Privacy policy for Nylio.

Nylio is a collaborative document editor with AI-assisted writing, web research, workspace collaboration, document sharing, billing, and import features. In this Privacy Policy, "Nylio," "we," "us," and "our" refer to the operator of the Nylio service.

If you have privacy questions or requests, contact us at hello@nylio.app.

We use personal data to operate and improve Nylio, including to:

• Create and manage accounts, sessions, workspaces, and access controls.
• Store, sync, display, edit, share, and back up documents and related content.
• Provide AI features, including document editing assistance, web research, search, fact-checking, and analysis.
• Process imports, uploads, exports, and file previews.
• Provide subscription management, usage tracking, and billing support.
• Send transactional messages such as invites, verification emails, and support replies.
• Maintain security, detect abuse, troubleshoot issues, and enforce our Terms.
• Measure product performance, understand usage patterns, and improve the service.

If data protection laws such as the GDPR apply, our legal bases for processing generally are:

• Contract: to provide the services you request, including accounts, collaboration, imports, storage, AI features, sharing, and billing.
• Legitimate interests: to secure the service, prevent abuse, improve reliability, analyze usage, and support our business operations.
• Consent: where required for certain cookies, optional communications, or other processing that requires consent under applicable law.
• Legal obligation: where we must keep or disclose data to comply with law, lawful process, accounting, or regulatory duties.

Nylio includes AI features. To provide them, we may send prompts, document excerpts, uploaded files, chat content, tool outputs, or related context to third-party AI and search providers that process data on our behalf or as independent service providers.

You should not submit content to AI features unless you are comfortable with that processing and authorized to share the content with us and our providers for that purpose.

We use this processing to generate responses, suggest edits, answer questions, search public sources, and improve feature reliability. We do not use your content to train our own foundation models. Third-party provider retention and model training practices may differ, so review our product settings and contact us if you need more detail.

We may disclose personal data in the following situations:

• With service providers that help us operate Nylio, such as hosting, cloud storage, analytics, billing, email delivery, authentication, observability, AI, and search providers.
• With other users in your workspace or with people you invite, depending on your sharing and permission settings.
• Through public or semi-public share links that you create. Anyone with access to a share link may be able to view or, if permitted, interact with the shared content.
• With connected import or identity providers when you choose to link external accounts.
• If required by law, legal process, or to protect rights, safety, security, or the integrity of the service.
• In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to customary confidentiality protections.

We use cookies and similar technologies for login state, session management, security, preferences, traffic analysis, and product analytics. Some cookies are strictly necessary for the service to function; others may be used to understand product usage and improve performance.

Depending on where you are located, you may have the right to control certain non-essential cookies through your browser or any consent tools we make available.

We keep personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, maintain records, resolve disputes, enforce agreements, and comply with law.

Retention periods vary by data type. For example, account and billing records may be retained longer than routine logs, and shared or imported content may remain available until deleted by you, your workspace, or our retention rules.

Nylio is offered globally. Your personal data may be processed in countries other than your own, including countries that may not provide the same level of legal protection.

Where required, we will use appropriate safeguards for cross-border transfers, such as contractual protections or other lawful transfer mechanisms.

We use reasonable technical and organizational measures designed to protect personal data. No system is perfectly secure, and we cannot guarantee absolute security.

You are responsible for safeguarding your account credentials, carefully managing sharing permissions, and using share links only when you intend the linked content to be accessible to recipients.

Depending on where you live, you may have the right to request access to, correction of, deletion of, or export of your personal data, as well as the right to object to or restrict certain processing.

If the GDPR or similar laws apply, you may also have the right to withdraw consent where processing relies on consent and the right to lodge a complaint with your local supervisory authority.

To exercise rights, email hello@nylio.app. We may ask you to verify your identity before acting on a request.

Nylio is not directed to children under 13, and if a higher minimum age applies in your jurisdiction, to users below that age. If you believe a child provided personal data to us unlawfully, contact us so we can review and remove it where appropriate.

We may update this Privacy Policy from time to time. If we make a material change, we may provide notice through the service, by email, or by updating the effective date above.

Your continued use of Nylio after an updated Privacy Policy takes effect means the updated version applies going forward, subject to applicable law.