Nimbus Privacy Policy

Nimbus provides tools for creating groups, splitting expenses, tracking balances, sending payment requests, and optionally connecting third-party services such as Google, Plaid, and Twilio. This Privacy Policy explains what information we collect, how we use it, and the choices available to users.

1. Information We Collect

We may collect the following categories of information:

• Account Information: name, email address, profile photo, phone number, and account identifiers.
• Profile and Payment Information: Venmo username, linked bank connection metadata, and other payment-related profile details a user chooses to provide.
• Expense and Group Information: group names, members, expenses, splits, balances, disputes, payment request links, receipts, and related activity.
• Receipt and Document Information: receipt images uploaded by users, parsed receipt data, and optional Gmail-derived receipt information.
• Contacts Information: phone contacts if a user grants contact permission, used to find friends already on Nimbus or help users add non-app members.
• Location Information: recent location data collected when a user grants location permission, used for nearby-friends suggestions and related product functionality.
• Messaging and Verification Information: phone verification details, payment-request SMS details, and notification tokens.
• Device and Usage Information: basic app, log, and device data needed to operate, secure, and improve Nimbus.

2. How We Use Information

We use information to:

• create and maintain Nimbus accounts;
• enable group expense sharing, balance tracking, and settlement workflows;
• send transactional communications such as phone verification codes and payment requests;
• import and parse receipt data from uploaded images or connected Gmail accounts;
• support optional bank-linking and transaction import features;
• suggest nearby friends or likely participants in group expenses;
• detect abuse, prevent fraud, troubleshoot issues, and secure the service;
• comply with legal obligations and enforce our terms.

3. Google Sign-In and Gmail Access

Users may sign in with Google. If a user separately chooses to connect Gmail, Nimbus accesses Gmail only for receipt-related functionality, such as identifying and extracting purchase details from receipt emails.

Nimbus does not use Gmail data for advertising. Gmail access is limited to the features the user explicitly enables. Users can disconnect Gmail at any time. If Gmail credentials expire or are revoked, Nimbus may require the user to reconnect Gmail before receipt import resumes.

4. Plaid and Financial Data

Nimbus may allow users to connect financial accounts through Plaid for transaction import and related features. Nimbus does not store users' banking credentials directly. Sensitive connection secrets are stored using encrypted secret storage and managed infrastructure.

At launch, Nimbus uses Plaid for account connection and transaction import. Bank transfer features are not part of the current production release. If transfer or wallet features are added in a future release, this policy will be updated as needed.

5. Twilio, SMS, and Phone Verification

Nimbus uses Twilio and related providers for transactional messaging, including:

• phone verification codes;
• payment request messages to non-app recipients; and
• limited account-related transactional communications where applicable.

Recipients may reply STOP to opt out of applicable SMS messages and HELP for help, where supported by the messaging flow.

6. Contacts and Nearby Features

If a user grants contact access, Nimbus may compare phone numbers from the user's contacts against Nimbus users and cache contact-name mappings locally on the user's device to improve friend discovery and non-app member entry.

If a user grants location access, Nimbus may use recent location data to support nearby-friends suggestions. Users can disable location access in device settings.

7. Receipt Images and Storage

Receipt images may be uploaded to secure storage. Nimbus may generate signed or time-limited URLs when a receipt needs to be displayed to authorized users or on a payment request page. Receipt storage is not intended to be publicly accessible by default.

8. Sharing with Service Providers

Nimbus may share information with service providers that help operate the service, including:

• Supabase for database, authentication, and storage;
• Google for sign-in and optional Gmail connectivity;
• Plaid for financial account connectivity and transaction import;
• Twilio for phone verification and SMS delivery;
• Mistral and related AI providers for receipt parsing and extraction;

We share information only as reasonably necessary to provide Nimbus and related services.

9. Data Retention

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Some information may remain in backups, logs, or system archives for a limited period.

10. Security

We use administrative, technical, and organizational measures designed to protect information, including encryption in transit and use of protected storage for sensitive secrets. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your Choices

Users may:

• update profile information in the app;
• disconnect Gmail, Plaid, or other optional integrations where available;
• deny or revoke contacts, location, camera, or notification permissions in device settings;
• opt out of certain SMS messages by replying STOP, where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and may provide additional notice where appropriate.

13. Contact Us

For privacy questions, support requests, or data-related inquiries, contact:

• chaturvediaman101@gmail.com