Simplified Privacy Notice

Privacy Policy

Last updated: December 30, 2025

Ver en Español

Related Documents

View Full Privacy Notice

This is the Simplified Notice. For the complete legal document, see the Full Notice.

1. Introduction

Welcome to Nubiera ("Company," "we," "us," or "our"). We operate an AI-powered chatbot platform that helps businesses automate customer communications through messaging channels like WhatsApp.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services. By using our platform, you consent to the practices described in this policy.

Data Controller Information:

  • Company Name: Nubiera
  • Address: Mexico City, Mexico
  • Email: privacy@nubiera.com
  • Website: https://nubiera.com

    • The data controller responsible for processing your personal data is Nubiera, with registered address in Mexico City, Mexico. For any matters related to the processing of your personal data, please contact us at privacy@nubiera.com.

    2. Information We Collect

    We collect the following types of information:

    Account Information:

  • Name and email address
  • Business name and contact details
  • Authentication credentials

    • Messaging Data:

  • Messages sent and received through the platform
  • Media files (images, audio, documents) shared in conversations
  • Conversation metadata (timestamps, channel information)

    • Google Calendar Data (if enabled):

  • Calendar event information for scheduling appointments
  • We access your Google Calendar only to create, read, and manage appointments on your behalf
  • We do not access calendars other than those you explicitly authorize

    • Technical Data:

  • IP addresses and device information
  • Browser type and operating system
  • Usage analytics and logs

    • AI Processing Data:

  • Conversation content processed by AI models
  • Voice messages transcribed to text
  • Images analyzed for content understanding

    • SENSITIVE DATA (Express Identification per LFPDPPP):

    In accordance with Article 3, Section VI of Mexico's Federal Law for the Protection of Personal Data Held by Private Parties (LFPDPPP), sensitive personal data is defined as data that affects the most intimate sphere of the data subject, or whose misuse could give rise to discrimination or pose a serious risk.

    When using our platform, the following data MAY be considered sensitive depending on its content:

    - Voice messages and transcriptions: May contain biometric voice characteristics

    - Shared images: May reveal information about racial or ethnic origin, health status, or other sensitive characteristics

    - Conversation content: Depending on context, may include health information, religious beliefs, sexual preferences, or political opinions

    IMPORTANT: Processing of this sensitive data requires your express written consent. By using features that involve these types of data, you expressly grant such consent through active acceptance on the platform.

    3. How We Use Your Information

    We use your information for the following purposes:

    Service Delivery:

  • Processing and routing messages between you and your customers
  • Executing AI-powered chatbot workflows
  • Scheduling appointments via Google Calendar integration
  • Transcribing audio messages and analyzing images

    • Service Improvement:

  • Analyzing usage patterns to improve features
  • Training and improving AI models (with anonymized data only)
  • Debugging and resolving technical issues

    • Communications:

  • Sending service-related notifications
  • Providing customer support
  • Sending updates about new features (with your consent)

    • Legal and Security:

  • Complying with legal obligations
  • Protecting against fraud and abuse
  • Enforcing our terms of service

    • Important: We limit our use of Google user data to providing and improving user-facing features. We do not use Google data for advertising or any purpose unrelated to the core functionality of our service.

    4. Google User Data Disclosure

    When you connect your Google account to our platform:

    What We Access:

  • Google Calendar: Read and write access to create and manage appointments

    • How We Use It:

  • We use Google Calendar data solely to schedule appointments requested by end-users through our chatbot
  • Calendar events are created, updated, or cancelled based on chatbot interactions

    • What We Do NOT Do:

  • We do NOT sell Google user data to third parties
  • We do NOT use Google user data for advertising purposes
  • We do NOT share Google data with third parties except as necessary to provide the service

    • Data Retention:

  • Google Calendar event data is stored only as long as necessary to provide the service
  • You can revoke access at any time through your Google Account settings

    • Compliance:

  • Our use of Google data complies with Google API Services User Data Policy
  • We undergo security reviews as required by Google

    • 5. Data Sharing and Disclosure

    We may share your information with:

    Service Providers:

  • Cloud hosting providers (for data storage)
  • AI service providers (OpenAI for language processing)
  • Messaging channel providers (WhatsApp via Evolution API)
  • Analytics services

    • Legal Requirements:

  • When required by law, court order, or government request
  • To protect our rights, privacy, safety, or property
  • To enforce our terms of service

    • Business Transfers:

