← Back to home

Privacy Policy

Effective date: May 7, 2026 · Applies to websites, apps, and online services operated by Nano Owl (“Nano Owl,” “we,” “us,” or “our”). Have legal counsel review before relying on this document in production.

Thank you for reading Nano Owl’s Privacy Policy. We aim to explain—in plain language—what information we collect, why we collect it, how we use and share it, and the choices you have. Some legal wording is still necessary where regulations require it.

Our privacy principles

To honor our commitment to respecting and protecting your privacy, we follow these principles:

We identify what personal information we collect and seek consent where required before collection, use, or disclosure.
We collect personal information only for identified purposes and limit collection to what is reasonably necessary.
We use and disclose personal information for those purposes (or as you consent, or as law permits), and retain it only as long as needed.
We work to keep personal information accurate, complete, and up to date where appropriate.
We protect personal information with safeguards appropriate to the sensitivity of the information.
We strive to be transparent about our practices and to respond when you ask questions or exercise your rights.
We are accountable for our handling of personal information and welcome feedback about this Policy and applicable law.

1. Where this Privacy Policy applies

This Privacy Policy applies to our websites, downloadable or desktop applications, cloud-hosted features, marketing pages, support interactions, and other services we operate (collectively, the “Services”). We link to this Policy where it applies.

Certain offerings may be governed by a separate privacy notice or data processing agreement (for example, enterprise customers). Where a dedicated policy applies, that document controls for those offerings—not this Policy.

2. Information we collect

We collect information in three broad ways: you provide it, it is collected automatically when you use the Services, and we receive it from third parties in limited circumstances.

2.1 Information you provide directly

Contact and identity: name, email address, organization, role, phone number (if you choose to share it), and the contents of messages you send us.
Account and billing (if applicable): account identifiers, subscription plan, billing address or postal code, payment references (we typically do not store full card numbers—see Section 4), invoices, and tax identifiers where required.
Content you submit: prompts, chat messages, uploaded documents (including PDFs), images, audio, video, attachments, and metadata embedded in files you upload.
Preferences: settings such as language, notification choices, and feature toggles.
Support materials: screenshots, logs, or reproduction steps you voluntarily provide when troubleshooting.

2.2 Information we collect automatically

When you use the Services, we collect certain technical and usage information, including:

Usage information: features used, clicks, searches, session duration, approximate timestamps, referral URLs, crash or error reports, API call patterns (where applicable), and similar telemetry needed to operate and improve the product.
Device and environment: device type, operating system and version, browser type and language, screen resolution, IP address (which may indicate coarse location), carrier or ISP information (for mobile), and diagnostic data when the app experiences a crash or performance issue (which may include limited contextual state such as memory pressure or app version).
Identifiers: cookies, local storage tokens, software identifiers, and similar technologies used for authentication, security, analytics, and remembering preferences (see Section 3).

2.3 Information from your device with permission

Some features require access to device capabilities. We request permission where your operating system requires it, and you can revoke access in device settings (which may disable related features).

Camera and photo library: if you capture or choose images (for example, to solve a problem from a photo or to generate image-based content), we access only what you submit for processing.
Files and storage: to import documents you select or to save exports (for example, rendered images or videos) to storage you designate.
Microphone: only if you use voice input features that explicitly require audio capture.

2.4 Information from third parties

Payment processors: status of transactions, limited billing details, and fraud signals.
Authentication or workplace integrations (if offered): basic profile details from an identity provider when you choose to sign in or connect an integration.
Partners and referrals: limited campaign or attribution data when you arrive via a partner link or advertisement.
Public sources: information that is lawfully public, where relevant to security or compliance.

3. Cookies and similar technologies

Like most online services, we use cookies, pixels, local storage, session tokens, and related technologies. These help us authenticate sessions, remember preferences, measure traffic, understand feature usage, deliver and measure advertising (if we run ads), maintain security, and prevent abuse.

