Privacy & Terms of Use

Our commitment to transparency, security & respect.

Our commitment to transparency, security & respect.

Our commitment to transparency, security & respect.

Last updated: February 15th, 2026

Quick Summary


We believe privacy isn’t just a legal checkbox, it’s a trust agreement. This page explains what data we collect, how we use it, and the choices you have. We keep it short, plain, and honest. Want the details? Pick any topic below.

Last updated: February 15th, 2026

Quick Summary


We believe privacy isn’t just a legal checkbox, it’s a trust agreement. This page explains what data we collect, how we use it, and the choices you have. We keep it short, plain, and honest. Want the details? Pick any topic below.

Privacy Policy & Terms of Use Table of Contents

TL;DR Overview

An infinite canvas

Privacy Introduction

Create your first blog

Information We Collect

Go live within seconds

How We Use Information

Go live within seconds

Information Sharing

Go live within seconds

Privacy Policy & Terms of Use Table of Contents

Your Rights & Data Security

Interviews and how-tos

Data Retention & Internal Transfers

Features and bug fixes

Terms of Use

Get started with our API

State-specific Rights & Contact

Get started with our API

TL;DR Overview


Privacy Basics


  • We collect only what’s needed to provide our services.

  • Your data is never sold.

  • You control your information (access, update, delete).

  • We use encryption and industry-standard security measures.


Data We Collect


  • Only the data needed to deliver and improve our services.

  • May include contact details, activity logs, and technical info.

  • No sensitive data unless you choose to share it.


How We Use Your Data


  • To run our services, troubleshoot issues, and improve features.

  • To communicate important updates or opportunities.

  • For anonymized analytics, never for resale.


Sharing & Disclosure


  • Shared only with trusted partners who help deliver the service.

  • May be disclosed if legally required or to prevent harm.

  • Never shared for advertising or unrelated marketing.


Data Retention & Security


  • We keep data only as long as necessary for the project.

  • Stored securely in encrypted, access-controlled environments.

  • Not SOC 2 / ISO certified, but we follow best practices.


Your Rights & Choices


  • Access, correct, or delete your information anytime.

  • Withdraw consent for optional data collection.

  • Contact us with privacy questions or concerns.

TL;DR Overview


Privacy Basics


  • We collect only what’s needed to provide our services.

  • Your data is never sold.

  • You control your information (access, update, delete).

  • We use encryption and industry-standard security measures.


Data We Collect


  • Only the data needed to deliver and improve our services.

  • May include contact details, activity logs, and technical info.

  • No sensitive data unless you choose to share it.


How We Use Your Data


  • To run our services, troubleshoot issues, and improve features.

  • To communicate important updates or opportunities.

  • For anonymized analytics, never for resale.


Sharing & Disclosure


  • Shared only with trusted partners who help deliver the service.

  • May be disclosed if legally required or to prevent harm.

  • Never shared for advertising or unrelated marketing.


Data Retention & Security


  • We keep data only as long as necessary for the project.

  • Stored securely in encrypted, access-controlled environments.

  • Not SOC 2 / ISO certified, but we follow best practices.


Your Rights & Choices


  • Access, correct, or delete your information anytime.

  • Withdraw consent for optional data collection.

  • Contact us with privacy questions or concerns.


1. Privacy Introduction

Our Commitment to your data

We believe your privacy is essential. This policy explains what information we collect, how we use it, and the choices you have. We collect personal details you choose to share with us, as well as technical information about how you interact with our services. We use this data to provide and improve our offerings, communicate with you, and ensure the security of our systems. We do not sell your personal information. By using our website or services, you agree to this policy and our Terms of Use.

This Privacy Policy (“Policy”) describes how Nesolagus, LLC (“we,” “us,” or “our”) collects, uses, and protects information through our website nesolagus.com and all related services, applications, and tools (collectively, the “Services”).

This Policy applies to:


  • All users of our Services.

  • All projects involving adult participants.

  • Projects involving minors only where noted; youth/student-focused projects are governed by a separate, project-specific Minor Participants Privacy Policy provided at the time of collection.


In most cases, Nesolagus acts as a service provider or data processor on behalf of our clients, who serve as the data controller. This means our clients determine what information is collected and how it is used. When acting as a processor, we handle data only in accordance with the client’s instructions.


Educational Institutions (FERPA)

For projects involving educational institutions and student data subject to the Family Educational Rights and Privacy Act (FERPA), we operate as a "school official" and implement additional safeguards. These requirements are documented in project-specific Data Processing Agreements.


1. Privacy Introduction

Our Commitment to your data

We believe your privacy is essential. This policy explains what information we collect, how we use it, and the choices you have. We collect personal details you choose to share with us, as well as technical information about how you interact with our services. We use this data to provide and improve our offerings, communicate with you, and ensure the security of our systems. We do not sell your personal information. By using our website or services, you agree to this policy and our Terms of Use.

This Privacy Policy (“Policy”) describes how Nesolagus, LLC (“we,” “us,” or “our”) collects, uses, and protects information through our website nesolagus.com and all related services, applications, and tools (collectively, the “Services”).

This Policy applies to:


  • All users of our Services.

  • All projects involving adult participants.

  • Projects involving minors only where noted; youth/student-focused projects are governed by a separate, project-specific Minor Participants Privacy Policy provided at the time of collection.


In most cases, Nesolagus acts as a service provider or data processor on behalf of our clients, who serve as the data controller. This means our clients determine what information is collected and how it is used. When acting as a processor, we handle data only in accordance with the client’s instructions.


Educational Institutions (FERPA)

For projects involving educational institutions and student data subject to the Family Educational Rights and Privacy Act (FERPA), we operate as a "school official" and implement additional safeguards. These requirements are documented in project-specific Data Processing Agreements.


2. Information We Collect

2.1 Information You Provide


  • Contact information (name, email, phone, address)

  • Professional information (company, title, industry)

  • Project details and requirements

  • Survey, form, audio, video, or written responses (including any information you voluntarily disclose)

  • User-generated content (testimonials, feedback, media)

  • Payment information: When you make a payment, your card details (number, expiration, CVV) are collected directly by Stripe, Inc., our PCI DSS Level 1 certified payment processor. We never receive, store, or have access to your full card number.

  • Communications with us


2.2 Automatically Collected Information


  • Device and browser information

  • IP address (hashed for privacy, retained 90 days) and approximate location

    Usage data and analytics

  • Cookies and similar technologies

  • Log files and timestamps


2.3 Information from Third Parties


  • Social media profiles (if you connect accounts)

  • References from clients or partners

  • Publicly available information.



2. Information We Collect

2.1 Information You Provide


  • Contact information (name, email, phone, address)

  • Professional information (company, title, industry)

  • Project details and requirements

  • Survey, form, audio, video, or written responses (including any information you voluntarily disclose)

  • User-generated content (testimonials, feedback, media)

  • Payment information: When you make a payment, your card details (number, expiration, CVV) are collected directly by Stripe, Inc., our PCI DSS Level 1 certified payment processor. We never receive, store, or have access to your full card number.

  • Communications with us


2.2 Automatically Collected Information


  • Device and browser information

  • IP address (hashed for privacy, retained 90 days) and approximate location

    Usage data and analytics

  • Cookies and similar technologies

  • Log files and timestamps


2.3 Information from Third Parties


  • Social media profiles (if you connect accounts)

  • References from clients or partners

  • Publicly available information.



3. How We Use Information

3.1 Purposes


  • Provide and improve our Services

  • Communicate about projects and services

  • Process payments and maintain records

  • Customize user experience

  • Analyze usage patterns and trends

  • Comply with legal obligations

  • Protect against fraud and security threats


3.2 Legal Basis


  • Consent (when you explicitly agree)

  • Contract (to fulfill our agreements)

  • Legitimate Interests (to operate effectively)

  • Legal Compliance (when required by law)



3. How We Use Information

3.1 Purposes


  • Provide and improve our Services

  • Communicate about projects and services

  • Process payments and maintain records

  • Customize user experience

  • Analyze usage patterns and trends

  • Comply with legal obligations

  • Protect against fraud and security threats


3.2 Legal Basis


  • Consent (when you explicitly agree)

  • Contract (to fulfill our agreements)

  • Legitimate Interests (to operate effectively)

  • Legal Compliance (when required by law)



4. Information Sharing


4.1 We may share information with:


  • Service providers (hosting, analytics, payment processing, bank connectivity)

    Professional advisors (legal, accounting, insurance)

  • Business partners (with your consent)

  • Law enforcement (when legally required)

  • Successors (in case of merger or acquisition)


4.2. Artificial Intelligence

We may use AI tools to assist in survey generation, analysis, and reporting. We do not use client or participant data to train AI or machine learning models. Any AI processing is performed in accordance with our data minimization and purpose limitation principles.


