Back to home

Privacy Policy

Last updated: April 15, 2026

Nimdio ("we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Nimdio platform.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and job title.

Usage Data

We collect information about how you interact with the platform, including simulation results, training completion data, and threat intelligence queries.

Simulation Data

When phishing simulations are conducted, we collect email open events, link click events, credential submission events, and reporting events. This data is used solely for security awareness measurement and is never used to access real credentials.

2. How We Use Your Information

  • Provide, maintain, and improve the Nimdio platform
  • Generate security awareness reports and risk scores
  • Deliver training content and track completion
  • Send platform notifications and security alerts
  • Comply with legal obligations, including data protection regulations

3. Data Sharing

We do not sell your personal data. We may share data with:

  • Your organization's administrators — to provide security awareness reports
  • Service providers — who help us operate the platform (hosting, email delivery)
  • Legal authorities — when required by law or to protect our rights

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

5. Data Security

We implement industry-standard security measures including encryption in transit and at rest, role-based access controls, and row-level database security to protect your data.

6. Your Rights

Depending on your jurisdiction (including under the Ghana Data Protection Act, 2012 (Act 843), NDPR (Nigeria), or DPA (Kenya)), you may have the right to:

  • Access and receive a copy of your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

7. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the platform.

9. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@nimdio.com.