1. Introduction
Employee Number Zero LLC ("we", "us", "our") operates Niro Page (the "Service"), a multi-platform SaaS application for creating customizable canvas pages. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
We are committed to protecting your privacy and being transparent about our data practices. Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide to Us
Account Information: When you create an account using Google OAuth, we collect:
- Email address
- Display name
- Profile photo URL
- Google user ID
User Content: We collect and store the content you create on your canvas pages, including:
- Widget configurations and layouts
- Notes and text content
- To-do lists and tasks
- Theme preferences and customizations
- Space name (subdomain identifier)
- Page names and organization
Third-Party Integration Data: When you connect third-party services:
- Gmail: OAuth tokens (encrypted), email addresses of connected accounts
- YouTube: Search queries, selected video IDs, channel IDs
- RSS Feeds: Feed URLs you subscribe to
- Embedded Content: URLs of websites you embed via iframe widgets
2.2 Information Collected Automatically
Usage Data: We automatically collect information about how you interact with the Service:
- Browser type and version
- Operating system
- Device information
- IP address (anonymized in analytics)
- Pages visited and features used
- Time and date of visits
- Time spent on pages
- Referring website addresses
Cookies and Tracking: We use cookies and similar tracking technologies. See our Cookie Notice for detailed information about the cookies we use.
2.3 Information from Third Parties
Google Analytics: We use Google Analytics to understand user behavior and improve our Service. Google Analytics collects information such as how often users visit the Service, what pages they visit, and what other sites they used prior to coming to the Service.
Payment Processor: Stripe processes all payments and may share transaction status, customer ID, and billing information with us. We do not store your credit card information directly.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 To Provide and Maintain the Service
- Create and manage your account
- Store and synchronize your canvas pages across devices
- Provide access to your custom subdomain (username.niro.page)
- Enable widget functionality and third-party integrations
- Process authentication and maintain session security
3.2 To Process Payments and Subscriptions
- Process subscription payments via Stripe
- Manage billing cycles and renewals
- Handle refund requests
- Send payment receipts and invoices
- Detect and prevent fraud
3.3 To Improve and Develop the Service
- Analyze usage patterns and trends
- Identify and fix bugs and technical issues
- Develop new features and functionality
- Conduct research and testing
- Optimize performance and user experience
3.4 To Communicate with You
- Send service-related announcements and updates
- Respond to customer support inquiries
- Send security alerts and account notifications
- Provide information about policy changes
- Send optional product updates (with your consent)
3.5 For Legal and Security Purposes
- Comply with legal obligations and requests
- Enforce our Terms and Conditions
- Protect against fraud, abuse, and security threats
- Investigate and prevent prohibited activities
- Protect the rights, property, and safety of our users and the public
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:
4.1 With Service Providers
We share data with trusted third-party service providers who help us operate the Service:
- Firebase/Google Cloud: For authentication, database hosting, and file storage
- Stripe: For payment processing (name, email, payment method, transaction data)
- Google Analytics: For usage analytics (anonymized data)
These service providers are contractually obligated to protect your data and only use it for the purposes we specify.
4.2 With Third-Party Widget Services
When you use certain widgets, data may be shared with or collected by third-party services:
- YouTube: Video IDs, search queries, viewing data (subject to YouTube's Privacy Policy)
- Gmail API: OAuth tokens (encrypted server-side), email access (with your explicit permission)
- TradingView: Viewed symbols and chart configurations (subject to TradingView's Privacy Policy)
- RSS Feed Providers: Feed URLs you subscribe to
- Embedded Websites: Sites you embed may collect data via their own cookies and tracking
These third-party services have their own privacy policies, and we encourage you to review them.
4.3 For Legal Compliance
We may disclose your information if required by law or in response to valid legal requests, including:
- Subpoenas, court orders, or legal processes
- Law enforcement or government agency requests
- National security requirements
- Protection of our legal rights and property
- Prevention of fraud or illegal activity
4.4 Business Transfers
If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information for any other purpose with your explicit consent.
5. Data Retention and Deletion
Retention Period: We retain your personal information and User Content indefinitely while your account is active. This ensures you can access your canvas pages and settings at any time without data loss.
Account Deletion: You may request deletion of your account and all associated data at any time by:
- Deleting your account through the Service settings
- Contacting us at dev@emp0.com
Upon account deletion, we will:
- Permanently delete your User Content (canvas pages, widgets, notes, etc.)
- Delete or anonymize your personal information
- Revoke access to your subdomain
- Delete encrypted OAuth tokens for connected services
Legal and Business Retention: We may retain certain information as required by law or for legitimate business purposes, including:
- Financial records (tax compliance, billing disputes)
- Fraud prevention and security logs
- Legal compliance and dispute resolution
- Aggregated, anonymized analytics data
Retained data will be kept in a secure, restricted environment and used only for the purposes stated.
6. Data Security
We implement industry-standard security measures to protect your information:
6.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
- Encryption at Rest: Sensitive data, including OAuth tokens, is encrypted using AES-256-GCM
- Secure Authentication: Google OAuth with Firebase Authentication for secure sign-in
- Access Controls: Role-based access control and principle of least privilege
- Firewall Protection: Network-level security and intrusion detection
6.2 Operational Safeguards
- Regular security audits and vulnerability assessments
- Monitoring and logging of suspicious activities
- Secure development practices and code reviews
- Employee training on data protection
- Incident response plan for data breaches
Important: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
7. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
7.1 General Rights (All Users)
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your account and personal information
- Export: Request a copy of your data in a portable format
- Opt-Out: Opt out of optional marketing communications
7.2 GDPR Rights (European Union Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Restrict Processing: Request restriction of how we process your data
- Right to Object: Object to processing based on legitimate interests
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Withdraw Consent: Withdraw consent for data processing at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
Legal Basis for Processing: We process your data based on:
- Contract performance (to provide the Service)
- Consent (for optional features like Gmail integration)
- Legitimate interests (to improve and secure the Service)
- Legal obligations (to comply with applicable laws)
7.3 CCPA Rights (California Users)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of personal information collected and shared
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Do Not Sell My Personal Information: We do not sell your personal information to third parties.
7.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: legal@emp0.com
- Phone: +1 (302) 404-2437
We will respond to your request within 30 days (or as required by applicable law). We may request additional information to verify your identity before processing your request.
8. Children's Privacy
While there are no age restrictions for using Niro Page, we are committed to protecting the privacy of children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).
Parental Consent: If a user is under 13 years old, we require that a parent or legal guardian provide verifiable consent before the child uses the Service. Parents may contact us to:
- Review the information collected from their child
- Request deletion of their child's information
- Refuse to permit further collection of their child's information
Data Collection from Children: We do not knowingly collect or maintain personal information from children under 13 without parental consent. If we learn that we have collected information from a child under 13 without parental consent, we will delete that information immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country.
Firebase/Google Cloud: Our Service uses Firebase and Google Cloud Platform, which may store and process data in multiple regions worldwide. Google provides appropriate safeguards through its compliance with data protection frameworks.
Safeguards: When transferring data internationally, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by relevant data protection authorities
- Service provider compliance certifications (e.g., Privacy Shield successors)
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email if the changes are material
- Display a notice within the Service
- Request your consent if required by applicable law
Your continued use of the Service after changes to this Privacy Policy constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us: