Data (End-Customer Information): When you (as a Nassima business user) use the Services to manage your operations, you may collect personal information about your end-customers, leads, or other individuals and store it on Nassima. Examples include:

• Customer contact details (name, email, phone, address).
• Details of orders, projects, or work orders (e.g., descriptions of the job, dates, status).
• Invoices and payment information related to your customers (amounts, due dates, whether paid).
• Communications with customers (message history via SMS, email receipts, etc.).
• Any notes or preferences regarding the customer (e.g., preferred appointment times, special requests).

Important: You are responsible for ensuring that you have a lawful basis (such as the customer’s consent, or a contractual necessity, etc.) for collecting and processing this personal information. We process this Customer Data solely on your behalf and at your direction as part of providing the Service. We do not use your customer data for our own purposes except as needed to provide and support the Service (and as otherwise permitted by our Terms and Data Processing Addendum). If an end-customer has questions or requests (like access or deletion of their data), we will direct those to you, and assist you in fulfilling them as described later under “Your Privacy Rights.”

We do not knowingly collect or solicit personal information from anyone under the age of 16 through the Services (and in many jurisdictions, under 13, which is the minimum age for many online services). Nassima is not directed to minors. If you are a parent or guardian and believe your child under 16 may have provided personal information to us, please contact us at support@nassima.ai, and we will promptly delete such information.

We use the collected information for various business and operational purposes consistent with the provision of our Services and as otherwise described in this Policy. The primary purposes include:

To Provide and Operate the Services: We process data to perform our contract with you – i.e., to deliver the Nassima platform functionality you expect. This includes:

• Setting up and maintaining your account, user profiles, and providing you with the features and tools of the Service.
• Enabling core Service features: for example, using your input data to generate invoices, schedule tasks, send messages to your customers, process payments through Stripe, and manage your storefront or workflow as per your instructions.
• Authenticating you when you log in and ensuring the security of your account (including multi-factor authentication if you enable it).
• Processing transactions and subscriptions, including charging your payment method for subscription fees, and issuing receipts or invoices to you.
• Providing customer support and responding to your inquiries or requests. If you contact us with a question or for troubleshooting, we will use your information (such as your contact info and any relevant Service data) to assist you.

To Maintain, Improve, and Develop the Services: We continually work on improving our platform’s functionality, performance, and user experience. We use information for:

• Analytics: We analyze usage trends and behaviors to understand how our Services are used. This helps identify which features are popular, how users navigate, and where improvements are needed. For instance, we might track that users frequently click a certain button or often drop off at a certain step, indicating a UX issue.
• Research and Development: Using aggregated or anonymized data, we may derive insights to develop new features or products. For example, we might notice an increased demand for a certain integration and prioritize building it. In some cases, we may use machine learning on a composite of business data to improve our AI models (e.g., training an algorithm that can better predict optimal scheduling times). If we use any personal data for model training, we will anonymize or aggregate it so it cannot reasonably identify any individual or specific business. We also honor any commitments (such as an enterprise client’s opt-out) regarding use of their data for improving services.
• Debugging and Performance: Information like logs and device details help us troubleshoot errors, debug crashes, and increase the reliability of our Services. We monitor uptime and load, using data to scale infrastructure appropriately.
• Personalization: We may use data to tailor certain aspects of the Service to you. For instance, remembering your preferences (language, time zone, interface customizations), or recommending certain features you haven’t tried yet based on your usage. We might also personalize communications, such as highlighting a new feature relevant to how you use Nassima.

To Communicate with You: - Service and Account Communications: We will send administrative or transactional communications, such as confirmations of sign-up, invoices or billing notices, password reset emails, customer support responses, and notifications of important Service changes or updates. These are necessary for us to provide the Services, and you cannot opt out of receiving these service-related communications (except by not using the Service). - Announcements and Updates: We may send you announcements about new features, security or compliance updates, release notes, or other news about the Service. If these are not strictly service-critical, we will send them in accordance with applicable law (some jurisdictions consider certain updates as direct marketing which requires consent or an opt-out mechanism). - Marketing Communications: If you have agreed or as permitted by law, we might send you newsletters, promotions, or offers for new products or services. For example, we might email tips on using Nassima effectively, or inform you of new modules you can add. You have the right to opt out of marketing emails at any time (see “Your Rights and Choices” below for how to unsubscribe). We will ensure any marketing email includes an unsubscribe option. We do not sell your personal data to third-party marketers. We may use third-party marketing platforms to send messages, but those parties are acting on our behalf and under our instructions. - Surveys and Feedback: We occasionally may request feedback through surveys. Providing feedback is optional, but if you do, we will use it to improve our offerings. Survey responses may be aggregated and published (e.g., in testimonials or case studies) but only with your consent or after removing personal identifiers.

