Privacy Policy

Nymloth is operated by Lucrific B.V., a company registered in the Netherlands. Lucrific B.V. is the data controller for all personal data processed through Nymloth. This policy explains what data we collect, how we use it, and what rights you have. It applies to the Nymloth website and platform.

We keep this policy short and readable on purpose. If anything is unclear, reach out at info@nymloth.com.

1. What We Collect

Account information. Name, email address, and authentication data provided through our identity provider.

Your content. Workflows, notes, and research outputs you create or receive through the platform.

Usage data. Pages visited, features used, timestamps, browser type, and device information. Collected automatically to operate and improve the service.

2. How We Use Your Data

  • Service delivery. Running your workflows, generating research outputs, and delivering them to you.
  • Improvement. Understanding how the platform is used so we can make it better.
  • Communication. Responding to your requests, sending service-related notices.
  • Security and compliance. Protecting accounts, preventing abuse, meeting legal obligations.

Our legal bases for processing are: performance of our contract with you (service delivery), legitimate interest (improvement, security), and compliance with legal obligations where applicable.

3. AI and LLM Processing

Nymloth uses third-party large language models to process your workflows and generate research outputs.

No personally identifiable data is sent to LLMs. We strip all user-identifying information before any data reaches a language model. There is no way for LLM providers to identify who created or requested the work.

Your outputs belong to you. Research outputs generated by the platform are yours. We do not use your outputs to train models, sell to third parties, or share with other users. Your data is only used to generate benefit for your own usage: building memory across your research, accumulating experience, refining your views, and producing better outcomes over time.

4. Data Sharing

We do not sell your data. We do not share your data for advertising purposes.

We share data only with the following categories of providers, strictly to operate the service:

  • Infrastructure. Cloud compute, storage, and database providers.
  • Authentication. Identity and access management providers.
  • Search. Financial data search providers.
  • AI processing. Language model providers (inference only, with no personally identifiable data as described above).

We may also disclose data if required by law, court order, or to protect the rights, safety, or property of Lucrific B.V. or its users.

5. Data Retention and Security

We retain your data for as long as your account is active. After account deletion, we keep data for up to 90 days to comply with legal obligations, after which it is permanently deleted. You can request deletion at any time.

All data is encrypted in transit and at rest. User data is isolated at the database level through row-level security policies, meaning no user can access another user’s data.

No system is perfectly secure. We take reasonable measures to protect your data but cannot guarantee absolute security.

6. International Data Transfers

Some of our service providers operate outside the European Economic Area. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards to protect your data.

7. Your Rights Under GDPR

As a Dutch company, we process data under the General Data Protection Regulation (GDPR). You have the following rights:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Request correction of inaccurate data.
  • Erasure. Request deletion of your personal data.
  • Portability. Request your data in a structured, machine-readable format.
  • Restriction. Request that we limit processing of your data.
  • Objection. Object to processing based on legitimate interests.
  • Withdraw consent. Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email info@nymloth.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your member state of residence.

8. Cookies

We use only essential cookies required for authentication and platform functionality. We do not use analytics or advertising cookies.

9. Children

Nymloth is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the platform. Continued use after changes constitutes acceptance.

11. Contact

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your personal data, or your choices and rights regarding such collection and use, please do not hesitate to contact us at info@nymloth.com.