The short version
A friendly summary of how we treat your data. It's here to help you understand — the full text below is what governs, together with any Data Processing Agreement.
- Account & contact details you give us.
- Usage and device data to run the product.
- The content your organization uploads (as a processor).
- To provide, secure and improve the Service.
- To meet legal and contractual obligations.
- Never to train shared models on your data without consent.
- A short list of vetted subprocessors.
- Never sold to advertisers.
- Shared only where the law requires.
- Access, correct, export or delete your data.
- Object to or restrict certain processing.
- Reach our DPO at dpo@nama.ai.
The complete text follows. Section summaries above do not replace it.
01Scope & who we are
This Privacy Policy explains how Nama processes personal data. For data our customers upload to the Service, our customer is the controller and Nama acts as a processor under their instructions and the applicable Data Processing Agreement. For data we collect directly — such as website visitors and account holders — Nama is the controller.
02Data we collect
We collect information you provide (such as name, work email and company), information generated as you use the Service (such as logs, device and usage data), and the content your organization submits to the platform.
03How we use data
We use personal data to provide, secure, support and improve the Service, to communicate with you, and to comply with legal obligations. We do not use Customer Data to train shared models without explicit authorization.
04Legal bases
Depending on the context, we rely on performance of a contract, compliance with a legal obligation, your consent, or our legitimate interests. Under the LGPD we map these to the corresponding legal hypotheses.
05Sharing & subprocessors
We share personal data with a limited set of vetted subprocessors that help us run the Service (for example, cloud hosting and communications). We do not sell personal data. A current subprocessor list is available on request and via the Trust Center.
06International transfers
Where personal data is transferred across borders, we use appropriate safeguards such as standard contractual clauses and, where available, regional deployment to keep data in-region.
07Retention
We retain personal data only as long as necessary for the purposes described here, to comply with legal obligations, or as configured by our customers. Customer Data is deleted or returned at the end of the engagement per the DPA.
08Your rights
Subject to applicable law, you may request access, correction, deletion, portability, and information about how we process your data, and you may object to or restrict certain processing. To exercise your rights, contact our Data Protection Officer at dpo@nama.ai.
09Security
We protect personal data with technical and organizational measures — encryption in transit and at rest, tenant isolation, role-based access and an audit trail. See our Security & governance page for detail.
10Children
The Service is intended for organizations and their authorized users. It is not directed to children, and we do not knowingly collect personal data from children.
11Changes & contact
We may update this Policy from time to time. Material changes will be reflected in the effective date and, where appropriate, notified to you. For privacy questions, contact our Data Protection Officer at dpo@nama.ai.
Data-protection questions?
Our Data Protection Officer and security team can walk you through a DPA, subprocessor list or a data-residency setup.
SSO · RBAC · audit trail · LGPD-ready