Last updated: February 19, 2026 · Effective immediately upon use of Nimbus Pro services
Nimbus Pro ("we", "us", or "our") is a social media automation platform operated by Ascended Strength Pty Ltd, based in Australia. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at gonimbus.pro.
By accessing or using Nimbus Pro, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.
Nimbus Pro is designed for fitness coaches, allied health professionals, restaurants, and beauty businesses who use our platform to automate and manage their social media presence.
When you register for Nimbus Pro, we collect your name, email address, business name, business type, and a password (stored encrypted). We also collect your preferred timezone, industry category, and communication style preferences you configure within the platform.
To enable posting automation and chatbot features, we collect and store OAuth access tokens for connected social media accounts, including Instagram and Facebook. These tokens are issued by Meta and allow our platform to post content, read comments, send direct messages, and receive webhook events on your behalf. We store these tokens encrypted in our database. We do not store your Meta username or password — only the access tokens granted through Meta's official OAuth flow.
We store social media posts, captions, reel scripts, hashtags, scheduled post data, images and video content you upload, content calendar entries, caption generation history, and AI-generated content produced during your sessions.
If you use our scheduling and client management features, we store client names, phone numbers, email addresses, appointment details, booking types, SMS reminder history, agreement forms, notes, and billing status. This data is entered by you and stored in your account's isolated database partition.
When using the Instagram chatbot automation features, we collect and store Instagram usernames and user IDs of people who interact with your chatbot flows, message sequences sent and received, lead magnet delivery records, qualification responses, and the step-by-step progress through your automated flows. This data is stored under your account and is not accessible to other coaches on the platform.
Subscription billing is processed through Stripe. We do not store credit card numbers or full payment details. Stripe handles all payment processing and provides us with a customer ID and subscription status. You can review Stripe's privacy practices at stripe.com/privacy.
If you connect additional services through the platform Settings, we may collect and store API credentials, OAuth tokens, or configuration data for Google Calendar (OAuth refresh tokens for appointment sync), Twilio (for SMS reminders), and SendGrid (for email notifications). These credentials are stored encrypted and are used exclusively to perform the integrations you configure.
We collect standard technical data including IP addresses, browser type, device information, pages visited, actions taken within the platform, and error logs. This data is used for security, debugging, and platform improvement purposes.
We use the information we collect to provide and operate the Nimbus Pro platform and all its features, authenticate your identity and maintain session security, generate AI-powered social media captions and scripts using the Claude API (Anthropic), automate social media posting to Instagram and Facebook via the Meta Graph API, process and deliver chatbot flows and direct message automations, send SMS appointment reminders via Twilio on your behalf, sync appointments with Google Calendar using your authorised OAuth token, send platform notifications and alerts via SendGrid, process subscription payments through Stripe, provide customer support and respond to your enquiries, detect and prevent fraudulent or unauthorised access, and improve and develop new platform features.
We do not use your content or client data to train AI models. Content submitted for caption generation is sent to Anthropic's Claude API for processing in accordance with Anthropic's usage policies and is not retained by Anthropic for training purposes under our enterprise agreement.
Nimbus Pro is a multi-tenant SaaS platform. Each coach account is strictly isolated from all other accounts using Row Level Security (RLS) enforced at the database level through Supabase. This means your posts, clients, leads, chatbot flows, appointments, and all associated data are never visible to or accessible by other coaches on the platform, even in the event of misconfiguration at the application layer.
We do not aggregate or compare data between coach accounts, and we do not provide any coach with anonymised or benchmarked data derived from other coaches' accounts.
Nimbus Pro integrates with the following third-party services to deliver platform functionality. Each service has its own privacy policy and data handling practices:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Meta (Instagram & Facebook) | Social media posting, comment reading, DM automation, webhook events | privacycenter.facebook.com |
| Anthropic (Claude API) | AI caption and script generation | anthropic.com/privacy |
| Supabase | Database hosting and authentication | supabase.com/privacy |
| Vercel | Application hosting and deployment | vercel.com/legal/privacy-policy |
| Cloudinary | Media storage and delivery | cloudinary.com/privacy |
| Stripe | Subscription billing and payment processing | stripe.com/privacy |
| Twilio | SMS appointment reminders | twilio.com/legal/privacy |
| SendGrid | Transactional email delivery | sendgrid.com/policies/privacy |
| Calendar integration (OAuth) | policies.google.com/privacy | |
| n8n | Workflow automation engine | n8n.io/privacy |
We only share data with these services to the minimum extent necessary to deliver the features you use. We do not sell your data to any third party.
Nimbus Pro is built on the Meta for Developers platform and complies with Meta's Platform Terms and Developer Policies. Specifically regarding Meta data:
We access your Instagram and Facebook account data only with your explicit authorisation through Meta's OAuth flow. The permissions we request include the ability to publish posts and stories, read and respond to comments, send and receive direct messages, access basic account information such as follower count and post performance, and receive real-time webhook notifications for comments and messages.
We store Meta access tokens encrypted in our database. These tokens are used exclusively to perform actions you initiate through the platform. We do not share Meta user data (including data about your followers or clients who interact with your chatbot) with any third party, and we do not use this data for advertising targeting.
If any of your followers or clients interact with your Instagram chatbot, their Instagram username and user ID are stored in your account to facilitate the automated message sequence. They may contact us at the email below to request deletion of their data.
We retain your account data for as long as your subscription is active. If you cancel your subscription, we retain your data for 30 days to allow for reactivation, after which it is permanently deleted.
Social media posting history and generated captions are retained for the duration of your account. Client records, appointment history, and chatbot lead data are retained until you delete them from the platform or your account is closed.
Technical logs and usage data are retained for 90 days for security and debugging purposes.
We take the security of your data seriously and implement the following measures: all data is transmitted over HTTPS with TLS encryption, the database is hosted on Supabase with AES-256 encryption at rest, OAuth tokens and API credentials are stored encrypted using pgcrypto, Row Level Security is enforced at the database layer for all coach data, Supabase authentication handles session management with industry-standard JWT tokens, and environment variables and secrets are managed through Vercel's secure environment variable system and are never committed to source control.
While we implement strong security practices, no system is completely immune to security risks. We encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorised access to your account.
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to access the personal information we hold about you, request correction of inaccurate or incomplete information, request deletion of your personal information (subject to legal obligations), withdraw consent for data processing, and lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
To exercise any of these rights, contact us at the email address below. We will respond within 30 days.
If you are located in the European Economic Area, you may also have rights under the GDPR including the right to data portability and the right to object to processing. Please contact us to discuss these rights.
You can request a complete export of your account data including your profile, all posts, captions, client records, and chatbot flows by contacting us at the email below. We will provide this in JSON format within 14 days.
To permanently delete your account and all associated data, contact us at the email below. Account deletion removes all coach data, posts, clients, leads, chatbot flows, appointments, and associated records from our systems. Stripe subscription data is managed separately through Stripe's customer portal.
Nimbus Pro is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete it.
Nimbus Pro is operated from Australia. Your data may be processed by our third-party service providers in the United States and other countries. By using Nimbus Pro, you consent to the transfer of your data to these countries, which may have different data protection laws than your jurisdiction.
Where we transfer data outside Australia, we take steps to ensure appropriate safeguards are in place consistent with the Australian Privacy Act.
Nimbus Pro uses session cookies and local storage necessary for authentication and platform functionality. We do not use advertising cookies, cross-site tracking, or third-party analytics cookies. The only cookies set are those required to maintain your logged-in session through Supabase Auth.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you by email to the address associated with your account. Your continued use of Nimbus Pro after any changes constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Nimbus Pro's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.