We may use first-party and third-party analytics tools to understand aggregate usage trends. Analytics data may be combined across users so that it does not reasonably identify any individual.

You can control cookies through your browser settings. Blocking or deleting cookies may affect login state, preferences, or certain features. Some mobile environments provide parallel controls for app tracking or analytics.

Some browsers support a “Do Not Track” (DNT) signal. There is no consistent industry standard for how to respond to DNT. We may not respond to all such signals.

4. Payments and billing data

We use PCI-compliant third-party payment processors to collect and process payments. We generally do not store full payment card numbers or CVV/CVC on our own servers. We may retain transaction references, subscription status, billing history, and information needed for accounting and taxes.

5. How we use information

We use personal information for the following purposes (and as otherwise described at collection or allowed by law).

5.1 Provide and improve the Services

Create and maintain accounts (if offered), authenticate users, and deliver features such as tutoring, image generation, video creation, and document analysis.
Process prompts and content you submit through AI or media pipelines hosted by us or subprocessors.
Provide customer support, respond to requests, and communicate about service changes, incidents, or security.
Complete purchases, manage subscriptions, and send transactional messages (receipts, renewal notices where permitted).
Debug, maintain reliability, optimize performance, and develop new features.

5.2 Personalization and cross-device experience

Where you use the Services across multiple devices or browsers while signed in, we may associate activity using account identifiers, partial IP data, device fingerprints, or similar signals to keep settings consistent. You may limit some associations by signing out or adjusting device settings.

5.3 Safety, security, and integrity

Detect, prevent, and respond to fraud, abuse, spam, malware, credential stuffing, and circumvention of technical limits.
Investigate violations of our Terms of Service or policies and enforce our agreements.
Monitor for harmful or illegal content submitted through the Services in accordance with law and our policies.

5.4 Marketing and communications

Where permitted, we may send product updates, tips, or promotional messages by email or in-product notices. You can opt out of marketing communications using the unsubscribe link or by contacting us. We may continue to send essential non-promotional notices (for example, billing or security alerts).

5.5 Advertising (if applicable)

If we or our partners display ads, we may use limited identifiers or hashed segments to measure campaigns or deliver relevant ads. Where required, we will obtain consent before using certain advertising technologies.

5.6 Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR-style laws apply, we rely on one or more of the following legal bases:

Contract: processing necessary to provide the Services you request.
Legitimate interests: for example, securing the Services, improving features, and understanding aggregate usage—balanced against your rights.
Consent: where we ask for consent for a specific activity (you may withdraw consent at any time, without affecting prior lawful processing).
Legal obligation: where we must process data to comply with law.

5.7 Photos, media, and sensitive processing

If you upload photos or videos that contain faces or similar biometric characteristics, we process such content only to deliver the features you invoke (for example, stylization, segmentation, or tutoring assistance). We apply minimization and retention limits described in Section 10. We do not sell biometric templates derived from your uploads. Depending on jurisdiction, additional notices or consent may apply—review supplemental disclosures in-product where provided.

5.8 AI training and model improvement

Unless we clearly disclose otherwise and obtain any consent required by law, we do not use your private chats or confidential uploads to train models for unrelated purposes in a way that associates outputs with your identity. We may use aggregated, de-identified, or sufficiently anonymized data to measure quality and improve reliability.

6. How we share information

We share personal information in the circumstances below.

6.1 Service providers (processors)

We use vendors for hosting, content delivery, databases, security, email delivery, analytics, payment processing, customer support tooling, and AI inference infrastructure. They process data on our instructions and under contractual confidentiality and security obligations.

6.2 Affiliates

We may share information with corporate affiliates for internal administration, security, analytics, and service improvement, consistent with this Policy.

6.3 Business transactions

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will require the successor to honor protections consistent with this Policy or inform you of changes.

6.4 Legal and safety

We may disclose information if we believe in good faith that disclosure is reasonably necessary to:

Comply with law, regulation, legal process, or governmental requests;
Protect the safety of any person or prevent illegal activity;
Investigate fraud, security issues, or technical problems;
Protect our rights, property, users, or the public.