4.3 We never:


  • Sell your personal information

  • Share data for unrelated marketing

  • Transfer data without appropriate safeguards


4.4. Payment Processing (Stripe)

We use Stripe, Inc. ("Stripe") to process all payments. When you submit payment through our billing portal or invoices:

What Stripe Collects Directly:

• Card number, expiration date, and security code (CVV)

• Billing name and address

• Email address for receipts

• IP address and device fingerprint for fraud prevention

What We Receive from Stripe:

• Last 4 digits of your card (for receipt reference)

• Card brand (Visa, Mastercard, etc.)

• Payment status (success/failure)

• Transaction ID for record-keeping

Stripe's Compliance:

Stripe is certified as a PCI DSS Level 1 Service Provider — the highest level of certification in the payments industry. All card data is encrypted using 256-bit TLS and stored in Stripe's secure, PCI-compliant infrastructure. Your card information never touches our servers.

For information about how Stripe handles your data, see Stripe's Privacy Policy at stripe.com/privacy. To exercise data rights related to payment information, you may contact us or Stripe directly.

Payment Record Retention:

Transaction records are retained for 7 years in compliance with US tax and accounting requirements.


4.5 Financial Data Services (Plaid)


For users of our financial management tools (Warren), we use Plaid, Inc.

to securely connect bank accounts for balance visibility and transaction

import. When you link a bank account:

What Plaid Collects Directly:

• Account credentials (during secure OAuth flow only)

• Account and routing numbers (for verification)

What We Receive from Plaid:

• Account identifiers and institution name

• Account type (checking, savings, etc.)

• Account balances (refreshed periodically)

• Transaction history (up to 24 months)

Important:

• Bank access is READ-ONLY — we cannot move money, initiate payments,

or make transfers

• Plaid access tokens are encrypted at rest and never exposed to your browser

• You can disconnect your bank account at any time from your settings

• Transaction data is retained for 24 months on a rolling basis

Plaid's Compliance:

Plaid is SOC 2 Type II and ISO 27001 certified. For information about

how Plaid handles your data, see Plaid's Privacy Policy at plaid.com/legal.



5. Your Rights & Data Security


Your Rights: 


You may:


Access your personal information

Correct or update your data

Delete your information (subject to legal requirements)

Opt-out of marketing communications

Withdraw consent

Lodge complaints with supervisory authorities

To exercise these rights, contact:
privacy@nesolagus.com

Data Security:


We use encryption and industry-standard measures to protect data, including:

  • Encryption in transit and at rest

  • Access controls and authentication

  • Regular security assessments

  • Incident response procedures

  • Employee training

  • PCI DSS compliance for payment processing (via Stripe)


Breach Notification

In the event of a security incident affecting your personal information, we will notify affected individuals and relevant authorities within 72 hours of confirming the breach, or as otherwise required by applicable law.


However, no system is 100% secure. You share information at your own risk. Nesolagus does not hold SOC 2 or other formal compliance certifications.

Data Portability

You may request a copy of your data in a portable, machine-readable format (such as CSV or JSON).


5. Your Rights & Data Security


Your Rights: 


You may:


Access your personal information

Correct or update your data

Delete your information (subject to legal requirements)

Opt-out of marketing communications

Withdraw consent

Lodge complaints with supervisory authorities

To exercise these rights, contact:
privacy@nesolagus.com

Data Security:


We use encryption and industry-standard measures to protect data, including:

  • Encryption in transit and at rest

  • Access controls and authentication

  • Regular security assessments

  • Incident response procedures

  • Employee training

  • PCI DSS compliance for payment processing (via Stripe)


Breach Notification

In the event of a security incident affecting your personal information, we will notify affected individuals and relevant authorities within 72 hours of confirming the breach, or as otherwise required by applicable law.


