Privacy Policy
Effective Date: March 29, 2026
Last Updated: March 29, 2026
Nimble PV ("Nimble PV", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website nimblepv.com and related services (the "Service").
By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
1.1 Information You Provide Directly
We collect personal information that you provide directly to us, including:
- Contact Information: Name and email address when you chat with Vera, our AI assistant, or submit an enquiry
- Communication Data: The content of messages you send through the chat widget, contact forms, or email
- Professional Information: Company name, role, and drug development stage — only if you choose to share it
1.2 Automatically Collected Information
We automatically collect certain information when you visit the Site:
- Log Data: IP address, browser type, operating system, and access times
- Usage Data: Pages visited, time spent, features used, and referring URL
- Device Information: Device type and screen resolution
- Session Data: Session identifiers stored in your browser's localStorage to persist your chat history
1.3 LinkedIn Integration Data (Team Use Only)
When authorised Nimble PV team members connect LinkedIn to publish content on the Nimble PV company page, we access LinkedIn via OAuth 2.0. We collect only what is necessary: the access token, organisation ID, and post content. We do not collect, store, or process personal LinkedIn profile data from any third-party users.
2. How We Use Your Information
2.1 Service Provision
- To respond to your enquiries and provide pharmacovigilance advisory services
- To operate the Vera AI assistant and generate relevant responses to your questions
- To send follow-up emails when you initiate a conversation with Vera
- To authenticate authorised team members and manage internal portal access
2.2 Improvement and Analytics
- To improve Vera's knowledge base using aggregated, anonymised chat data
- To analyse usage patterns and improve the Service
- To monitor system performance and reliability
- To conduct research and generate aggregated insights
2.3 Communication
- To send service-related notifications and responses to your enquiries
- To send follow-up emails after chat sessions (best-effort, not guaranteed)
- To send important security or policy updates
2.4 Legal and Security
- To comply with applicable legal obligations
- To detect and prevent security threats or fraudulent activity
- To protect the rights and safety of Nimble PV and its users
We do not sell, trade, or rent your personal information to any third party.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Responding to your enquiry | Legitimate interest / contract performance |
| Sending follow-up emails | Legitimate interest (you initiated the conversation) |
| AI assistant (Vera) responses | Legitimate interest |
| Site analytics and improvement | Legitimate interest |
| LinkedIn API publishing (team only) | Legitimate interest |
| Legal compliance | Legal obligation |
4. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
4.1 Service Providers
With trusted third-party service providers who assist our operations, under strict confidentiality agreements. See Section 7 for the full list of processors.
4.2 Legal Requirements
- When required by law, court order, or government request
- To protect our rights, property, or safety, or that of our users
- In connection with legal proceedings or investigations
4.3 Business Transfers
In connection with a merger, acquisition, or sale of assets, with appropriate notice and choice regarding your data.
4.4 Aggregated Data
We may share aggregated, anonymised data for research or business purposes. This data cannot be used to identify individual users.
5. Analytics and Tracking
We use the following analytics tools:
- Google Analytics 4 — collects anonymised usage data including page views, session duration, and traffic sources. Governed by Google's Privacy Policy.
- Microsoft Clarity — anonymised session replays and heatmaps. No personally identifiable information captured. Governed by Microsoft's Privacy Statement.
Analytics cookies can be opted out through your browser settings. We do not use tracking cookies for advertising or retargeting purposes.
6. Data Security
6.1 Technical Safeguards
- Encryption: All data encrypted in transit via HTTPS/TLS
- Access Controls: Authentication-gated access to all internal tools and databases
- Infrastructure: Private, self-hosted database — no third-party cloud database services
- Secrets Management: API keys and credentials stored as environment variables, never in source code
6.2 Data Minimisation
We collect only the minimum data necessary for service delivery. Analytics data is anonymised. Chat messages are retained per our data retention policy (Section 8) and are not sold or shared with third parties beyond our processors.
No method of transmission over the internet is 100% secure. If you believe your data has been compromised, contact us immediately at [email protected].
7. Third-Party Service Providers
We use the following third-party processors to operate the Service:
| Service | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude) | Powers the Vera AI assistant | Chat message content |
| Resend | Transactional email delivery | Name, email address |
| Voyage AI | Text embeddings for knowledge search | Anonymised text snippets |
| Perplexity AI | Visitor company enrichment (internal tool, team only) | Email domain / company domain |
| LinkedIn API | Company page content publishing (team only) | Post content, organisation ID |
| Google Analytics 4 | Site analytics | Anonymised usage data |
| Microsoft Clarity | Session analytics | Anonymised session data |
All third-party integrations follow industry standards. We do not share your data with any other third parties without your explicit consent, except as required by law.
8. Data Retention
We retain your information for as long as necessary to provide the Service and fulfil legal obligations:
- Chat session data: Retained for up to 24 months from the last interaction, then deleted
- Email correspondence: Retained for 2 years for support and compliance purposes
- Analytics data: Retained per Google Analytics and Microsoft Clarity default policies
- Legal holds: Data may be retained longer if required by law or legal proceedings
You may request earlier deletion at any time — see Section 9.
9. Your Rights and Choices
9.1 Access and Portability
- Request access to the personal information we hold about you
- Obtain a copy of your data in a portable format
9.2 Correction and Update
- Ask us to correct inaccurate or incomplete data
- Update contact details or preferences
9.3 Deletion
- Request deletion of your personal information from our systems
- Request removal of your chat session data
9.4 Restriction and Objection
- Restrict our processing of your information
- Object to marketing communications or non-essential data collection
- Withdraw consent for data processing where applicable
To exercise any of these rights, email [email protected] with the subject line "Privacy Request". We will respond within 30 days.
10. LinkedIn Integration
Nimble PV uses the LinkedIn API solely to publish content to the official Nimble PV company page (linkedin.com/company/nimblepv). This integration is used exclusively by authorised Nimble PV team members and is never exposed to end users.
We request the following LinkedIn API permissions:
w_member_social— post, comment, and react on behalf of the authenticated memberr_organization_social— read organisation posts and engagement dataw_organization_social— publish posts to the Nimble PV company page
LinkedIn access tokens are stored securely as environment variables. We do not access, store, or process the personal LinkedIn data of any third-party users. Our use of the LinkedIn API complies with the LinkedIn API Terms of Use.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your own. Where this occurs, we ensure appropriate safeguards are in place:
- Adequacy decisions: Transfers to countries with adequate data protection recognised by the EU/UK
- Standard Contractual Clauses: EU-approved transfer mechanisms with relevant processors
- Your rights: You retain all rights under applicable data protection laws regardless of where processing occurs
12. Children's Privacy
The Service is not directed at children under the age of 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such data, we will delete it immediately. Contact us at [email protected] if you believe this has occurred.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on this page with a revised "Last Updated" date
- Provide at least 30 days' notice for significant material changes
- Continue to respect your privacy choices and rights
Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, or wish to exercise your rights, please contact us:
Nimble PV — Privacy Enquiries
Email: [email protected]
Subject line: "Privacy Request"
Website: nimblepv.com