6.5 Enforcement

We may share information to enforce our Terms of Service, investigate suspected violations, or defend against legal claims.

6.6 With your direction or consent

We may share information when you ask us to—for example, connecting a third-party integration—or when you otherwise consent.

6.7 Aggregated or de-identified data

We may share statistics or insights that do not reasonably identify you. We may combine personal information in hashed or non-human-readable form with partners for measurement or advertising as described in Section 5.5.

We do not sell your personal information for monetary consideration as that term is commonly defined in U.S. state privacy laws. If our practices change, we will update this Policy and any legally required disclosures.

7. Cross-border data transfers

We may process and store information in the United States and other countries where we or our service providers operate. If you access the Services from the EEA, UK, Switzerland, or other regions with data transfer rules, we implement appropriate safeguards (such as Standard Contractual Clauses) where required.

8. Your rights and choices

Depending on where you live, you may have the right to:

Access a copy of your personal information;
Correct inaccurate information;
Delete certain information, subject to legal exceptions;
Restrict or object to certain processing (including direct marketing);
Receive data you provided in a portable, machine-readable format and request transmission to another controller where technically feasible;
Withdraw consent where processing is consent-based;
Lodge a complaint with a supervisory authority.

Rights may be limited where fulfilling a request would reveal another person’s data, impair security, conflict with legal retention duties, or where we have compelling legitimate grounds permitted by law.

To exercise rights, email support@nano-owl.com. We may verify your identity before responding. If you are unsatisfied with our response and EU/UK law applies, you may contact your local data protection authority.

9. How we protect your information

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include access controls, encryption in transit where appropriate, vendor reviews, and employee training.

No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, notify us immediately at support@nano-owl.com.

10. Data retention

Retention periods vary by data category and legal requirements. Illustrative defaults include:

Account data: for as long as your account remains active and for a reasonable period afterward to resolve disputes, enforce terms, or comply with law.
Transactional records: typically up to seven years where accounting or tax rules require retention, unless a shorter period applies.
Support tickets: for the duration needed to resolve your issue plus a limited retention window for quality assurance.
Content submitted for AI processing: retained only as long as needed to provide the feature, maintain safety logs, or comply with law; some ephemeral processing may not produce long-term storage.
Marketing preferences and suppression lists: retained as needed to honor opt-outs.

Automated deletion may take time across backups and caches. Residual copies may persist for a limited period for disaster recovery or integrity checks.

11. Children’s privacy

Our Services are not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children without appropriate parental or guardian consent where required.

If you are a minor, use the Services only with the consent and supervision of a parent or legal guardian. If you believe we have collected information from a child without proper consent, contact us and we will take appropriate steps to delete it.

12. Third-party services and links

The Services may contain links to third-party websites, embeds, or SDKs. Their privacy practices are governed by their own policies. We encourage you to read those policies before providing information to third parties.

13. Third-party privacy policies (reference)

Depending on the features enabled in our applications or websites, components provided by third parties may apply their own policies. Examples commonly used in comparable products include:

Payments: Stripe Privacy Policy
Analytics (example): Google Privacy Policy · Google Analytics Terms
Cloud infrastructure (example): provider privacy notices for AWS, Google Cloud, or Azure—linked from those providers’ sites.
Advertising networks (if used): for example Google Advertising or partner ad networks—refer to in-app disclosures.

This list is illustrative and may not reflect every vendor integrated into your build; see in-product notices or your order documentation for the definitive list.

14. Changes to this Privacy Policy

We may update this Policy from time to time. We will revise the “Effective date” at the top and, where required, provide additional notice (for example, email or in-product banner). Continued use of the Services after the effective date constitutes acceptance of the updated Policy, except where law requires explicit consent.

15. How to contact us

Questions about this Privacy Policy or our privacy practices: support@nano-owl.com.