Content

Privacy Policy

Nuinalp develops and operates services focused on digital security, privacy, and data protection. Our priority is to provide reliable products by collecting and processing only the information strictly necessary for the operation of the services, troubleshooting, platform security, and improvement of the user experience.

This Privacy Policy describes how Nuinalp collects, uses, stores, and deletes personal data related to the use of its services. Certain products or features may have specific privacy notices or policies that complement this document and must be read together with it.

By using the website nuinalp.com, creating a Nuinalp Account, or using any of our products and services (the “Services”), you declare that you are aware of and agree with the data processing described in this Privacy Policy, which must be interpreted as complementary to our Terms of Service.

Who We Are

The Services are operated by Nuinalp LTDA, based in Brazil, located at Rua Doutor Lindolfo Mattos Freitas, 118, Centro, Tremembé, São Paulo, ZIP Code 12120-083, responsible for the processing of personal data described in this Policy.

Throughout this Policy, Nuinalp LTDA may be referred to as “Nuinalp”, “we”, “us”, or “our”.

Privacy Principles

In line with our mission to protect users’ privacy, we adopt the following principles:

  • Privacy by default: we collect only the data necessary to provide the Services.
  • Transparency: we do not collect or store data that is not described in this Policy.
  • Security: we adopt technical and organizational measures to protect data against unauthorized access.
  • Data location: no personal data is stored or made available in the United States of America. When designing our infrastructure, we prioritize jurisdictions with strong data protection laws.
  • No data selling: we never sell personal data to third parties.
  • Global protections: whenever possible, we apply the same high standard of data protection to all users, regardless of their location.

Data We Collect and How We Use It

Nuinalp Website Analytics

On Nuinalp websites, including nuinalp.com and its subdomains (such as blog.nuinalp.com, accounts.nuinalp.com, dashboard.nuinalp.com, and support.nuinalp.com), we use analytics tools to understand overall service performance, improve stability, and enhance user experience.

For this purpose, we use PostHog and New Relic. More details can be found in the Data Processors section. Data is anonymized or aggregated, and IP addresses are not retained for analytical purposes.

Creation of a Nuinalp Account

To use Nuinalp services, you may create a Nuinalp Account, which functions as a global and centralized account for access to our products and services.

Providing personal information such as full name, physical address, or phone number is not required. The primary account identifier is an email address, used for authentication purposes, essential service communications, and account recovery.

Optionally, you may provide an additional email address for notification or password recovery purposes. If provided, this address will be used exclusively for essential service communications, security alerts, account verification, and access recovery.

Promotional or informational communications are sent only with your consent, which may be granted or revoked at any time in your account settings.

Nuinalp adopts the principle of data minimization, collecting only the information strictly necessary to create and maintain the account.

Human Verification and Abuse Prevention

To protect Nuinalp and its users against automated account creation, spam, fraud, and brute-force attacks, we use human verification mechanisms and security controls.

These mechanisms may include verification challenges (such as captchas), email confirmation, or sending verification codes via SMS, when applicable.

Data provided during these processes, such as IP addresses, email addresses, or phone numbers, is processed temporarily and exclusively for verification and service protection purposes.

The retention period for this data is limited to the time necessary to fulfill its security and abuse prevention purpose, in compliance with applicable legislation. If any of this data needs to be retained for a longer period, it will be stored in encrypted or hashed form, preventing access to the original values.

The legal basis for this processing is Nuinalp’s legitimate interest in protecting its services, infrastructure, and users.

The subscription to paid plans or services subject to charges may require the processing of additional information, separate from Nuinalp Account data.

In such cases, Nuinalp may collect and process information strictly necessary for billing purposes, invoice issuance, compliance with legal, regulatory, and tax obligations, as well as accounting and auditing purposes.

Such information may include, as applicable and in accordance with the user’s country legislation, full name or company name, address, country, tax identification information or equivalent, and other data required for proper invoice issuance.

The processing of this data is based on legal and regulatory obligations and is used exclusively for the purposes described in this section.

Billing information is stored separately from the main account data and protected by appropriate technical and organizational measures, including encryption and restricted access to authorized systems and personnel.

Changes to billing data apply only to future charges and do not affect invoices already issued. Certain information may be retained for the period required by applicable legislation, even after account closure or deletion request, when retention is necessary to comply with legal obligations.

Account Activity and Abuse Prevention

Data processing activities carried out by Nuinalp may vary depending on the service used. Each service is designed to operate with minimal data collection, respecting its technical characteristics and specific objectives.

We may use limited account-related data to detect, prevent, and respond to abusive, fraudulent, or non-compliant uses of our services, including attempts of unauthorized access, malicious automation, or infrastructure attacks.

This processing is based on Nuinalp’s legitimate interest in protecting its services, users, and infrastructure, without monitoring browsing activity or VPN usage.

IP Address Logging for Account Security

By default, Nuinalp does not maintain permanent logs of IP addresses associated with your account.

However, IP addresses may be processed temporarily and in a limited manner when necessary to prevent fraud, mitigate abuse, protect account security, or investigate violations of the Terms of Use.

These logs are not used to track browsing activity or VPN usage and are not correlated with internet traffic.

In exceptional situations involving serious violations of the Terms of Use or valid legal obligations, certain technical data may be retained as permitted by applicable legislation.

The legal basis for this processing is Nuinalp’s legitimate interest in ensuring the security and integrity of the services.

Native Applications

When you use Nuinalp native applications, limited technical data may be processed for stability, performance, and bug-fixing purposes.

This may include crash reports, aggregated app usage statistics, and information about the operating system and app version.

This data does not include traffic content, browsing history, location information, or activities carried out through the VPN (see details below).

Some platforms, such as the Apple App Store and Google Play Store, may collect aggregated and anonymous statistics in accordance with their own privacy policies and terms of use.

Whenever possible, Nuinalp uses proprietary or anonymized solutions to reduce data collection to the minimum necessary.

Social Media

Nuinalp maintains a presence on social media and public platforms such as LinkedIn, Instagram, X (Twitter), Bluesky, and others used for institutional communication.

Any information, message, comment, or content you send or publish on these platforms is done at your own risk, as these environments are operated by third parties and are not controlled by Nuinalp.

We cannot guarantee the privacy or security of information shared on social media, nor control the actions of other users or the platforms themselves. Data processing in these environments is governed exclusively by the privacy policies and terms of use of the respective platforms.

Links to External Websites and Embedded Content

Our websites and communications may contain links to third-party websites or embedded content such as images, videos, or other external resources.

Nuinalp is not responsible for the content, practices, or privacy policies of third-party websites or services. Access to these external resources is at your own risk and subject to their own terms and policies.

In some cases, embedded content may collect technical information about access, as defined by the respective providers’ policies. The processing of such data is based on Nuinalp’s legitimate interest in operating its websites in a functional and efficient manner, always in compliance with applicable legislation.

Communications and Direct Marketing

Nuinalp may use your email address to send communications related to new products, features, updates, service improvements, or other informational and promotional content about our services.

Promotional communications are sent only based on your consent, which may be withdrawn at any time through the unsubscribe link included in messages or through your account preferences.

We fully respect requests to unsubscribe from promotional communications. However, even after unsubscribing, we may continue to send messages strictly necessary for:

Billing Account security Operational or legal communications Essential service updates

These non-promotional communications are indispensable for the proper provision of Nuinalp services.

Privacy in Specific Products

Certain Nuinalp products and services have specific technical characteristics that may involve particular data processing activities.

The sections below complement this Privacy Policy and objectively describe how each product operates regarding data collection, use, and protection.

In case of conflict, product-specific privacy notices prevail only with respect to that specific service, while this Policy remains the general basis.

Nuinalp VPN

Nuinalp VPN adopts a no-logs policy. When you use the service, Nuinalp does not collect, log, or store:

Internet traffic or communication content Browsing history or DNS queries Source or destination IP addresses associated with VPN activity Data that would allow correlating a specific user to activities carried out through the VPN

Nuinalp does not monitor, inspect, or analyze VPN-protected traffic, nor discriminate between protocols, applications, or types of connection.

Infrastructure and Technical Partners

To operate Nuinalp VPN, we use specialized VPN infrastructure partners who act as data processors exclusively under our instructions and solely for the purpose of providing the service.

These partners do not log browsing activity, traffic content, or VPN usage history and are contractually bound to comply with strict security and confidentiality standards.

Infrastructure and Security

Nuinalp VPN connections use strong encryption and protection mechanisms designed to prevent unauthorized access to user traffic.

The service infrastructure is operated in a way that minimizes the generation and retention of technical data. When infrastructure partners or technical providers are used, they act exclusively according to Nuinalp’s instructions and are not authorized to log or retain VPN usage data.

Data Processors

To provide our services and products, we use different data processors responsible for processing specific types of information.

Processors never store or process data beyond the scope of their specific purpose, nor collect or retain data related to the general and everyday use of your account and Services.

Please consult our Data Processors list for more details.

When these processors are located in other countries, we ensure that transfers occur under appropriate safeguard mechanisms in compliance with the LGPD and GDPR.

Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy. Account data is retained while the service is active. Information processed for security purposes (such as temporary IP logs) is retained for short periods and deleted once it loses operational necessity. Billing data is retained for the periods required by applicable tax legislation.

Your Privacy Rights

You have rights regarding your personal data. You may:

Access your personal data and obtain information about how it is used; Correct incomplete, inaccurate, or outdated personal data; Request deletion of personal data, when applicable; Object to the processing of personal data in certain circumstances; Request restriction of personal data processing; Request portability of your personal data, when applicable; Withdraw consent at any time.

Whenever possible, these rights may be exercised directly through your Nuinalp Account or by contacting our support team.

Contact

If you have questions, comments, or requests related to this Privacy Policy or the processing of your personal data, you may contact us at: privacy@nuinalp.com, which is also the direct communication channel with our Data Protection Officer (DPO).

Whenever possible, requests related to access, correction, or deletion of data may be made directly through your Nuinalp Account. If this is not possible, you may contact us via the email above, providing details of your request.

Changes to this Privacy Policy

Within the limits of applicable legislation, Nuinalp reserves the right to review and amend this Privacy Policy at any time to reflect improvements, operational changes, or legal updates. Users will be notified whenever relevant changes occur.