JustNimbus iOS App – Privacy Policy & Data Processing Agreement

Effective: March 27, 2026

Welcome to JustNimbus! We produce a smart home water recuperation system and accompanying iOS app. Protecting your privacy is very important to us. This Privacy Policy explains in clear terms what data the JustNimbus app collects and why, how we process and protect it, with whom it’s shared, and your rights. It also outlines our Data Processing Agreement (DPA) terms with third-party service providers (processors) such as Anthropic (for the AI assistant), Cloudflare (for secure remote access), Apple (for app distribution and notifications), and a weather data provider. This policy is written to meet the GDPR requirements and Apple’s App Store guidelines for privacy.

Please read the details below to understand our practices. If you have any questions, feel free to contact us at the information provided at the end of this policy.

1. Who We Are (Data Controller)

This Privacy Policy is issued by JustNimbus B.V., the company that develops and offers the JustNimbus water recuperation system and mobile app. For purposes of data protection law (like the GDPR), JustNimbus B.V. is the “data controller” for the personal data processed by the app and related services.

Company: JustNimbus B.V. (part of the Joosten Groep)
Address: Jan van Galenstraat 25, 3115JC Schiedam, Netherlands
Contact Email: privacy@justnimbus.com
Data Protection Officer: [If applicable, DPO contact]

This policy covers the JustNimbus iOS App and any associated cloud services (e.g. the JustNimbus web dashboard or API). It applies to users of the JustNimbus system, typically homeowners or residents using our rainwater harvesting solution. It does not cover any unrelated third-party sites or services that might be linked in documentation. By using the JustNimbus app, you acknowledge you have read and understood this Privacy Policy.

2. What Data We Collect and Why

The JustNimbus app connects to your rainwater harvesting system to provide live monitoring, alerts, and smart assistance. To do this, it needs to collect and process certain data, including sensor readings from your device, some information you provide (like settings or optional account info), and data from optional features like the weather service or AI assistant. We always aim to minimize the personal data we collect – just enough to give you the functionality and a great experience, and no more.

In the table below, we outline the categories of data the app may handle, with examples, the purpose for collecting each category, the legal basis under GDPR, and how long it’s kept. “Personal data” means any information relating to an identified or identifiable individual. Note that much of the sensor data is about your household system (water levels, usage, etc.), which we treat as personal data because it’s linked to you (the system owner).

