Privacy Policy

1. Who we are

Nrvole (“we”, “us”) operates the Nrvole platform at nrvole.com. We are the data controller for the personal information described in this policy.

This policy explains what we collect, why we collect it, and the choices you have. It applies to our website, the signed-in application, and related communications.

2. Information we collect

We collect information in three broad categories:

• Account information — name, work email, organisation, password (stored only as a salted hash) and your role when you register.
• Usage information — pages viewed, searches run, listings saved, and features used, which help us understand how the platform is used and where to improve it.
• Technical information — IP address, device and browser type, and approximate location derived from IP, collected through server logs and cookies.
• Content you provide — research notes, plans, checklists and project information you store in your workspace.

3. How we use information

We use personal information to:

• provide, maintain and secure the platform and your account;
• deliver market data, sourcing information and opportunity listings you request;
• personalise the dashboards and recommendations you see;
• respond to support requests and send service messages;
• detect, prevent and investigate fraud, abuse and security incidents;
• comply with our legal and regulatory obligations.

We do not sell personal information, and we do not use the content of your private workspace to train third-party models.

4. Legal bases

Where UK GDPR applies, we rely on the following legal bases: contract (to provide the service you sign up for), legitimate interests (to secure, analyse and improve the platform), consent (for optional analytics cookies and marketing email, which you can withdraw at any time), and legal obligation (for record-keeping and compliance).

5. Sharing & processors

We share personal information only with service providers who process it on our behalf under contract — for example cloud hosting, email delivery and analytics. These processors act on our instructions and are bound by confidentiality and data-protection terms.

We may also disclose information where required by law, to enforce our terms, or in connection with a corporate transaction, in which case we will notify affected users.

6. Retention

We keep account information for as long as your account is active and for a limited period afterwards to meet legal and accounting requirements. Usage and technical logs are kept for a shorter period and then aggregated or deleted. You can ask us to delete your account at any time.

7. International transfers

Where information is transferred outside the UK, we rely on adequacy decisions or appropriate safeguards such as the International Data Transfer Agreement and standard contractual clauses, together with additional technical measures where needed.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict or object to processing of your personal information, and to data portability. You can also withdraw consent and lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise any of these rights, contact us using the details below. We will respond within the timeframes required by law.

9. Security

We use encryption in transit and at rest, role-based access controls and continuous monitoring to protect personal information. See our Security page for more detail. No method of transmission is completely secure, so we cannot guarantee absolute security.

10. Changes

We may update this policy from time to time. Material changes will be highlighted on this page and, where appropriate, notified to you by email. The date at the top shows when it was last revised.

11. Contact us

For privacy questions or to exercise your rights, email privacy@nrvole.com or write to our Data Protection contact via the contact page.