For Business Operations and Legal Compliance: - Compliance and Protection: We may use your information to enforce our Terms of Service and other policies, to ensure the integrity of our platform, and to protect against fraud, spam, or abuse. For example, we might use automated tools to detect accounts sending excessive spam messages or performing suspicious activities and then take action. We also may use personal data to meet our obligations under applicable laws, such as keeping proper financial records, complying with anti-money laundering regulations when relevant, responding to lawful requests by public authorities, or adhering to data protection laws (like honoring opt-outs or maintaining records of consent). - Legal Process: If we are involved in a dispute, or receive a subpoena or court order, we may process and disclose data as necessary to respond (after taking steps to ensure any disclosure is legally compliant). We may also use data to defend our rights or the rights of others. For instance, if there’s a legal claim that some content you stored is infringing, we might review that content in responding to the claim. - Business Transfers: In the event of a potential or actual merger, acquisition, financing, sale of assets, or bankruptcy of the company, we may use and disclose personal information as part of that transaction as necessary to evaluate and complete it. If a new entity will control the Service, they will still be bound by the applicable laws and the commitments made in this Policy (unless you’re notified otherwise and consent to changes).

Aggregated and De-Identified Data: We may aggregate or de-identify personal information so that it can no longer be linked to any individual (or any specific user or customer). We use such aggregated data for purposes such as generating industry insights, benchmarking, or improving our Service. For example, we might compute that "the average Nassima user sends X invoices per month" or "storefronts in Category Y see an average traffic of Z visitors," and share those insights publicly or with customers. These compilations will not contain any information that identifies you or any individual. Aggregated data is not considered personal information under applicable laws, and we may use it for any lawful business purpose.

We share personal information with third parties only as described in this Policy, including:

(A) Service Providers (Processors): We employ or contract with third-party companies and individuals to facilitate our Services or to perform certain functions on our behalf – these are our Service Providers. They will process your personal information only under our instruction and for the purpose of providing their specific services to us. Examples include:

• Cloud Hosting & Infrastructure: We utilize reputable cloud hosting providers (such as Amazon Web Services or others) to host our application and databases. Your data is stored on their servers, but under our control and encrypted where appropriate.
• Payment Processors: As noted, we integrate with Stripe (and potentially others) to handle payment transactions. If you make or receive payments through Nassima, personal information necessary for processing (like your name, card details, billing info) will be shared with the payment processor. These processors are responsible for securely handling financial data and are contractually obligated to use it only for payment services.
• Communications Providers: We may use email delivery services (for sending verification emails, notifications, etc.) and SMS gateways for text messaging. For example, if the platform sends SMS appointment reminders to your customers, we route those through an SMS API provider. They will receive the message content and recipient phone number to deliver the SMS. We ensure in our contracts that such providers cannot use those details for any purpose other than to send the message. We also use cloud telephony or push notification services for certain features.
• Analytics and Tracking: Third-party analytics tools (like Google Analytics, as mentioned) process usage data on our behalf to provide insights. Advertising or marketing partners may also assist us in measuring the effectiveness of our campaigns (for instance, if we run an ad, an ad partner might tell us if someone who saw the ad later signed up). These partners might use cookies or similar tech on our site (with your consent where required). They generally only receive aggregated results rather than personal data, except for online identifiers like cookies which they use to track campaign performance.
• Support Tools: We use customer support platforms (e.g., a ticketing system or live chat provider) to manage support inquiries. If you contact us for support, your communications will pass through those systems. The providers of these tools may process metadata about the communications (timestamps, routing info) and store the content of chats or emails so we have a history of your support issues.
• Other Vendors: We may use other specialized vendors, such as security auditors, cloud backup services, performance monitoring services, etc. All service providers are subject to confidentiality obligations and are contractually required to protect your information, keep it secure, and use it only for the specific tasks we’ve requested. We strive to only engage providers that have strong data protection practices. We do not allow our service providers to use your personal data for their own marketing or other purposes without your consent.

