Nixi AI Platform Privacy Policy

Last Updated: October 7, 2025

1. Introduction and Scope

This Privacy Policy is provided by Nixi AI GmbH i.G. ("Nixi AI," "we," "us"), located at Adolfsallee 14, 65185 Wiesbaden, Germany. You can contact us at any time at Hello@nixiai.ai.

This policy applies specifically to the personal data we collect from you as a registered user of our application (the "Service" or "Platform"). For information on how we handle data on our public marketing website (www.nixiai.ai), please see our separate Website Privacy Policy.

It is important to understand the difference between your personal data and the content you process. This policy explains how we handle your personal account data (e.g., your name, email, and billing information). It does not apply to the patient records, transcripts, or any other content you upload or generate using our Service. The protection and processing of that data are governed exclusively by the Data Processing Agreement (DPA) that forms part of your contract with us.

2. Information We Collect and Why

We collect the following personal data to provide and operate our Service. We are committed to collecting only the data that is necessary for the specified purposes.

A. Account Information

When you register for an account, we collect your name and email address. We also store your password in a secure, hashed format. We process this information to create and manage your account, authenticate you, and communicate with you. The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR).

B. Billing Information

To manage your subscription, we collect your billing address and payment details. Please note that we use a secure third-party payment processor (such as Stripe) to handle all transactions. We do not store your full credit card number on our servers. This processing is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR).

C. Technical and Usage Data

When you use our platform, we automatically collect technical and usage data, including your IP address, browser and device type, login timestamps, and information about the features you use. We process this data to ensure the security of our service, prevent fraudulent activity, and analyze usage patterns to improve our product. The legal basis for this is our legitimate interest in maintaining a secure and effective service (Art. 6(1)(f) GDPR).

D. Support Communications

When you contact our support team, we collect the content of your communications. We use this information solely to respond to your inquiry and provide you with the necessary support. This processing is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR).

3. How We Share Your Information

We do not sell your personal data. We only share your information with trusted third-party service providers as necessary to operate our business and provide the Service to you. We have data processing agreements in place with all our sub-processors to ensure your data is protected.


We share data with the following categories of providers:

  • Application & Account Data Hosting: We use Bubble Group, Inc. to host our platform's frontend and the database containing your account information (name, email, settings). This data is stored on secure Amazon Web Services (AWS) infrastructure located in the United States. The transfer of this data outside of the EU is protected by Standard Contractual Clauses.
  • Backend Infrastructure Hosting: Our secure backend services, which process patient data as described in the DPA, run on Google Cloud Platform (GCP) located in Germany.
  • Payment Processor: Currently, the Service is provided free of charge during our pilot phase. When we introduce paid plans, we will engage a secure third-party payment processor (e.g., Stripe) to handle your billing information. We will update this policy before any payment is processed.
  • Service Analytics Providers: We may use third-party analytics services to help us understand how our platform is being used. This data helps us improve the user experience and is processed in an aggregated and anonymized form where possible.
  • Legal and Law Enforcement Requests: We may disclose your information if we are required to do so by law or in response to a valid legal request from a public authority.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Account Data: We retain your account information (name, email, etc.) for as long as your account is active. If you choose to delete your account, we will permanently delete this data from our live systems within 90 days. Data may persist in our secure, encrypted backups for a limited period thereafter before being overwritten.
  • Billing Data: As a German company, we are required by German commercial and tax law to retain billing information (such as invoices and payment records) for 10 years.
  • Payment Processor: Currently, the Service is provided free of charge during our pilot phase. When we introduce paid plans, we will engage a secure third-party payment processor (e.g., Stripe) to handle your billing information. We will update this policy before any payment is processed.
  • Technical and Usage Data: We typically retain technical data for security and analysis for a period of up to 24 months, after which it is either deleted or fully anonymized.
  • Support Communications: We retain communications you send to our support team for as long as your account is active to provide a consistent support history.

5. Security Measures

We are committed to protecting your personal data. We implement robust technical and organizational measures to protect all data on our platform, including your personal account data, from unauthorized access, disclosure, or destruction. These measures are detailed in Annex B of our Data Processing Agreement (DPA).

6. Your Rights Under GDPR

As a user, you have certain rights regarding your personal data under the General Data Protection Regulation (GDPR). These include:

  • The Right to Access: You have the right to request a copy of the personal data we hold about you.
  • The Right to Rectification: You have the right to request that we correct any data you believe is inaccurate.
  • The Right to Erasure: You have the right to request that we delete your personal data under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your data under certain conditions.
  • The Right to Data Portability: You have the right to receive your data in a structured, machine-readable format.
  • The Right to Object: You have the right to object to our processing of your personal data where we rely on a legitimate interest

7. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us.


Nixi AI GmbH i.G.

Adolfsallee 14,

65185 Wiesbaden,

Germany

Email: Hello@nixiai.ai