Privacy Policy

The short version

nimbril is a suite of tools that run inside your web browser, on your own device. The files you edit — your PDFs, images, screenshots, and videos — are processed locally and are not uploaded to us, stored by us, or used to train any model. We never see them. You can verify this yourself: turn on airplane mode and the tools still work. This page explains the small amount of account and billing data we do handle when you choose to sign up or pay, and we have tried to keep it plain rather than legalistic. We are a new product run by a small team, so this policy describes how things actually work today; if it changes, we will update this page.

Your files never leave your device

Every tool — Lift, Squash, Convert, Frame, Portrait, Sign, Redact, Meta, Encrypt, QR, Trim, and Poise — does its work on your device using your browser's own capabilities. Your files are not sent to a server, are not retained anywhere, and are never used for training or analytics. Because the work happens locally, we have no copy of your documents to lose, leak, or be compelled to produce. Redaction in particular is flattened into the pixels and exported as a flat, image-only PDF, so the underlying text is genuinely removed rather than hidden behind a box that could be deleted later.

The one exception, and it is opt-in

There is a single honest exception to the on-device rule. Lift, our background remover, runs a fairly heavy AI model. Most phones cannot run it locally without crashing the browser tab, so on those devices Lift offers an optional cloud path: with your explicit consent, that one image is sent to nimbril's server, the background is removed in memory, and the result is returned to you. The image is never written to disk and is discarded as soon as the response is sent. This path is off by default, you are asked before anything is sent, and it is the only situation where any file content reaches our servers. On a desktop browser, Lift stays fully on-device and nothing is uploaded.

What we do collect

If you create an account, we store your email address and basic authentication records through our login provider, Better Auth (email and password, a one-time magic link, or Google sign-in if you choose it). If you buy a Pro or single-app plan, payment is handled by Stripe — we never see or store your full card number, only Stripe's customer reference and the record of what you purchased, which we use to unlock your features. Your usage history (the count and thumbnails the launcher shows) is kept in your browser's local storage on your device, not on our servers. We do not run third-party advertising or behavioral-tracking trackers; any analytics we keep are limited, aggregate, and never tied to your files.

Cookies and sessions

When you are signed in, we set a session cookie so the site knows it is you on each request; this is strictly necessary for the account and billing features to work and is not used for advertising. Stripe may set its own cookies during checkout to process your payment securely. If you never create an account, you can use the free tools without signing in, and no login cookie is set. You can clear cookies and local storage at any time through your browser, which will sign you out and remove your on-device history.

Third parties we rely on

We use a few trusted service providers to run nimbril, and they only ever touch account or billing data — never your files (with the single, consented Lift-on-phone exception above). Stripe processes payments and stores your billing details under its own privacy policy. Resend delivers our transactional emails, such as verification and magic-link messages, and therefore handles your email address. Better Auth powers sign-in. Google is involved only if you choose Google sign-in. We do not sell your data, and we do not share it beyond what these services need to do their jobs.

Your rights and how to reach us

You can use nimbril without an account, and you can delete your account at any time, which removes your email and authentication records; purchase records may be retained where we are required to keep them for tax and accounting. Depending on where you live, you may have rights to access, correct, export, or delete the limited personal data we hold, and to object to certain processing. To exercise any of these, or to ask a question about this policy, email support@nimbril.com and we will respond. As a small and newer product we may not yet have every formal compliance program in place, and we would rather tell you that plainly than overstate it.