(B) Within Our Corporate Group: We may share your information with our affiliates, subsidiaries, or parent company (if we have a corporate group) for purposes consistent with this Policy. For instance, if Garage Hero L.L.C-FZ has related entities or a parent holding company, we might share data with them for centralized management or administrative efficiency (e.g., centralized customer support or financial accounting). Any entity within our group that accesses your data will do so under the same confidentiality and security standards as Nassima.

(C) Business Partners and Integrations: If you choose to use third-party integrations or features through the Service, we may share certain information with the third party at your direction. For example, if you integrate a scheduling app, we might send it the necessary data like available times or user info to sync. If we have an in-app marketplace and you install an app, you consent to our sharing of relevant data with that app/provider. We will make it clear at the point of integration what data will be shared. Note that any data you share with a third-party integration is governed by that third party’s own privacy policy, not this one. We are not responsible for the data once you transmit it to a third-party via an integration you enabled.

(D) Legal Requirements and Safety: We may disclose your information when we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, government request, or applicable law, regulation, subpoena, or court order. For instance, if law enforcement with proper jurisdiction requests data in an investigation (through valid process), we may be compelled to provide it. We will attempt to notify you of any such request if permissible.
• Enforce our Terms of Service or other agreements, and investigate potential violations thereof. If necessary, we might disclose information to lawyers or advisors in the course of seeking advice.
• Detect, prevent, or address fraud, security, or technical issues. For example, if you’re attempting to hack the system, we might share relevant logs with cybersecurity consultants or law enforcement to stop the attack.
• Protect the rights, property, or safety of Nassima, our users, or the public. This includes exchanging information with other companies and organizations for fraud protection or to prevent spam/malware.

(E) Business Transfers: As mentioned earlier, if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction. We would ensure the receiving party is bound to respect your personal information in a manner consistent with this Policy (or else we will seek your consent). You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information due to a transaction, as well as any choices you may have regarding your information.

(F) Aggregated or De-Identified Information: We may share aggregated, anonymized information with third parties for lawful purposes. For example, we could publish blog posts or reports with statistics about platform usage, or share metrics with partners. This data will not identify any individual or company. For instance, we might share that “X% of Nassima users schedule automated messages” or “the average invoice amount across all users is $Y,” without revealing any specifics about any user. We may also share de-identified data sets for research or analysis (for example, providing a dataset of usage with personal identifiers hashed or removed, so researchers can analyze performance trends).

(G) With Your Consent: We will share your personal information with third parties in ways other than described above only if you have given us explicit consent to do so. For instance, if you opt-in for a co-marketing promotion with another company, or if you instruct us to share data with a third party that is not an integrated service, we will do so at your direction. You have the right to withdraw such consent at any time, but it will not affect data already shared.

We do not sell personal information to third parties for monetary consideration. In the context of US state privacy laws (like CCPA), “sell” and “share” could include some transfers of data for advertising purposes. Nassima does not share personal data with third-party advertisers for cross-context behavioral advertising except as described (we may use analytics and advertising services to target our own ads to you, but we do not provide your personal data to other companies for them to advertise to you). If that ever changes, we will provide appropriate opt-out mechanisms.

Mobile App Permissions: If you use a Nassima mobile application, it may request access to certain functions or data on your device (such as access to the camera, contacts, or location) to provide specific features. We will ask for your consent before accessing this data. For example, you might allow location access to tag a work order with a location, or camera access to scan a barcode or upload a photo to a customer record. You can always manage app permissions through your device settings and revoke any permission you previously granted. The app will only use device permissions in accordance with this Policy and the intended feature (for example, we won’t access your photos or camera unless you’re actively using a feature that requires it).

