Privacy Policy

Welcome to NIMAR (Forbmax.ai). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, your rights, and how you can contact us.

If you have any questions or concerns about this notice or our practices regarding your personal information, please contact us at [email protected].

This policy applies to all information collected through: Our website forbmax.ai (“Site”), our mobile and web applications, our marketing activities, and any related services (collectively referred to as the “Services”).

When you use NIMAR, we collect various types of information to provide you with our services and improve your experience. This information may include:

When you register an account, use our Services, or otherwise interact with us, we collect the personal information you voluntarily provide, including your name, email address, uploaded data (such as your files etc), and any other content you submit through the platform.

When you interact with our web application and Services, we automatically collect information about your device and usage, such as your IP address, browser type, operating system, referring URLs, pages visited, and actions taken.

We process your information based on legitimate business interests, to perform a contract with you, to comply with our legal obligations, and/or based on your consent.

Specifically, we use your data to:

• Facilitate secure user authentication and role-based access control.
• Track user activities for audit trails, analytics, and system monitoring.
• Process uploaded content through AI models with anonymization where applicable.
• Store user preferences to enable a personalized dashboard experience.
• Manage user-uploaded media in S3 with privacy-preserving references.
• Index content for intelligent search while masking personal data where needed.
• Log user events via Kafka for real-time processing.
• Protect personal data with encryption, access control, and compliance practices.

We may share user data with authorized third-party services to operate, enhance, and support NIMAR functionalities:

• Service Providers: S3 (media storage), Elasticsearch (content indexing), Kafka (event streaming), Redis & Celery (task queuing), and other infrastructure components() for AI model processing and analytics.
• Analytics & Monitoring Tools: Integrated platforms used for performance tracking, user behavior analysis, and system optimization.
• Business Continuity: In the event of a merger, acquisition, or restructuring, user data may be transferred as part of the business transaction.
• Legal Obligations: Personal data may be disclosed when required to comply with applicable laws, regulations, or enforceable government requests.

All third-party services are contractually bound to maintain data confidentiality, apply strict security measures, and comply with relevant data protection standards.

In NIMAR we do not use cookies or similar tracking technologies (e.g., pixels, tags) for storing user data or preferences.

• We use bearer tokens for secure user authentication and session management.
• No tracking is done for advertising or user profiling purposes.
• All user data is handled according to our privacy and security policies.

For more information on how user sessions and access are managed, please refer to our Privacy Policy and Security Practices documentation.

We retain your personal information for as long as your account remains active or while you remain subscribed to our Services. If you choose to cancel your subscription, delete your account, or request the removal of your data, we will either delete or anonymize your personal information, unless a longer retention period is required by law (for example, for tax, accounting, or legal compliance purposes). If immediate deletion is not technically possible, we securely store your personal information and isolate it from further processing until deletion is feasible.

Your information may be transferred to, stored, and processed outside the European Economic Area (EEA), including in the United States, where our servers and third-party service providers are located. We implement appropriate safeguards (e.g., Standard Contractual Clauses) to ensure your data remains protected.

We have implemented appropriate technical and organizational security measures, including:

• Encrypted data transmission (SSL/TLS)
• Secure cloud hosting
• Access control and authentication procedures
• Regular vulnerability testing and security audits

However, no method of transmission over the Internet is 100% secure.

Depending on your jurisdiction (e.g., EU, UK, California), you may exercise specific rights under data protection laws, including:

• Right to access the personal data stored in your NIMAR account
• Right to correct or update inaccurate or incomplete information
• Right to request deletion of your data (“Right to be Forgotten”)
• Right to restrict or limit the processing of your personal information
• Right to object to certain types of data processing
• Right to receive your data in a portable, machine-readable format
• Right to withdraw your consent at any time, where processing is based on consent

Requests related to data rights can be submitted via your NIMAR account or by contacting our support team.

Account termination, data deletion, and service cancellation must follow the procedures detailed in NIMAR’s Terms and Conditions, including any applicable notice periods.

To exercise your data rights under GDPR or CCPA (not subscription rights), please contact us at [email protected]. You may also file a complaint with your local data protection authority if you believe your rights are being infringed.

Our Services are not intended for children under 13 (or under 16 in the EU). We do not knowingly collect personal data from minors. If you believe we have collected information from a minor, please contact us immediately.

We do not currently respond to DNT browser signals. If a standard for online tracking is adopted, we will update our practices accordingly.

If you are a California resident, you have additional rights:

• Right to know what personal data we collect and how we use it
• Right to request a copy of your data
• Right to request deletion of your data
• Right to opt out of the sale or sharing of your personal information

We offer a “Do Not Sell or Share My Personal Information” link for California users. For any privacy request, please email [email protected]. We will not discriminate against you for exercising any of your CCPA rights.

We may update this Privacy Policy as needed to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will notify you by email (if you have provided it) or by posting a notice on our website. Please review this Privacy Policy periodically.

If you have any questions or concerns about this Privacy Policy or our practices regarding your personal information, please contact us at [email protected]

By using NIMAR, you consent to the collection and use of your personal information as described in this Privacy Policy, in accordance with applicable data privacy laws such as the California Online Privacy Protection Act (CalOPPA), the Children’s Online Privacy Protection Act (COPPA), the CAN-SPAM Act, and the General Data Protection Regulation (GDPR).

California Online Privacy Protection Act (CalOPPA): CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. It applies to any person or company in the United States (and potentially the world) that operates websites collecting Personally Identifiable Information (PII) from California consumers. Users can refer to the CalOPPA website for more information on their rights and protections under this law.

Children’s Online Privacy Protection Act (COPPA): COPPA puts parents in control of the collection of personal information from children under the age of 13. It requires operators of websites and online services to protect children’s privacy and safety online. Users can refer to the Federal Trade Commission’s website for detailed information on COPPA and its implications.

CAN-SPAM Act: The CAN-SPAM Act sets rules for commercial email, including requirements for commercial messages and recipient rights. Users can refer to the Federal Trade Commission’s website for guidance on their rights under the CAN-SPAM Act and how to handle commercial emails.

General Data Protection Regulation (GDPR): GDPR is a comprehensive data privacy regulation that governs the processing of personal data of individuals in the European Union (EU). It grants individuals certain rights over their personal data and imposes obligations on organizations that collect and process this data. Users can refer to the official EU GDPR website for information on their rights under GDPR and how organizations should handle their personal data.

The governing law regarding privacy matters is the law of the jurisdiction in which you reside. We are committed to protecting your privacy and ensuring the security of your personal information. Thank you for trusting us with your data.