  • In connection with a merger, acquisition, or sale of assets

    • With Your Consent:

  • When you explicitly authorize sharing with third parties

    • We do NOT:

  • Sell your personal information
  • Share data for advertising purposes
  • Provide data to data brokers

    • 6. Data Security

    We implement industry-standard security measures:

    Technical Safeguards:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for sensitive data
  • Secure authentication mechanisms
  • Regular security audits

    • Organizational Measures:

  • Access controls limiting who can view data
  • Employee training on data protection
  • Incident response procedures
  • Regular backup and disaster recovery

    • Third-Party Security:

  • We carefully select vendors with strong security practices
  • Service providers are contractually bound to protect your data

    • While we strive to protect your information, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

    7. Data Retention and Deletion

    Retention Periods:

  • Account data: Retained while your account is active
  • Conversation data: Retained for 90 days unless you request earlier deletion
  • Analytics data: Retained in anonymized form for up to 2 years
  • Backup data: Retained for 30 days after deletion

    • Deletion:

  • You can request deletion of your data at any time
  • We will delete or anonymize your data within 30 days of request
  • Some data may be retained for legal compliance

    • To Request Deletion:

  • Email: privacy@nubiera.com
  • Subject: "Data Deletion Request"
  • We will verify your identity before processing

    • 8. Your Rights

    Depending on your location, you may have the following rights:

    All Users:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format

    • How to Exercise Rights:

  • Email: privacy@nubiera.com
  • We respond within 30 days
  • We may verify your identity before processing requests

    • Account Settings:

  • Update your profile information through the dashboard
  • Manage notification preferences
  • Revoke third-party integrations (like Google Calendar)

    • 9. For California Residents

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

    Your CCPA Rights:

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

    • Categories of Information Collected:

  • Identifiers (name, email, IP address)
  • Commercial information (transaction history)
  • Internet activity (usage data, browsing history on our platform)
  • Geolocation data (approximate location from IP)
  • Professional information (business name, role)

    • How to Exercise CCPA Rights:

  • Email: privacy@nubiera.com
  • Include "CCPA Request" in the subject line
  • We will respond within 45 days

    • Authorized Agents:

  • You may designate an authorized agent to make requests on your behalf
  • We require verification of the agent's authorization

    • 10. For Mexico Residents - ARCO Rights

    If you are a resident of Mexico, this Privacy Notice is governed by the Federal Law for the Protection of Personal Data Held by Private Parties (LFPDPPP) published in the Official Gazette of the Federation on March 20, 2025, and its Regulations.

    ARCO RIGHTS (Articles 22-26 LFPDPPP):

    - Access (Art. 22): You have the right to know what personal data we hold about you and the conditions and generalities of its processing

    - Rectification (Art. 23): You have the right to request correction of inaccurate, incomplete, or outdated personal data

    - Cancellation (Art. 24): You have the right to request deletion of your personal data from our files, records, and systems

    - Opposition (Art. 26): You have the right to object, at any time and for legitimate cause, to the processing of your personal data

    - Portability: You have the right to receive your data in a structured, commonly used, machine-readable format (CSV, JSON)

    TYPES OF CONSENT (Article 8 LFPDPPP):

    *Tacit Consent:*

    For NON-sensitive personal data, we may assume tacit consent if, after 5 business days from when this Privacy Notice was made available to you, you do not express opposition.

    *Express Consent:*

    Required for financial or patrimonial data. May be granted verbally or in writing.

    *Express Written Consent:*

    MANDATORY for sensitive data. This consent must be granted through:

  • Handwritten signature
  • Electronic signature
  • Express acceptance on our platform through a checkbox or similar mechanism that identifies the data subject

    • By using features that process sensitive data (voice messages, images, content that may reveal sensitive information), you grant express consent through active acceptance on the platform.

    PURPOSES OF DATA PROCESSING:

    *Primary Purposes (do NOT require additional consent - Art. 37 LFPDPPP):*

  • Provision of the contracted automated chatbot service
  • Processing of messages and conversations
  • Appointment scheduling through Google Calendar
  • Technical support and customer service
  • Billing and collection
  • Compliance with legal obligations

    • *Secondary Purposes (REQUIRE your consent):*

  • Sending marketing and promotional communications
  • Use of data for service improvement through artificial intelligence
  • Market studies and satisfaction surveys
  • Sharing information with business partners

    • To deny consent for secondary purposes, send an email to privacy@nubiera.com with the subject "Deny Secondary Purposes" within 5 business days of receiving this notice.

