Nimbus Website and Advertising Services Privacy Policy

1. Introduction

Nimbus (“we,” “us,” or similar terms) is a mobile advertising platform operated by Timehop, Inc. This privacy policy describes how we collect, use, process, disclose, share, and store information in connection with our services (“Services”) and in connection with operating the adsbynimbus.com website (the “Website”). You should read this Privacy Policy carefully. In this policy, “user” or “you” means any person viewing the Website, using the Services or providing any personal information to Nimbus in connection with using the Services. By using the Services, you are indicating your consent to this Privacy Policy. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD NOT USE THE SERVICES.

2. How Nimbus Collects, Uses, and Shares Information

a. Information that Nimbus Collects and the Sources of the Information

Nimbus’s services are used differently by different clients. The information we collect and process will differ from client to client.

Although the information we collect will vary from client to client, in connection with Nimbus’s Services and Website, Nimbus has collected the below categories of information (“Personal Information”) from the below categories of sources in the past twelve months:

  • Personal identifiers or traits, from Website users or our clients, such as gender, age, or other personal traits. Personal identifiers such as name and email will only be provided by users of our Website, and not by our clients.
  • Public IP addresses, from Nimbus’s clients, our marketing partners, and users of this Website. A Public IP address is a unique number associated with each device that connects to the internet. When there are multiple devices that connect to the internet through a single computer network, the network displays a single Public IP address for all of the devices. In that situation, we collect the single Public IP address and do not collect the IP addresses for the individual devices.
  • User Agent information, (i.e., information about a consumer’s web browser, software, device, and operating system) from our clients, marketing partners, and users of this Website.
  • Mobile Advertising ids, from our clients and from users of this Website. Mobile Advertising ids are identifying numbers assigned to a consumer’s mobile device by the device’s operating system.
  • Unique user identifiers, from our clients. A user identifier is a unique string of numbers that may be assigned to a consumer when the consumer visits a website.
  • Data about consumers’ behaviors on our clients’ websites, which we collect from our clients. Such data may include information about whether a consumer performed certain actions on the website – for example, whether a consumer clicked certain links or visited certain pages.
  • Geolocation data, which can be derived the the Public IP address data we collect, as described above
b. Nimbus’s Business or Commercial Purpose for Collecting Information

Nimbus has collected each of the above categories of information in order to provide Services to its clients.

Nimbus collects information from users of this Website (https://www.adsbynimbus.com) as part of providing its Services, as well to improve Website functionality.

c. Who Nimbus Shares Information With

Nimbus shares this information with its clients and service providers who assist Nimbus in delivering and improving Nimbus’s services.

In addition, Nimbus reserves the right to share your Personal Information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary and in our legitimate interests to:

  • Comply with a legal obligation, process or request;
  • Enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • Detect, prevent or otherwise address security, fraud or technical issues; or
  • Protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (i.e., exchanging information with other companies and organizations for the purposes of fraud protection).

Nimbus does not sell consumers’ personal information and has not sold such personal information in the preceding 12 months.

3. Nimbus’s Storage and Protection of Personal Information

Nimbus maintains appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of information and data stored or transmitted by Nimbus. We use encrypted storage for user data we collect when that data is at rest. Access to the data is restricted to employees and service providers who require it for their job function, and access requires two-factor authentication. The information that we collect is stored and processed in the United States. For more information about our current security measures, please visit our webpage that provides more detail, here. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of information stored or transmitted by Nimbus.

4. Minors Under Sixteen Years of Age

Nimbus maintains appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of information and data stored or transmitted by Nimbus. We use encrypted storage for user data we collect when that data is at rest. Access to the data is restricted to employees and service providers who require it for their job function, and access requires two-factor authentication. The information that we collect is stored and processed in the United States. For more information about our current security measures, please visit our webpage that provides more detail, here. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of information stored or transmitted by Nimbus.

5. Do Not Track Notifications

Nimbus honors “Do Not Track” requests.

Nimbus does track users of our Website.

6. Rights of California Residents

If you are a California resident, you have certain rights regarding our collection and use of your personal information under the California Consumer Privacy Act (“CCPA” or the “Act”). For purposes of this “Rights of California Residents” section, the term “personal information” means personal information under Cal. Civ. Code 1798.140(o). To the extent that any other provision of this Privacy Policy conflicts a provision of this Section, the provision in this section controls as to California residents.