However, no system is 100% secure. You share information at your own risk. Nesolagus does not hold SOC 2 or other formal compliance certifications.

Data Portability

You may request a copy of your data in a portable, machine-readable format (such as CSV or JSON).


6. Data Retention & Internal Transfers

Data Retention:


  • Client project data is retained only for the duration of the engagement, unless otherwise agreed in writing.

  • Standard retention for project-specific data is 90 days after project completion, after which data is securely deleted or anonymized.

  • Some business records may be retained for up to 7 years for legal or accounting purposes.

  • Bank transaction data (via Plaid): 24 months rolling, then deleted

  • IP addresses: 90 days (hashed)

International Data Transfers:


We operate in the United States. By using our Services, you consent to data processing in the U.S. We use appropriate safeguards for international transfers when applicable.


7. Terms of Use

Accessibility 


By accessing or using our Services, you agree to these Terms. If you do not agree, do not use our Services.


Eligibility


Services are for individuals aged 18+ unless otherwise specified in a separate policy.


Use of Services


Permitted Use:


  • Browse our site and portfolio

  • Contact us for projects

  • Participate in surveys and forms

  • Engage with our creative services


Prohibited Conduct:

  • Providing false or misleading information

  • Violating laws or regulations

  • Infringing on intellectual property

  • Uploading malicious code or viruses

  • Unauthorized access attempts

  • Scraping or redistributing content without permission

  • Impersonating others

  • Submitting unlawful or infringing content in surveys

  • Interfering with or disrupting Services


Intellectual Property


All Nesolagus content is protected. You own your submitted content, but grant us a non-exclusive license to use it to deliver our Services.


Client Work


Portfolio examples may include client projects, subject to agreements.


Disclaimers


Services are provided “as is” without warranties. We do not guarantee specific business or project outcomes.


Limitation of Liability


We are not liable for indirect, incidental, or consequential damages.


Indemnification


You agree to indemnify Nesolagus from claims arising from your use of our Services.


Governing Law


Connecticut law applies. Disputes will be resolved in Hartford County via negotiation, mediation, or arbitration.


Severability & Entire Agreement


If any term is invalid, the rest remain in effect. This Policy and Terms are the full agreement.


7. Terms of Use

Accessibility 


By accessing or using our Services, you agree to these Terms. If you do not agree, do not use our Services.


Eligibility


Services are for individuals aged 18+ unless otherwise specified in a separate policy.


Use of Services


Permitted Use:


  • Browse our site and portfolio

  • Contact us for projects

  • Participate in surveys and forms

  • Engage with our creative services


Prohibited Conduct:

  • Providing false or misleading information

  • Violating laws or regulations

  • Infringing on intellectual property

  • Uploading malicious code or viruses

  • Unauthorized access attempts

  • Scraping or redistributing content without permission

  • Impersonating others

  • Submitting unlawful or infringing content in surveys

  • Interfering with or disrupting Services


Intellectual Property


All Nesolagus content is protected. You own your submitted content, but grant us a non-exclusive license to use it to deliver our Services.


Client Work


Portfolio examples may include client projects, subject to agreements.


Disclaimers


Services are provided “as is” without warranties. We do not guarantee specific business or project outcomes.


Limitation of Liability


We are not liable for indirect, incidental, or consequential damages.


Indemnification


You agree to indemnify Nesolagus from claims arising from your use of our Services.


Governing Law


Connecticut law applies. Disputes will be resolved in Hartford County via negotiation, mediation, or arbitration.


Severability & Entire Agreement


If any term is invalid, the rest remain in effect. This Policy and Terms are the full agreement.


8. State-specific Rights & Contact

State-Specific Rights


Residents of California, Connecticut, Colorado, Virginia, and other states with privacy laws have additional rights, including the right to access, correct, delete, and obtain a copy of their personal data. We do not sell personal data.


Contact


• Accessibility: This Policy is available in alternative formats upon request.


8. State-specific Rights & Contact

State-Specific Rights


Residents of California, Connecticut, Colorado, Virginia, and other states with privacy laws have additional rights, including the right to access, correct, delete, and obtain a copy of their personal data. We do not sell personal data.


Contact


• Accessibility: This Policy is available in alternative formats upon request.