Legal
Privacy Policy
Last updated: March 2026
1. Who we are
NimbusVault is a secure document governance platform operated by NimbusVault Ltd, registered in England. If you have questions about this policy, contact us at hello@nimbusvault.co.uk.
2. What data we collect
We collect only what is necessary to provide the service:
- Account information: email address, name, and organisation name when you register or contact us.
- Usage data: actions taken within the platform (document uploads, access events) recorded in the audit trail for governance purposes.
- Documents: files uploaded to your organisation's NimbusVault workspace.
- Technical data: IP address, browser type, and access timestamps for security and troubleshooting.
3. How we use your data
- To provide, maintain, and improve the NimbusVault service.
- To send transactional communications (sign-in links, account notices).
- To meet legal and compliance obligations.
We do not sell your data. We do not use your data for advertising.
4. Where your data is stored
All data is stored on UK-region infrastructure via Cloudflare. Your documents do not leave the UK. All data is encrypted in transit and at rest.
5. How long we keep your data
Account data is retained for as long as your subscription is active, plus 90 days after termination to allow for data export. You may request earlier deletion by contacting us.
6. Your rights
Under UK GDPR, you have the right to access, correct, or delete your personal data. You may also request a copy of your data in a portable format. Contact hello@nimbusvault.co.uk to exercise any of these rights.
7. Cookies
This marketing website uses no third-party tracking cookies. We use a session cookie to maintain your authenticated state within the NimbusVault application. No advertising or analytics cookies are set.
8. Changes to this policy
We will notify you by email of any material changes to this policy. The current version is always available at nimbusvault.co.uk/privacy.