NivoGym
nivogym

Privacy Policy

Last updated: April 13, 2026

NivoGym, a NivoCompany product, respects your privacy and is committed to protecting the personal data you entrust to us. This policy describes what information we collect, how we use it, who we share it with and what rights you have over that data.

1. Data we collect

We only collect the data needed to provide the NivoGym platform and improve your experience. The types of data we process are:

  • Account data: name, email, encrypted password, preferred language and profile settings.
  • Your business data: customer records, services, products, appointments, financial transactions, notes and files you voluntarily add to the platform.
  • AI conversation content: messages exchanged with the assistant, agent command history and generated outputs.
  • Collaborator data: name, email and permission level of the collaborators you invite to your workspace.
  • Technical and usage data: IP address, browser type, operating system, accessed pages and usage events, used for diagnostics and security.
  • Payment data: when you purchase a paid plan, we process the data required for billing. Credit card details are handled directly by the payment processor and are never stored on our servers.

2. How we use your data

We use the collected information to:

  • Provide, maintain and improve the platform services.
  • Authenticate users, prevent fraud and protect account security.
  • Process content through AI assistants and execute tasks requested by you or your agents.
  • Issue invoices, renew subscriptions and manage credits.
  • Send essential communications about your account, service updates and operational alerts.
  • Comply with applicable legal, regulatory and tax obligations.

We do not use your business data to train general-purpose AI models nor for any marketing purpose without your explicit consent.

3. Legal basis for processing

The processing of your data is supported by the following legal bases under the GDPR, LGPD and equivalent laws:

  • Contract performance: to deliver the services you have subscribed to.
  • Consent: when you opt into specific features that require explicit authorization.
  • Legitimate interest: for security, fraud prevention and service improvement.
  • Legal obligation: to comply with tax, accounting and regulatory duties.

4. Who we share with

We do not sell your data. We share information only in the following situations:

  • Infrastructure providers: companies that provide hosting, storage, AI processing and notification delivery, all contractually required to protect your data.
  • Your workspace collaborators: the people you invite have access to your business data based on the permissions you assign.
  • Competent authorities: when required by law, court order or to protect rights, safety and integrity.
  • Corporate transactions: in case of merger, acquisition or asset sale, your data may be transferred to the legal successor, always under equivalent protections.

5. Data retention

We retain your data for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes and enforce our agreements. After account cancellation, your data is removed or anonymized within 90 days, unless retention is required by law.

6. Security

We apply technical and organizational measures to protect your data from unauthorized access, loss, alteration or improper disclosure, including:

  • Encryption in transit (TLS) and at rest.
  • Strong authentication with encrypted passwords and verification code recovery.
  • Granular access controls per workspace and collaborator.
  • Logical data isolation between accounts.
  • Continuous monitoring and audit logs.

Despite our efforts, no system is completely immune to risk.

7. Your rights

You have rights guaranteed under the GDPR, LGPD and other applicable laws over your personal data, including:

  • Confirm the existence of processing and access your data.
  • Correct incomplete, inaccurate or outdated data.
  • Request anonymization, blocking or deletion of unnecessary or non-compliant data.
  • Request portability of your data.
  • Withdraw consent and object to processing in certain circumstances.
  • Be informed about who your data has been shared with.

8. International transfers

Your data may be processed on servers located outside your country of residence, including in countries that provide adequate protection levels or through specific contractual clauses that ensure standards equivalent to those required by applicable law.

9. Cookies and similar technologies

We use cookies and local storage to keep you authenticated, remember your preferences (such as language and theme) and measure platform performance. You can block cookies directly in your browser settings, but some features may stop working correctly.

10. Children and minors

NivoGym is not directed at people under 18 years of age. We do not knowingly collect data from children or minors. If we identify personal data of a minor in our systems, we will take steps to remove it.

11. Changes to this policy

We may update this Privacy Policy periodically to reflect legal, operational or product changes. In case of material changes, we will notify you by email or inside the platform with reasonable advance notice. The most recent version will always be available on this page, with the update date shown at the top.