NivoBack

Privacy Policy

Last updated: March 3, 2026

1. Who We Are

Nivo is operated by Sizzle ("we," "us," "our"). This policy describes how we collect, use, and protect your personal information when you use the Nivo email platform.

2. Information We Collect

Account information: Name, email address, and Google account profile data provided during sign-up or OAuth connection.

Email data: Email messages, metadata (sender, recipients, subject, timestamps), thread information, and attachments when you connect your Gmail account. This data is fetched via the Gmail API and stored in our database to power classification, drafting, and management features.

Calendar data: Calendar events fetched from Google Calendar when you enable calendar features.

Contact data: Contact names and email addresses derived from your email history.

Voice data: Voice recordings are processed in real-time for transcription and are not stored. Text-to-speech audio is generated on-demand and cached temporarily.

Billing data: Payment information is handled entirely by Stripe. We store your Stripe customer ID and subscription status, but never your card number.

Usage data: Logs of actions taken (emails processed, credits used) for billing accuracy and debugging.

3. How We Use Your Data

We use your data exclusively to:

  • Classify, prioritize, and manage your emails
  • Draft email responses on your behalf
  • Provide voice-based email review and management
  • Generate insights and briefings about your inbox
  • Manage your calendar events
  • Process billing and enforce usage limits
  • Improve the Service and fix bugs

4. Third-Party Services

We share data with the following third parties solely to provide the Service:

  • Google APIs: To read/send/manage email and calendar on your behalf.
  • Anthropic (Claude): Email content is sent to AI models for classification and draft generation. Anthropic does not use your data for training.
  • OpenAI: Voice data is sent for transcription and text-to-speech generation.
  • Stripe: Billing and payment processing.

We do not sell, rent, or trade your personal data to any third party.

5. Data Storage & Security

Your data is stored in MongoDB Atlas with encryption at rest. Google OAuth tokens are encrypted with AES-256-GCM before storage. All traffic is encrypted via TLS. Sessions use secure, httpOnly cookies. We implement rate limiting, CSRF protection, and input validation throughout the application.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data (emails, contacts, threads, billing records, preferences, memories, and voice profiles) is permanently deleted from our servers within 30 days.

7. Your Rights

You have the right to:

  • Access: View all data we hold about you (available in Settings).
  • Delete: Permanently delete your account and all associated data from Settings.
  • Disconnect: Remove individual email accounts from Nivo at any time.
  • Revoke: Revoke Google API access through your Google Account settings.
  • Export: Contact us to request a full data export.

8. Cookies

Nivo uses a single session cookie to maintain your login. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Children's Privacy

Nivo is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top indicates the most recent revision.

11. Contact

For privacy inquiries or data requests, email us at bear@timetosizzle.com.