CCPA Compliance Notice

2.1Scope

This notice applies to California residents whose personal information Nutan collects. It covers collection, use, disclosure, retention, and the rights available to consumers.

2.2Categories of Personal Information Collected (Cal. Civ. Code §1798.140(v))

During the reporting period, Nutan collected the following categories of personal information:

• Identifiers: email address, name, company name (when provided)
• Commercial information: records of products or services requested (invite requests)
• Internet or other electronic network activity: browsing behaviour on the marketing site, help chat queries
• Geolocation data: coarse IP-derived location for security purposes only
• Inferences: none — Nutan does not derive psychological, behavioural, or consumer profiles

2.3Sources of Personal Information

Information is collected directly from the consumer (form submissions, help chat), from the consumer's device (limited telemetry with consent), and from authentication providers (Google sign-in when used).

2.4Business Purposes for Collection and Use

Personal information is used for the following business purposes:

• Providing the service requested (account creation, authentication, product functionality)
• Maintaining service security, integrity, and reliability
• Communicating about invite status, product updates, and legal notices
• Compliance with legal obligations

2.5Categories of Third Parties With Whom PI Is Shared

Nutan shares personal information only with sub-processors listed at nutan.ai/sub-processors. No sharing occurs for advertising or behavioural profiling.

2.6Sensitive Personal Information (SPI)

Nutan does not collect sensitive personal information as defined by §1798.140(ae) beyond authentication credentials, which are processed solely to authenticate the consumer and are not used to infer characteristics.

2.7Sale or Sharing of Personal Information

Nutan does not sell personal information and does not share personal information for cross-context behavioural advertising. No opt-out link is required because no such sale or sharing occurs. The "Do Not Sell or Share My Personal Information" choice is effectively the default state for every consumer.

2.8Right to Know (§1798.110)

Consumers have the right to request the categories and specific pieces of personal information Nutan has collected about them. Verifiable requests are fulfilled within 45 days.

2.9Right to Delete (§1798.105)

Consumers have the right to request deletion of personal information. Nutan's granular erasure controls implement this right directly in-product; verifiable requests through other channels are honoured within 45 days.

2.10Right to Correct (§1798.106)

Consumers have the right to correct inaccurate personal information. Most fields can be corrected directly in-product; other fields are corrected on verifiable request.

2.11Right to Opt-out (§1798.120)

Consumers have the right to opt out of the sale or sharing of personal information. Nutan does not sell or share; no action is required from the consumer.

2.12Right to Limit Use of Sensitive Personal Information (§1798.121)

Consumers have the right to limit the use of sensitive personal information. Nutan does not use SPI for purposes that would trigger this right.

2.13Right to Non-Discrimination (§1798.125)

Nutan does not discriminate against consumers who exercise their CCPA rights. Product functionality, pricing, and quality are not conditioned on waiver of rights.

2.14Authorised Agents

Consumers may designate an authorised agent to exercise rights on their behalf. The agent must provide written permission from the consumer and verify their own identity.

2.15How to Exercise Rights

Rights may be exercised through in-product controls (Settings → Privacy) for most requests, or via the online submission form at nutan.ai/privacy/requests — a ticket ID is issued immediately and the privacy agent handles routing. Nutan verifies identity before acting on any request.

2.16Retention

Personal information is retained only as long as necessary for the business purposes described above or as required by law. Invite request data is retained until the consumer requests removal. Account data is retained for the duration of the account plus up to 30 days for safe deletion.

2.17Minors

Nutan does not knowingly collect personal information from consumers under 16. Consent for minors, if applicable, would be obtained through a parental opt-in process.

2.18Changes to This Notice

This notice is regenerated alongside every release. The current version is always published at nutan.ai/trust-center/reports/ccpa.