We use cookies and similar technologies as noted in Section 1(B). Here’s more detail on how we use them and your choices:

Cookies: Cookies are small text files placed on your device. They can be session cookies (temporary, deleted when you close your browser) or persistent cookies (remain until they expire or you delete them). Nassima uses cookies for several purposes:

• Necessary Cookies: These are essential for the Service to work – e.g., to log you in, keep your session active, and remember items like your language or other preferences. Without these, certain features may not function.
• Functional Cookies: These remember choices you make to personalize the Service, like remembering your dashboard layout, or that you dismissed a particular pop-up so we don’t show it again.
• Analytics Cookies: We and third-party analytics providers use these to collect info about how users interact with our Service (pages visited, features used, etc.) so we can improve it. The information collected is generally aggregated and does not directly identify you.
• Advertising Cookies: If we run ads for our service on other platforms, advertising cookies help measure the performance of those ads and may help in delivering relevant ads to you. For example, if you visited our site, an advertising cookie might note that so that a partner (like Google or Facebook) can later show you an ad about Nassima. We might also use these cookies to limit how many times you see an ad, or to measure if an ad was clicked. Currently, our focus is on first-party usage and analytics; any use of advertising cookies will be in compliance with applicable laws and with appropriate notice/consent.

Web Beacons: Also known as pixels, these are tiny graphic images or scripts that can be included in websites or emails. They often work in conjunction with cookies. For instance, our marketing emails may contain a web beacon that lets us know if you opened the email or clicked a link, which helps us gauge engagement. On our site, web beacons might help record that a certain page was visited.

Do Not Track (DNT): DNT is a browser setting that requests that a web application disable its tracking of an individual user. Currently, there is no uniform standard for how to respond to DNT signals. At this time, our websites do not respond to “Do Not Track” browser signals. We treat all visitors equally, and use cookies as described regardless of a DNT signal. If standards emerge, we will review and may update our practices.

Your Choices for Cookies: - Browser Controls: You can set your web browser to refuse some or all cookies, or to alert you when cookies are being sent. Each browser is different, but look at your browser’s Help or Settings menu for instructions (e.g., in Chrome, you can block third-party cookies; in Safari, you can block all cookies). Keep in mind, if you block cookies, the Service may not function properly (especially for authentication). - Analytics Opt-Out: For Google Analytics specifically, Google provides an opt-out mechanism (a browser add-on: Google Analytics Opt-out Browser Add-on) if you do not want to participate. We respect any such mechanism and data from that browser will not be used by GA. - Advertising Choices: If we use advertising partners that are part of industry self-regulation programs, you may opt out of targeted ads via mechanisms like the Digital Advertising Alliance (DAA) opt-out site (optout.aboutads.info) or the Network Advertising Initiative (NAI) site (optout.networkadvertising.org), or for EU users, Your Online Choices (www.youronlinechoices.eu). Note that opting out of targeted ads doesn’t mean you won’t see any ads – you may still see generic ads not based on your interests.

For mobile app users: your device may have settings to control advertising IDs or tracking (for example, “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android), which we and our partners will respect.

We take the security of personal data seriously and implement a variety of measures to protect it from unauthorized access, alteration, disclosure, or destruction. Our safeguards include:

• Technical Measures: We use industry-standard encryption protocols. For example, data in transit between your device and our servers is encrypted using TLS (HTTPS). We also encrypt sensitive data at rest in our databases (using AES-256 or similar standards). Our infrastructure is protected by firewalls and network security monitoring. We employ intrusion detection systems and conduct regular vulnerability scans and penetration testing. Access to systems requires authentication (and we encourage multi-factor authentication where possible). We maintain audit logs of access to critical systems.
• Organizational Measures: We limit access to personal data to employees, contractors, and agents who need to know that information to operate, develop, or support our Services. Those who have access are subject to strict confidentiality obligations. We provide training to our staff on data protection and security practices. Background checks are performed on employees with significant data access, as allowed by law. We have internal policies for handling data securely and responding to security incidents.
• Account Security: Users of Nassima are responsible for keeping their account credentials secure. Do not share your password with others, and use a unique, strong password. We offer (and strongly encourage the use of) two-factor authentication (2FA) for account login for added security. You should also protect access to your devices that use the Service. Remember to log out of the web application when you’re done, especially if using a shared or public computer.
• Payments: Payment information is processed by PCI-DSS compliant providers. We do not store full credit card numbers or sensitive payment data on our systems; tokenization is used such that only the payment processor handles that sensitive information.
• Incident Response: We have a breach response plan in place. In the event of a data breach or security incident affecting your personal data, we will notify you and the appropriate authorities as required by law. We will also take steps to mitigate the incident and prevent future occurrences.

