Nyman Media
§ legal · privacy

Privacy Policy

Last updated: December 2, 2025

1. Introduction

Nyman Media ("we," "our," or "us") operates the AI Visibility service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Data Controller: Nyman Media
Contact: privacy@nyman.media

This policy complies with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Authentication credentials (managed securely via Supabase)
  • Account creation and last sign-in timestamps

2.2 Payment Information

For premium subscriptions, we collect:

  • Payment information (processed securely by Stripe; we do not store card details)
  • Billing email and subscription status
  • Transaction history and invoice records

2.3 Usage Data

We automatically collect:

  • URLs and domains you submit for analysis
  • Search queries and prompts you enter
  • Feature usage patterns and interaction data
  • Device information (IP address, browser type, operating system)
  • Session data and timestamps

2.4 Analytics and Conversion Data

We use analytics tools to understand how our service is used and measure marketing effectiveness:

  • User behavior and feature engagement (via PostHog)
  • Sign-up and conversion events
  • Error tracking and performance metrics
  • Conversion tracking via third-party platforms (Google Ads, Bing Ads, Meta/Facebook Pixel, LinkedIn, and similar advertising networks)
  • Marketing campaign attribution and ROI measurement

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our AI analysis services
  • Process your requests and deliver audit results
  • Manage your account and subscription
  • Send service-related communications (e.g., password resets, subscription updates, billing notifications)
  • Contact you for account management purposes, customer support, and service announcements
  • Send marketing communications about new features, updates, and offers (you may opt out at any time)
  • Analyze usage patterns to enhance user experience
  • Track conversions and measure marketing campaign effectiveness
  • Prevent fraud and enforce our terms of service
  • Comply with legal obligations
  • Develop new features and services

3.1 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations
  • Consent: Marketing communications, cookies, and analytics (you may withdraw consent at any time)
  • Legitimate Interests: Fraud prevention, security, service improvements, and business analytics
  • Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers who assist in operating our service:

  • Supabase: Authentication and database hosting
  • Stripe: Payment processing
  • PostHog: Analytics and product insights
  • AI Service Providers: Processing your analysis requests
  • Advertising and Marketing Platforms: Conversion tracking and campaign measurement (Google Ads, Bing Ads, Meta/Facebook, LinkedIn, and similar networks)
  • Email Service Providers: Sending transactional and marketing emails

4.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Retention

We retain your information according to the following schedules:

  • Account data: Duration of account plus 30 days after deletion request
  • Payment records: 7 years (legal requirement for tax/accounting purposes)
  • Usage data and analytics: Up to 2 years
  • Cached analysis results: 24 hours
  • Marketing consent records: Duration of consent plus 3 years
  • Support communications: 3 years from last interaction

After the retention period expires, we securely delete or anonymize your data. You may request early deletion of your account and associated data at any time, subject to legal retention requirements.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure authentication via Supabase
  • Rate limiting and abuse prevention
  • Regular security audits and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 GDPR Rights (EU/EEA Users)

If you are in the European Union or European Economic Area, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Update or correct inaccurate information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Revoke consent at any time (without affecting prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@nyman.media. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns via PostHog and other analytics tools
  • Track conversions and measure advertising effectiveness
  • Deliver targeted advertising through third-party platforms
  • Improve service performance

Third-party advertising platforms (Google, Bing, Meta, LinkedIn, etc.) may place cookies or use similar tracking technologies to measure ad performance and conversions. These platforms have their own privacy policies governing their use of your data.

You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your information may be processed in countries other than your own, including the United States. When we transfer data from the EU/EEA to other countries, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

Our service providers (Supabase, Stripe, PostHog) maintain GDPR-compliant data processing agreements.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without human intervention.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Data Protection Contact: privacy@nyman.media

EU Users: If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

← back to home