Last updated: April 24, 2026
This Privacy Policy explains how Nirvani Company ("Nirvani," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal information when you visit our website, use our platform or services, communicate with us, or otherwise interact with Nirvani. This Policy constitutes our notice at or before the point of collection for purposes of applicable U.S. state privacy laws.
This Privacy Policy applies to personal information collected through nirvani.ai and related websites, subdomains, landing pages, and hosted content; our software, CRM, automation, AI, analytics, communication, booking, payment-enabled, and related services; forms, consultations, proposals, onboarding, support, and account interactions; and email, phone, SMS, web chat, AI chat, and similar communications.
This Privacy Policy does not apply to third-party websites, platforms, or services that we do not own or control.
Nirvani Company is an Arizona business providing AI revenue infrastructure, CRM, automation, messaging, voice, and related services to businesses. The controller responsible for personal information collected through our public website and for our own business operations is Nirvani Company, 16220 N Scottsdale Rd, Suite 300, Scottsdale, AZ 85254. Privacy questions may be directed to [email protected], attention: Privacy Officer.
Where required for EEA or UK data subjects, a representative under Article 27 of the GDPR or UK GDPR can be identified by writing to [email protected].
Nirvani acts in different capacities depending on whose personal information is being processed:
If you are an end customer, employee, lead, or contact of a Nirvani client and you have questions about how your personal information is handled, please contact that client in the first instance. Nirvani will assist the client in responding to verified requests.
We may collect billing contact information, billing address, invoice and receipt records, subscription status, transaction dates, amounts, payment status, and limited payment metadata from payment processors. We do not store full credit card or full bank account numbers; payments are handled by PCI-compliant third-party processors.
We do not sell client data or client customer personal data to third parties for AI model training. We do not use client Confidential Information or the substantive content of client customer messages to train third-party foundation models. We may use aggregated usage telemetry, metadata, configuration data, and performance data (excluding client customer message content) to operate, secure, monitor, benchmark, improve, and develop our own services. We maintain technical safeguards and business processes designed to prevent re-identification of de-identified data and contractually prohibit re-identification by downstream recipients.
Where GDPR or UK GDPR applies, we process personal information on the legal bases of contract performance, our legitimate interests in operating and securing the business, your consent (which you may withdraw at any time), and compliance with legal obligations.
We may use automated tools to score, qualify, route, tag, or prioritize inquiries, leads, and communications. These tools are decision-support only and do not produce solely automated decisions with legal or similarly significant effects on any individual. You may contact [email protected] to request human review of any outcome.
We and our service providers may use cookies, pixels, tags, scripts, local storage, and similar technologies to operate and secure the website and services, remember settings and preferences, understand traffic and usage, measure performance and conversion activity, improve content and user experience, and support analytics, attribution, retargeting, and related advertising functions. You may manage cookies through your browser or device settings.
Because no uniform standard has been adopted, we do not currently respond differently to browser "Do Not Track" (DNT) signals. This disclosure is provided pursuant to the California Online Privacy Protection Act (CalOPPA).
Where required by applicable law, we honor browser-based opt-out preference signals, including the Global Privacy Control (GPC). When we detect a valid GPC signal from your browser, we treat it as an opt-out of the sale or sharing of personal information associated with that browser.
We do not sell personal information for money. Our use of advertising cookies, tracking pixels, and analytics technologies may be considered "sharing" or "targeted advertising" under certain U.S. state privacy laws. You have the right to opt out of such sharing by emailing [email protected] with the subject line "Do Not Sell or Share My Personal Information," or by using any opt-out mechanism available on our website where required. Mobile opt-in data and consent are not shared with third parties or affiliates for their own marketing purposes.
We engage service providers and sub-processors bound by written contracts that require them to process personal information only for the purposes we direct, maintain reasonable security, support data-subject rights, and assist with breach notification. A current list of our material sub-processors, and any associated data-processing addendum, is available upon request to [email protected]. For clients under a data processing agreement, we provide reasonable advance notice of new or replaced sub-processors and an opportunity to object consistent with that agreement.
If you interact with us by phone, SMS, chat, AI chat, voice agent, or similar channels, we may collect, store, process, review, route, and analyze those communications for service delivery, support, documentation, training, quality assurance, analytics, compliance, and security. Calls and messages may be monitored, recorded, transcribed, summarized, or logged where permitted by law.
Some U.S. states and jurisdictions outside the United States require consent from all parties to the recording of a telephone, voice, or video communication. Where we record, we provide audible or written notice before a recorded session begins. If you do not wish to be recorded, you may decline to proceed with the recorded portion of the interaction.
By providing your mobile number and opting in, you consent to receive SMS messages from Nirvani related to your inquiry, account, services, scheduling, billing, support, and operational matters. Message frequency varies. Message and data rates may apply. Reply HELP for help, STOP to unsubscribe. Carriers are not liable for delayed or undelivered messages. Mobile opt-in data and consent are not shared with third parties or affiliates for their own marketing or promotional purposes.
