nembl

Privacy Policy

Last updated: July 1, 2026

1. Introduction

DevOpspolis LLC ("we", "us", "our") operates the Nembl platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using Nembl, you consent to the practices described in this policy.

2. Information We Collect

Account Information

  • Name and email address (required for account creation)
  • Password (stored as a one-way cryptographic hash — we cannot read your password)
  • Timezone and theme preferences
  • Company name and account type (Individual or Business)

Service Usage Data

  • Service requests, tasks, and workflow data you create
  • Chat conversations with AI assistants (stored to maintain conversation history)
  • Audit logs of actions you perform (for security and compliance)
  • Notification preferences and delivery channel configurations (email, Slack, Microsoft Teams)

Automatically Collected Information

  • Session tokens and authentication cookies (for keeping you signed in)
  • Browser-local UI preferences (sidebar state, theme, table density) stored in your browser's localStorage

Information We Do Not Collect

  • We do not use analytics trackers, advertising pixels, or third-party tracking cookies
  • We do not collect device fingerprints, IP-based geolocation, or browsing history outside the Service

3. How We Use Your Information

  • Provide the Service: Authenticate you, process requests, execute workflows, deliver notifications
  • AI Features: Your prompts and relevant context are sent to AI model providers to generate responses. We do not use your data to train AI models.
  • Communication: Send transactional emails (password resets, invitations, trial reminders) and in-app notifications
  • Security: Maintain audit logs, detect unauthorized access, enforce access policies
  • Billing: Process subscription payments and manage your plan
  • Improvement: Diagnose technical issues and improve Service reliability

4. Third-Party Services

We share your information with third-party service providers only as necessary to operate the Service:

  • Amazon Web Services (AWS): Cloud infrastructure, database hosting, authentication, real-time messaging. Data is stored in the US West (Oregon) region.
  • Anthropic: AI model provider for chatbot and workflow agent features. Prompts and contextual data are sent for processing. Anthropic does not use this data for model training.
  • Resend: Transactional email delivery (password resets, invitations, notifications).
  • Chargebee & Stripe: Subscription billing and payment processing. We do not store credit card numbers — payment information is handled directly by Stripe.

We do not sell, rent, or trade your personal information, and we do not share it for cross-context behavioral advertising. Because we do not sell or share your personal information, there is nothing to opt out of — but you may still exercise your privacy rights at any time (see “Your Rights” below).

5. B2B Data Sharing

When you use B2B features (service registry, cross-company requests), certain data is shared with partner companies you connect with. You control what is shared through service policies and visibility settings. Shared data may include service descriptions, request details, and activity updates marked as public. Your internal data (users, policies, workflows) is never shared with partner companies unless you explicitly configure it.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256)
  • Passwords are hashed using industry-standard, salted one-way hashing — we cannot read your password
  • Access to production infrastructure requires VPN and multi-factor authentication
  • IAM-style access control policies govern all data access within the platform
  • Full audit logging of user and system actions (CloudTrail-style)

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Audit logs are retained for compliance purposes. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, dispute resolution).

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Export: Receive your data in a portable format
  • Objection: Object to processing of your data for certain purposes

To exercise these rights, contact us at privacy@devopspolis.com. We will respond within 30 days. For complex or numerous requests we may extend this period by up to 60 additional days where permitted by applicable law, and will notify you of any extension.

9. Cookies and Local Storage

We use only essential cookies for authentication and session management. We do not use advertising, analytics, or tracking cookies. UI preferences (sidebar state, theme, table density) are stored in your browser's localStorage and are not transmitted to our servers.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your data is processed and stored in the United States (AWS US West region). If you are accessing the Service from outside the United States, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

DevOpspolis LLC
Email: privacy@devopspolis.com