Data Category	Examples	Purpose of Processing	Legal Basis (GDPR)	Retention Period
Account & Contact Info (Optional)	If you create an account or provide contact details: Name, email address, login credentials (if implemented); support communications (emails or in-app help requests).	– Account Management: To allow login/authentication (if the app provides cloud accounts) and personalize your experience.- Customer Support: If you contact us for help, we use this info to respond and assist you.	Contract – Creating an account or requesting support is a service you ask for, so using your data is necessary to perform that service (Art. 6(1)(b)).Legitimate Interests – Responding to inquiries without a formal account is in both our interests and yours (Art. 6(1)(f)).	Account Data: Stored until you delete your account or stop using the service. If no cloud account exists, we do not store this data on our servers.Support Emails: Retained up to 1 year after resolution, for follow-up, then deleted unless further retention is required by law.
Device & App Usage Data	Device identifiers (e.g. iPhone model, iOS version); IP address (used for network communication); App settings (language, notification preferences); Crash logs or diagnostics (if you opt to send them).	– Operate and Debug the App: Ensure compatibility with your device, deliver content properly, and fix bugs (e.g. knowing the iOS version helps us resolve specific issues).- App Preferences: Remember your settings like units (metric vs imperial), language, or features you enable/disable.- Improve Performance: Analyze aggregated usage (e.g. how often features are used) to make the app better and more intuitive.	Legitimate Interests – It’s in our legitimate interest to keep the app running smoothly and improve it (Art. 6(1)(f)). We collect the minimal usage data needed, and you can disable sending of optional analytics or crash reports at any time. (If Apple prompts for sharing analytics, it’s your choice.)	Device Info & Settings: Stored on your device; minimal info (like app version) may be sent to our servers for delivering content and is not stored long-term.Crash/Analytics: Crash logs via Apple are anonymized; we review them to fix issues and they are typically kept for less than 1 year on our developer console. No personal user identity is in these logs.
Water System Sensor Data (“JustNimbus System Data”)	Live readings from your rainwater system: e.g. Reservoir level (liters, % full), Water usage (liters used over time), Pump status (on/off and pressure, flow rate), Valve positions, Temperature of water, Error codes or alerts (e.g. overflow detected, pump fault).	– Core Functionality: Display real-time status of your system in the app’s dashboard and controls. This lets you monitor tank levels, pump performance, water saved, etc., and view historical charts of usage.- Alerts and Automation: Enable automatic alerts or actions. For example, trigger a push notification if water level is low, or log an “overflow” event if a sensor reports an overflow. These protect your system and home by giving timely warnings.- Troubleshooting and Insights: Provide context to you (and the “Justin” chatbot if you use it) for diagnosing issues or optimizing usage. E.g., showing a spike in pump cycles could indicate a needed filter change, which the app or chatbot can point out. .	Contract – This processing is necessary to provide the service you signed up for: the app can’t function without receiving data from your JustNimbus device (Art. 6(1)(b)).Legitimate Interests – We also have an interest in helping you maintain your system and demonstrating the product’s water-saving benefits (Art. 6(1)(f)). Showing you cumulative “water saved” or sending safety alerts uses your data in ways you’d reasonably expect and that benefit you.	Local Data: The primary design is local-first – your phone connects to the device on your network and data is not sent to our cloud for normal operations. Historical logs are stored in the app (on your iPhone) to show trends. This data stays until you uninstall the app or reset the app data.Cloud Sync (if enabled): Your JustNimbus device may also sync data to our cloud dashboard (this can enable remote access). Such cloud-hosted sensor data is stored on our servers as long as you use the service, so you can access it remotely. If the cloud service is discontinued or you opt out, we delete or anonymize that data within 90 days (unless we inform you otherwise).Derived Stats: Calculations like “total water saved” or daily averages are computed on the fly in the app; we don’t maintain separate personal profiles – they are derived from your live data.
Location Data (Only for certain features)	– System Location: If you provide a general location (e.g. city or postal code) for your device, or if the device itself reports coordinates (some JustNimbus systems have GPS for weather purposes).- Device’s Location: Not used by default. The app does not track your phone’s GPS unless you explicitly enable a feature that needs it (for example, using your phone location to get a local weather forecast).	– Weather Forecasting: Provide localized rainfall forecasts for your area. If you subscribe to our weather feature, we use your system’s location (or your device GPS, if you opt in) to fetch a forecast from our weather service . We use just enough location detail (usually city or postal code) to get relevant weather data.- Localization: Possibly tailor content such as units (metric vs imperial) or language defaults based on country. For instance, if your phone is set to Dutch and located in the Netherlands, the app interface will default to Dutch.	Consent – We will ask permission if we ever access your mobile device’s GPS location (you’ll see an iOS prompt asking you to allow location access) (Art. 6(1)(a)). You can decline or change your mind in Settings.Contract/Legitimate Interest: Using a provided system location (like postal code) is necessary to deliver the weather service you requested (Art. 6(1)(b)), and we have a legitimate interest in ensuring forecasts are accurate for your region (Art. 6(1)(f)). This general location data is not precise and is used purely for these functional purposes.	Device GPS: Not stored on our servers. If used, it’s a one-time lookup for weather, done on the device. We do not continuously track or store your phone’s location.System Location: Stored in the app and in our back-end if needed for weather service. We retain it as long as you use the feature so you don’t need to re-enter it. If you disable the weather service or request deletion, we remove or anonymize the location data from our systems.