Despite all measures, it’s important to understand that no security is 100% foolproof. The Internet by its nature cannot be guaranteed to be completely secure. We cannot warrant absolute security of any information you transmit to us. There is some risk that an unauthorized third party could find a way to circumvent our security. You provide your personal data at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel your account has been compromised), please immediately notify us at security@nassima.ai or support@nassima.ai.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business interests. How long we retain specific data depends on the type of data and the purposes of processing. We consider factors such as the duration of your use of the Services, any applicable contractual requirements, and legal obligations (e.g., keeping financial records for accounting/tax purposes).

Generally:

• Account Information: We keep your account information while your account is active and a reasonable period thereafter in case you decide to re-activate. If you delete your account or if we terminate it, we will remove or anonymize personal data associated with your account within a certain timeframe, except as noted below for legal obligations.
• Customer Data: If you are using the Service as a business, you control how long your Customer Data is stored in Nassima. You can delete it at any time. If you delete certain records or your account, we will initiate deletion of that data from our production systems generally within 30 days (except backups). After you stop being a customer, we typically keep your Customer Data for up to 30 days to allow you to export it, as described in our Terms. After that, we delete it or anonymize it, barring any legal requirement to keep it.
• Communication Records: If you contact support, we may retain those communications (emails, chat logs) for a period to ensure we have history (which helps in any future issues and improves our support processes). Typically, support tickets are kept for a couple of years unless you request deletion of a specific conversation and we have no overriding interest to keep it.
• Legal & Compliance: We might retain data for longer if necessary to comply with our legal obligations or to resolve disputes. For instance, we keep invoice and payment records for at least the period required by tax laws (often 7 years). If a dispute or investigation is ongoing, we will keep relevant information until it is resolved. We also retain information as needed to enforce our agreements or to protect our legal rights (e.g., information about past policy violations).
• Backups: Data that is deleted from our active systems may still exist in backup archives. We maintain backups for disaster recovery and continuity purposes. Backup data is kept separate and is protected. Backup retention periods vary, but generally, backups are purged on a rolling schedule (e.g., backup snapshots might be kept for 30-120 days). If feasible, we will expedite deletion from backups upon a valid erasure request, but often the data will simply age out of the backups in the normal course.
• Anonymized Data: We may retain anonymized or aggregated data (which is no longer personal data) indefinitely for analytics, research, and product improvement.

When we no longer have a legitimate need to retain your personal information, we will securely delete or anonymize it. If deletion is not possible (for example, because the data is stored in offsite backups), then we will securely store it and isolate it from further processing until deletion is possible.

Depending on your location and subject to applicable law, you may have certain rights regarding your personal data. Nassima is committed to enabling these rights. These rights may include:

• Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request a copy of that personal data. This allows you to receive a copy of the personal information we hold about you.
• Correction (Rectification): You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. You can also update much of your basic account information by logging into your account settings.
• Deletion (Erasure): You can request that we delete your personal data, under certain conditions. For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and no other legal ground exists. Note that we will retain data where required by law or legitimate interest (see Data Retention above) – for instance, we cannot delete your account data while an active subscription is ongoing, and certain transactional records must be kept for auditing. We will inform you if any data cannot be fully deleted due to such obligations.
• Restriction: You have the right to ask us to suspend the processing of some of your personal data (e.g., if you contest its accuracy or object to us processing it) while we address your request.
• Portability: Under certain conditions, you have the right to request a machine-readable copy of personal data you provided to us, and you can request that we transmit that data to another controller where technically feasible. For example, you could ask for an export of your account’s personal data. Note this right typically applies to data processed based on consent or contract and provided by the user.
• Objection to Processing: You have the right to object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and your particular situation gives rise to an objection. You also have the right to object where we are processing your personal information for direct marketing purposes. If you object to direct marketing, we will stop processing your personal information for those purposes.
• Automated Decision-Making: Nassima does not make any legal or similarly significant decisions about individuals solely by automated means. In the event we introduce significant automated decisions, you’d have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you, without human intervention.
• Withdrawal of Consent: If we have collected and process your personal information based on your consent, you can withdraw your consent at any time. This will not affect the lawfulness of processing prior to withdrawal. For example, if you consented to receive marketing emails, you can withdraw that consent and we will stop sending them. The easiest way is to use the “unsubscribe” link in the email or adjust your account preferences. For any other consents, contacting us to specify what you’re withdrawing works.

