Privacy Policy

Effective date: March 25, 2026  |  Last updated: March 25, 2026

This Privacy Policy explains how Nashi Engineering ("we", "us", or "our") collects, uses, and protects information in connection with the Nashi Platform.

1. Information We Collect

We collect information you provide directly, including:

• Account registration information (name, email address, organisation)
• Business data entered into the platform (customer records, project details, compliance assessments)
• Usage logs and activity records generated during platform use
• Authentication tokens for connected third-party services (e.g., TikTok, LinkedIn, Twitter/X)

2. How We Use Information

We use collected information to:

• Provide and operate the platform services
• Generate AI-assisted content drafts and business recommendations
• Stage content drafts for human review prior to any external publication
• Maintain audit logs for compliance and governance purposes
• Improve platform functionality and security

3. Social Media API Usage

When you connect social media accounts (TikTok, LinkedIn, Twitter/X), we store OAuth tokens securely to enable draft creation and content staging. We do not access, read, or store your social media followers, messages, or engagement data beyond what is required for content posting operations. Tokens are encrypted at rest using industry-standard encryption.

All content published to social media platforms via this platform requires explicit human approval — no content is automatically published without a human reviewer authorising the action.

4. Data Sharing

We do not sell personal data. We share data only:

• With the social media platform APIs you explicitly authorise (TikTok, LinkedIn, Twitter/X)
• As required by applicable law or legal process
• With your consent

5. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, role-based access controls, and regular security assessments. API credentials and OAuth tokens are stored using SOPS-encrypted secrets.

6. Data Retention

We retain business data for the duration of the service relationship and as required by applicable law. You may request deletion of your account data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data. To exercise these rights, contact privacy@nashi.online.

8. Cookies

The platform uses session cookies required for authentication. We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated to account holders. Continued use of the platform constitutes acceptance of the revised policy.

10. Contact

For privacy-related enquiries: privacy@nashi.online