Trust

Nixi AI Privacy Policy

Last Updated: January 7, 2026

1. Introduction and Scope

This Privacy Policy is provided by Nixi AI ("Nixi AI," "we," "us"), located at Adolfsallee 14, 65185 Wiesbaden, Germany. You can contact us at any time at Privacy@nixiai.ai.

It is important to understand this policy explains how we handle your personal account data (e.g., your name, email, and billing information). It does not apply to the patient records, transcripts, or any other content you upload or generate using our Service. The protection and processing of that data are governed exclusively by the Data Processing Agreement (DPA) that forms part of your contract with us.

For information on how we handle data on our public marketing website (www.nixiai.ai), please see our separate Website Privacy Policy.

2. Information We Collect and Why

We collect the following personal data to provide and operate our Service. We are committed to collecting only the data that is necessary for the specified purposes.

A. Account Information

When you register for an account, we collect your name and email address. We also store your password in a secure, hashed format. We process this information to create and manage your account, authenticate you, and communicate with you. The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR).

B. Billing Information

To manage your subscription, we collect your billing address and payment details. Please note that we use a secure third-party payment processor to handle all transactions. We do not store your full credit card number on our servers. This processing is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR).

C. Technical and Usage Data

When you use our platform, we automatically collect technical and usage data, including your IP address, browser and device type, login timestamps, and information about the features you use. We process this data to ensure the security of our service, prevent fraudulent activity, and analyze usage patterns to improve our product. The legal basis for this is our legitimate interest in maintaining a secure and effective service (Art. 6(1)(f) GDPR).

D. Support Communications

When you contact our support team, we collect the content of your communications. We use this information solely to respond to your inquiry and provide you with the necessary support. This processing is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR).

3. How We Share Your Information

We do not sell your personal data. We only share your information with trusted third-party service providers as necessary to operate our business and provide the Service to you. We have data processing agreements in place with all our sub-processors to ensure your data is protected.


We share data with the following categories of providers:

  • Application & Account Data Hosting: We currently use Bubble Group, Inc. to host parts of our platform related to user accounts and application settings (e.g. name, email, preferences). This data is processed on secure cloud infrastructure. Where processing occurs outside the European Union, appropriate safeguards, including Standard Contractual Clauses (SCCs), are in place in accordance with GDPR requirements.
  • Backend Infrastructure Hosting: Our secure backend services, which process patient data as described in the DPA, run on Google Cloud Platform (GCP) located in Germany.
  • Payment Processor: Currently, the Service is provided free of charge during our pilot phase. When we introduce paid plans, we will engage a secure third-party payment processor to handle your billing information. We will update this policy before any payment is processed.
  • Service Analytics Providers: We may use third-party analytics services to help us understand how our platform is being used. This data helps us improve the user experience and is processed in an aggregated and anonymized form where possible.
  • Legal and Law Enforcement Requests: We may disclose your information if we are required to do so by law or in response to a valid legal request from a public authority.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Account Data: We retain account data for as long as the account is active. After account deletion or contract termination, we delete account data from production systems within up to 30 days, unless legal retention obligations apply. Encrypted backups are overwritten on a rolling basis (up to 30 days).
  • Billing Data: As a German company, we are required by German commercial and tax law to retain billing information (such as invoices and payment records) for 10 years.
  • Technical and Usage Data: We typically retain technical data for security and analysis for a period of up to 24 months, after which it is either deleted or fully anonymized. This data does not include patient content and is not linked to clinical data.
  • Support Communications: We retain communications you send to our support team for as long as your account is active to provide a consistent support history.

5. Security Measures

We are committed to protecting your personal data. We implement robust technical and organizational measures to protect all data on our platform, including your personal account data, from unauthorized access, disclosure, or destruction. Further details on our technical and organizational security measures are available in our Data Processing Agreement (DPA).

6. Your Rights Under GDPR

As a user, you have certain rights regarding your personal data under the General Data Protection Regulation (GDPR). These rights apply to your personal user data processed by Nixi AI as data controller.
These include:

  • The Right to Access: You have the right to request a copy of the personal data we hold about you.
  • The Right to Rectification: You have the right to request that we correct any data you believe is inaccurate.
  • The Right to Erasure: You have the right to request that we delete your personal data under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your data under certain conditions.
  • The Right to Data Portability: You have the right to receive your data in a structured, machine-readable format.
  • The Right to Object: You have the right to object to our processing of your personal data where we rely on a legitimate interest

7. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us.


Nixi AI GbR

Adolfsallee 14,

65185 Wiesbaden,

Germany

Email: Privacy@nixiai.ai