    DATA TRANSFERS AND REMISSIONS:

    *Remissions (Controller to Processor - do NOT require consent):*

    The following providers act as DATA PROCESSORS under our instructions:

  • Cloud storage providers
  • OpenAI (AI processing)
  • Messaging service providers

    • These processors are contractually bound to:

  • Process data only according to our instructions
  • Not process data for different purposes
  • Implement security measures
  • Maintain confidentiality

    • *Transfers (Controller to Controller):*

    Your personal data may be TRANSFERRED to third-party controllers located in the United States for:

  • Analytics services
  • Infrastructure providers

    • These transfers are made with your consent, which you may deny by sending an email to privacy@nubiera.com with the subject "Deny Transfers".

    PROCEDURE FOR EXERCISING ARCO RIGHTS (Art. 28-31 LFPDPPP):

    Send your request to:

  • Email: privacy@nubiera.com
  • Subject: "ARCO Request - [Access/Rectification/Cancellation/Opposition]"

    • Your request MUST contain:

    1. Full name of the data subject

    2. Address or email to communicate the response

    3. Copy of valid official identification (INE, passport, professional license)

    4. Clear and precise description of the personal data regarding which you seek to exercise your rights

    5. Any document or information that facilitates locating your data

    6. In case of rectification, indicate the modifications and provide supporting documentation

    RESPONSE DEADLINES (Art. 31 LFPDPPP):

    - 20 business days: To communicate the determination adopted

    - 15 additional business days: To make the request effective, if applicable

    - Extension: Deadlines may be extended ONCE ONLY for an equal period when circumstances justify it

    FREE OF CHARGE: Exercise of ARCO rights is FREE. Charges may only be made to cover shipping, reproduction, or document certification costs.

    CONSENT REVOCATION:

    You may revoke your consent at any time by sending an email to privacy@nubiera.com with the subject "Consent Revocation". Revocation will not have retroactive effects.

    PROCESSING LIMITATIONS:

  • You may request that we limit the use or disclosure of your data
  • This limitation may affect full or partial service provision

    • CHANGES TO PRIVACY NOTICE (Art. 17 LFPDPPP):

  • Any changes will be communicated through our website: https://nubiera.com/privacy
  • In case of substantial changes affecting your rights, we will request your consent again
  • We recommend reviewing this notice periodically

    • REGULATORY AUTHORITY:

    If you believe your rights have been violated, you may file a complaint with the Secretaria Anticorrupcion y Buen Gobierno (Secretary of Anti-Corruption and Good Governance), the competent authority for personal data protection as of March 2025.

    LAST UPDATE DATE: December 30, 2025

    11. Cookies and Tracking

    Cookies We Use:

  • Essential cookies: Required for platform functionality
  • Authentication cookies: Keep you logged in
  • Preference cookies: Remember your settings
  • Analytics cookies: Understand how you use our platform

    • Third-Party Tracking:

  • We use analytics services to understand usage patterns
  • These services may use their own cookies

    • Your Choices:

  • You can disable cookies in your browser settings
  • Disabling essential cookies may prevent platform functionality
  • You can opt out of analytics tracking

    • 12. Children's Privacy

    Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@nubiera.com, and we will take steps to delete such information.

    13. International Transfers

    Your data may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws.

    Safeguards:

  • We use appropriate contractual protections
  • Service providers are bound by data protection agreements
  • We comply with applicable international transfer requirements

    • EU/UK Users:

  • Transfers outside the EEA/UK are made under Standard Contractual Clauses or other approved mechanisms

    • 14. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting a notice on our platform
  • Sending an email to registered users
  • Updating the "Last Updated" date at the top

    • We encourage you to review this policy periodically. Continued use of our service after changes constitutes acceptance of the updated policy.

    For new types of data processing or new uses of Google user data, we will obtain your consent before proceeding.

    15. Contact Us

    If you have questions about this Privacy Policy or our data practices, please contact us:

    Email: privacy@nubiera.com

    For Data Protection Inquiries:

  • Subject: "Privacy Inquiry"
  • Include your name and specific question

    • For Data Access/Deletion Requests:

  • Subject: "Data Request"
  • Include verification information

    • Response Time:

  • General inquiries: Within 5 business days
  • Data requests: Within 30 days
  • ARCO requests (Mexico): Within 20 business days