Where our AI voice, transcription, or conversational features process audio recordings, we do not use those recordings to enroll, compare, or otherwise derive a voiceprint or biometric identifier for the purpose of identifying a specific individual within the meaning of the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington biometric privacy statute, or comparable laws. We do not sell or lease biometric information. If a prospective client engagement requires biometric enrollment or identification functionality, a separate written instrument will govern that handling and the required consents.
If you purchase services, we and our payment processors may process billing and transaction information to manage setup fees, subscriptions, invoices, receipts, payment verification, fraud prevention, collections, account status, and related billing support. Commercial terms are governed by our Terms & Conditions and any applicable signed commercial document.
Unless specifically requested under a separate written agreement, do not send the categories above through general website forms, public chat, or ordinary email. We do not use or disclose sensitive personal information for purposes beyond those permitted under applicable law without additional notice and consent. Any handling of regulated information may be subject to separate contractual terms, compliance documentation, or additional legal requirements.
Nirvani is not a HIPAA covered entity. Our standard platform is not configured for the handling of Protected Health Information (PHI). Do not submit PHI through ordinary inquiry, demo, or support channels. Clients who are HIPAA covered entities or business associates and who wish to use the platform for PHI-adjacent workflows may request, under a separately executed Business Associate Agreement and any required technical configuration, the addition of contractual safeguards sufficient to meet their obligations under HIPAA. Inquire at [email protected].
Clients that are financial institutions or that otherwise process “nonpublic personal information” under the Gramm-Leach-Bliley Act, “consumer report” information under the Fair Credit Reporting Act, or similar regulated financial data, are solely responsible for maintaining compliance with those laws and their implementing rules (including the FTC Safeguards Rule). Additional contractual safeguards may be required and are available on request.
We retain personal information only as long as reasonably necessary for the purposes described in this Policy. Typical retention periods, subject to legal, tax, accounting, and operational needs:
We may retain information longer where required by law, for legal holds, ongoing disputes, fraud prevention, or the establishment, exercise, or defense of legal claims.
We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a confirmed security incident affecting your personal information, we will notify affected individuals and applicable authorities as required by law. You are responsible for maintaining the confidentiality of your account credentials and notifying us promptly of suspected unauthorized activity.
Depending on your jurisdiction, you may have rights to:
Email [email protected] with the subject line "Privacy Request." We will respond within 45 days of receiving a verifiable request, with one additional 45-day extension where reasonably necessary, and will notify you of any extension. We may need to verify your identity before responding. We will not discriminate against you for exercising any privacy right.
You may designate an authorized agent to submit a privacy request on your behalf. We may require the agent to provide signed written permission from you, and we may require you to verify your identity directly with us or confirm that you provided the agent with permission.
If you believe your privacy rights have been infringed, you may lodge a complaint with us at [email protected]. You may also contact the Arizona Attorney General, the California Privacy Protection Agency, your state attorney general, or the data-protection supervisory authority in your jurisdiction (including, in the EEA, your national supervisory authority, and in the UK, the Information Commissioner’s Office).
You may unsubscribe from marketing emails at any time using the unsubscribe link in any message or by emailing [email protected]. You may opt out of marketing SMS by replying STOP. We may still send transactional, billing, service, and operational communications.
Where Nirvani holds personal information as a processor or service provider on behalf of a client, requests from the client’s end customers are directed to that client. Nirvani will cooperate with the client in responding consistent with applicable law and our agreement with the client.
In the preceding 12 months, we have collected the following categories of personal information under the California Consumer Privacy Act (CCPA/CPRA) and comparable state laws, and have disclosed them for the business purposes described in this Policy:
Residents of U.S. states with comprehensive consumer privacy laws, including California, Colorado, Connecticut, Utah, Virginia, Oregon, Texas, Montana, Delaware, Iowa, Indiana, Tennessee, New Jersey, New Hampshire, and others as enacted, may have additional rights to access, correct, delete, port, limit sensitive data processing, and opt out of targeted advertising, sale, or sharing of personal information. Contact [email protected] to exercise these rights. We do not knowingly sell or share the personal information of consumers under 16 years of age without affirmative authorization as required by applicable law.
California Civil Code § 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for their direct marketing purposes. Nirvani does not disclose personal information to third parties for their direct marketing purposes. California residents with questions may contact [email protected].
Our website and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected such information without appropriate authorization, we will take reasonable steps to delete it. Consumers aged 13 to 16 are addressed in Section 14.
If you access our website or services from outside the United States, you understand that your personal information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate, which may have data protection laws different from those in your jurisdiction. Where required, we rely on appropriate transfer mechanisms, including the Standard Contractual Clauses and, as applicable, the UK International Data Transfer Addendum, together with supplementary technical, organizational, or contractual measures reasonably necessary to address identified risks. By using the website or services, you consent to such transfers.
Our website and services may link to or integrate with third-party services. Their privacy practices are governed by their own policies, which we do not control, and we are not responsible for them.
Nirvani may update this Privacy Policy at any time and in its sole discretion. The updated version will be posted on our website. Continued use of the website or services after an updated Privacy Policy is posted constitutes acceptance of the revised Policy, except where separate consent is required by law.