To exercise any of these rights, please contact us at support@nassima.ai. We may need to verify your identity and residency to process certain requests (to ensure that the person making the request is the data subject or their authorized agent). For instance, we might ask for you to send the request from the email associated with your account, or require additional verification info. Verification is done to protect your data from unauthorized access or deletion by someone else.

We will respond to your request within the timeframe required by law (for example, under GDPR we generally have one month to respond, which can be extended in complex cases; under CCPA it’s 45 days, etc.). There is usually no fee for making a request, but if requests become excessive or unfounded, we reserve the right (where lawful) to charge a reasonable fee or refuse the request.

Note: If you are an end-customer of one of our users (i.e., your data was entered into Nassima by a business using our platform), you should direct any requests regarding your data to that business (they are the controller of that data). We will assist our business users in responding to such requests as needed (for example, by providing them tools to delete or export your data). If you contact us directly in such a case, we may forward your request to the relevant user and work with them to address it.

Additional Rights for California Residents: If you are a California resident, in addition to the rights above, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) to:

• Know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share personal information. This largely should be covered by this Privacy Policy itself. You also have the right to know if we have “sold” or “shared” your personal information (as defined by CCPA) – Nassima does not sell personal data for money, and while we do share some data for analytics/advertising as explained, we treat such sharing as potentially within CPRA’s definition of “sharing” for targeted advertising, so we provide opt-out choices.
• Request deletion of your personal information (with similar limitations as discussed).
• Request correction of inaccurate personal information.
• Opt out of the “sale” or “sharing” of personal information for targeted advertising. As noted, we do not sell your info for money. If we use cookies or tracking for targeted advertising, you can opt out by using cookie settings or contacting us. We honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing for California residents as required.
• Limit use of sensitive personal information (if applicable). Nassima does not collect or use “sensitive” personal information for purposes that require an explicit limit under CPRA (like using precise geolocation for more than providing the service, or using sensitive data for profiling), aside from what’s strictly necessary to provide the Service.
• Not be discriminated against for exercising these rights (we won’t deny you services or provide different quality just because you exercised your privacy rights).

If you are a California resident and want to exercise any of these rights, please contact us as described. We may have to verify your California residency and identity. You can also designate an authorized agent to make a request on your behalf; that agent must provide proof of authorization and you may still need to verify your identity with us.

Additionally, California’s “Shine the Light” law (Civil Code § 1798.83) gives residents the right to ask companies once a year what personal information they share with third parties for those third parties’ direct marketing purposes. Nassima does not share personal info with third parties for their own direct marketing, but if you have questions about this, you can contact us at support@nassima.ai.

Additional Rights for Other US State Residents: Virginia, Colorado, Connecticut, and Utah (and perhaps others) have new privacy laws with rights similar to CCPA/CPRA. If you are a resident of these states, you have the rights to access, correct, delete, and opt-out of certain processing of your personal data (such as targeted advertising or sale of data). Nassima extends the same core rights to you, and you can make requests in the same way. For sales/targeted advertising opt-outs, we treat them similarly to California (just let us know or use provided opt-outs). If we were to engage in profiling in furtherance of decisions that produce legal or similarly significant effects, you’d have a right to opt out of that as well (we do not currently do so). If you have any specific concerns, contact us.

EEA/UK/Switzerland Residents (GDPR): If you are in the European Economic Area, United Kingdom, or Switzerland, you have the rights outlined earlier (access, rectify, erase, etc.) under GDPR and equivalent laws. You also have the right to lodge a complaint with a Data Protection Authority (DPA) if you believe we have not complied with applicable data protection law. We would appreciate the chance to address your concerns first, so please consider reaching out to us. But you can contact, for example, the UK Information Commissioner’s Office (ICO) or your local DPA.