A. Information Obtained from Clients

Nimbus is a Service Provider as that term is used and understood under the CCPA. To the extent necessary and appropriate, Nimbus will maintain CCPA-appropriate contractual provisions with its clients. All CCPA-related requests concerning Personal Information obtained by our clients regarding the CCPA should be directed to Nimbus’s clients. Please note that while Nimbus will work with our clients as appropriate to safeguard and effectuate your rights, Personal Information that Nimbus collects is de-identified and not accessible or otherwise able to be re-identified by Nimbus, except in exceptional circumstances

B. Information Obtained from our Website

For information obtained through the Website, if you are a California resident, you may:

  • Request that we delete your personal information (a “Right to Delete Request”).
  • Request information about our collection, use, and disclosure of your personal information (a “Right to Know Request”), including:
    • (i) the categories and specific pieces of personal information we have collected about you;
    • (ii) the categories of sources from which we have collected your personal information;
    • (iii) the business or commercial purpose for collecting or selling your personal information;
    • (iv) the categories of personal information we have sold about you; and
    • (v) the categories of third parties with whom we have shared, disclosed for a business purpose, or sold your personal information, and which categories of personal information we have sold to which categories of third parties.

The CCPA also contains a right for consumers to “opt out” of the sale of their personal information. Nimbus does not sell personal information.

We will not discriminate against California residents for exercising their rights under the CCPA.

a. “Right to Know” Requests

California residents may submit a Right to Know Request by completing the Right to Know Request Form by Emailing Nimbus at privacy@timehop.com.

If you are a California resident, you may submit two types of Right to Know Requests: (1) A Request for the specific pieces of information that Nimbus has collected about you in the past twelve months; or (2) a Request for the categories of personal information that Nimbus has collected about you in the past twelve months. When you submit a Right to Know Request, we will ask you to provide certain pieces of information in order to verify your identity. If you submit a Request for the specific pieces of information that Nimbus has collected about you, we will also require you to submit a signed declaration under the penalty of perjury stating that you are the consumer whose personal information is the subject of the request.

If Nimbus is able to verify your identity, we will respond to your Right to Know Request by: (a) providing the requested information; or (b) explaining why the Act does not require us to provide the requested information. If Nimbus is unable to verify your identity, Nimbus will respond by explaining why it cannot verify your identity.

We will confirm receipt of your Right to Know Request within 10 days and will respond to your Request within 45 days. If a response requires additional time, we will notify you of the basis for the delay and may extend our response period up to an additional 45 days. If the Act requires us to provide the information requested, we will provide the information free of charge and in a readily useable portable format. We have no obligation to provide personal information to you more than twice in a 12-month period. If a Request or series of Requests are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s), or may refuse to process the Request(s).

If Nimbus receives a Right to Know Request regarding information that it processes on behalf of its clients, Nimbus will also recommend that the California resident submit a Right to Know Request directly with the client, and will provide contact information for the client where feasible.

b. “Right to Delete” Requests

California residents may submit a Right to Delete Request by completing the Right to Delete Request Form by Emailing privacy@timehop.com.

When you submit a Right to Delete Request, we will ask you to provide certain pieces of information in order to verify your identity. If Nimbus is able to verify your identity, we will respond to your Request by (a) deleting your personal information and, if applicable, directing any of our service providers to delete your personal information; or (b) explaining why the Act does not require us to delete your personal information. Nimbus may choose to delete personal information by de-identifying, aggregating, or completely erasing the information. We will specify the manner in which we delete your personal information.

If a California resident submits a request to delete personal information to one of our clients and the client instructs Nimbus to delete the California resident’s personal information, we will delete the information as required by the CCPA. If Nimbus receives a Right to Delete Request regarding information that it processes on behalf of its Advertising Clients, Nimbus will also recommend that the California resident submit a Right to Know Request directly with the client, and will provide contact information for the client where feasible.

If a Request or series of Requests are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s), or may refuse to process the Request(s).

c. Authorized Agents

California residents may submit Right to Know and Right to Delete Requests through an authorized agent. Unless the agent provides Nimbus with a power of attorney executed by the California resident, Nimbus may require the California resident to verify their identity with Nimbus and/or to provide Nimbus with written confirmation of the agent’s authority to make the request.

7. Changes to This Policy

Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.

8. Accessibility

Any person with a disability that prevents or restricts them from accessing this Privacy Policy through Nimbus’s website may request a copy of the Privacy Policy in an alternative format by contacting Nimbus At privacy@timehop.com

9. Contact Information

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to: privacy@timehop.com.