Legal Bases for Processing (EEA/UK): The GDPR requires us to tell you the legal grounds we rely on to process your personal data. We process personal data on the following bases: (1) Contractual Necessity: for data you provide that we need to provide the Services (for example, we need your email to create your account and authenticate you); (2) Legitimate Interests: for certain processing that is in our legitimate business interests, which are not overridden by individuals’ rights (like improving our product, preventing fraud, or sending admin communications); we carefully consider and balance any impact on you and your rights; (3) Consent: where we ask for consent, such as for marketing emails or certain cookies, and you have the right to withdraw consent at any time; (4) Legal Obligation: where processing is necessary to comply with a law (like maintaining records for tax); (5) Public Interest: rarely applicable for us, but if ever relevant, we would process in the exercise of official authority or public interest tasks (likely not applicable to Nassima’s typical activities). If you have questions about specific bases, please contact us.

Nevada Residents: We do not sell personal information as defined by Nevada law. If you are a Nevada consumer, you can still request that we not sell your personal information in the future by contacting us (though again, we don’t do so).

Nassima is a global service. The personal information we collect may be transferred to and stored on servers in various countries, including the United States, the European Union, or other jurisdictions. As a UAE-based company, your data will likely be accessed or processed in the United Arab Emirates as well.

If you are located outside of the country where our servers or offices are (for example, you are in the EU and our servers are in the US or UAE), your personal data might be transferred across borders. These countries may have data protection laws that are different from those in your country (and in some cases, not as protective).

However, we take measures to ensure that your personal information is transferred in accordance with applicable data protection laws and this Privacy Policy. For instance:

• Standard Contractual Clauses (SCCs): For EEA, UK, or Swiss users, when transferring data out of those regions (to the US or other countries not deemed to have adequate protection by the EU Commission), we rely on approved mechanisms such as the European Commission’s Standard Contractual Clauses. These are contractual commitments between parties transferring data, designed to protect European data when it leaves Europe. We also implement supplementary measures as needed (like encryption in transit and at rest) to ensure an equivalent level of protection.
• Adequacy Decisions: Where applicable, if a country has been deemed by relevant authorities to have an adequate level of data protection, we may rely on that (for example, transfers from the EU to a country the EU has deemed adequate).
• Intra-Group and Vendor Agreements: All our service providers and affiliates that process European personal data must contractually promise to protect it in line with GDPR requirements, often via data processing agreements incorporating SCCs or other permissible safeguards.
• Consent for International Transfer: In certain cases, we may rely on your explicit consent to transfer personal data internationally, if other mechanisms are not available.

You can contact us for more information on the safeguards we use to ensure lawful transfers of your data.

Our Services are not intended for children under 16 years of age (or the relevant minimum age in your jurisdiction if higher). We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on our platform or on or through any of its features, and do not sign up for an account or provide us with any personal details. If we learn that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as soon as possible.

If you believe that we might have any information from or about a child under 16, please contact us at support@nassima.ai. Parents or guardians: if you become aware that your child (under 16) has provided us with personal information, contact us and we will delete it.

Note for certain jurisdictions: If you are in the EU, the general age of consent for data processing is 16, though some member states may lower that to 13. For the US (COPPA), it’s under 13. We choose to err on the side of caution and say 16 as our baseline globally, but will adhere to stricter local requirements if applicable.

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by posting a prominent notice on our site or within the app prior to the change becoming effective. The “Last Updated” date at the top of this Policy will indicate when the latest changes were made.

Please review this Policy periodically for any updates. Your continued use of the Services after any such update constitutes your acceptance of the changes. If you do not agree to the revised Policy, you should discontinue use of the Services and delete your account before the changes take effect.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

Email: support@nassima.ai Address: Garage Hero L.L.C-FZ (Nassima) – Business Center 1, M Floor, The Meydan Hotel, Nad Al Sheba, Dubai, U.A.E.

We will do our best to address your inquiry promptly and thoroughly. Your privacy is important to Nassima, and we welcome your feedback.

Thank you for trusting Nassima with your business and personal information. We are dedicated to protecting your data and enabling your privacy rights.