Chatbot Conversations (Ask “Justin”) (Optional Feature)	– Your Questions: The text you enter into the “Ask Justin” AI assistant. For example, “Why is my pump turning on and off frequently?”- Context from System: To answer you, the chatbot may include snippets of your system data in its prompt (e.g. last pressure reading, an error code). This is done in memory and sent securely to the AI; it helps get a useful answer tailored to your situation.	– Personalized Q&A: Provide you with intelligent, on-demand support and advice about your JustNimbus system. The AI (powered by Anthropic Claude) uses your question and relevant device data to generate a helpful answer. For example, if you ask “Why is my water pressure low?”, it might check the latest sensor data and respond with specific suggestions (e.g. “Your pressure is reading 1.5 bar, which is below normal – this could indicate the filter needs cleaning”).- Continuous Improvement (opt-in/anonymous): We may analyze usage of the chatbot in aggregate to improve the answers or add common troubleshooting tips. Any training or improvement of the AI model using real data would be done in accordance with your consent and with data anonymized or de-linked from your identity. By default, Anthropic does not use our API data to train their models, so your chats are not feeding into public AI training.	Consent – Using the chatbot is entirely voluntary. When you tap the “Ask Justin” button and input a question, you consent to have that query (and necessary context) sent to our AI service for a response (Art. 6(1)(a)). You can choose not to use this feature at all.Contract – If you do use it, our processing of your question and data is necessary to provide the answer you requested (Art. 6(1)(b)). We also rely on your consent for any handling of sensitive info that you might include in a question (please avoid sharing unnecessary personal details in your query).	In-App History: Your conversation with Justin is displayed on your device, but we do not log it on our servers. The chat history clears when you end the session or close the app (we treat it like a real-time conversation, not permanent storage). We may introduce a local “History” feature in the future – which would store recent Q&A on your phone, not on our servers.Anthropic Claude API: When you ask a question, the prompt (which may include your question and some sensor data) is sent to Anthropic’s servers, and a reply is returned. Anthropic does not use these prompts to train their general AI models by default, per their policy. They temporarily log requests for abuse monitoring and to improve their service, but we have a contractual agreement that they cannot use your data for other purposes or share it. We also require deletion or de-identification of any stored prompts after a limited period. If you want a specific AI conversation deleted sooner, you can contact us.
Paid Service Data (Weather Subscription, etc.)	– Subscription Status: Whether you have an active premium subscription (e.g. the weather forecast feature), and its level (if there are tiers).- Purchase Information: If you buy a subscription through Apple’s in-app purchases, we receive confirmation (a transaction ID and details of the purchase) from Apple. We do not receive your credit card or payment info. If the subscription is through our website, our payment processor (e.g. Stripe) handles your payment data and shares only confirmation and necessary info with us.- Account Identifiers: To associate a subscription with your app or device, we might use an identifier (like your JustNimbus device ID or an account email) to unlock the paid feature for you.	– Enable Premium Features: We use your subscription status to know what features you’re entitled to. For example, if you paid for the weather service, the app will show the forecast module and retrieve data; if not, those parts remain inactive or prompt you to subscribe. We maintain records of your entitlement to ensure continuity of service across your devices (e.g. if you get a new phone, you don’t lose access).- Payment Processing & Support: We (or our partner) process payments to collect fees and handle billing issues. We also keep a record of your purchases for accounting and compliance (like tax regulations) and to assist you in case of disputes or refund requests.	Contract – When you subscribe to a service, we process this data to fulfill our contract with you: providing the paid feature and managing the subscription (Art. 6(1)(b)). This includes verifying payment and enabling the feature continuously as long as you’re paid up.Legal Obligation – We may have to retain certain transaction records to comply with financial laws (Art. 6(1)(c)), e.g. for tax and auditing purposes.Legitimate Interests – We have a legitimate interest (Art. 6(1)(f)) in preventing fraud and misuse of subscriptions (ensuring that access is only for paying users). We also may send you service-related communications about your subscription (expiry notices, changes in terms) based on our relationship. We will not send you marketing emails about other products unless you opt in separately.	Subscription Status: Stored as long as the subscription is active (so we know you’re entitled to the feature). If a subscription lapses or you cancel, we retain the record for a grace period (e.g. a few months) in case you reactivate or there’s a billing dispute, then we delete or anonymize it.Transaction Records: Kept for the legally required duration – typically 7 years under tax law – in our financial systems. These records include purchase date, product, and amount, and possibly an order ID (which may indirectly link to you). After the retention period, we delete or anonymize the records. (Your credit card details are never seen or stored by us in the first place when using in-app purchase; if using a payment partner on our site, they store your card info, not us.)
Notifications & Alerts Data (If enabled)	– Push Token: A unique token Apple generates for your device/app installation, so we can send push notifications via Apple’s Push Notification Service (APNs). It looks like a random string of letters/numbers (not personally identifying by itself).- Notification Preferences: Whether you allowed push notifications and your in-app alert settings (e.g. you might turn off notifications for low-level alerts but keep critical alerts on).- Alert Logs: A log of important alerts or maintenance reminders that were sent to you, stored either on your device or (if you use our cloud services) on our servers. For example, a history of the last 5 alerts like “Filter needs replacement – sent on 2026-05-01”.	– Providing Alerts: We use the push token to deliver notifications about your system. For example, if your tank is nearly empty or a sensor detects a problem, our server uses the token to tell Apple to push that alert to your phone. Without it, we cannot notify you of critical events. (We can also display alerts inside the app when you open it.)- Alert History: Within the app, a “Notifications” tab (Meldingen) shows recent system alerts and maintenance reminders. We maintain this history so you can review past notifications (e.g. “Water filter changed on Oct 10”). It’s like a logbook for your reference, and also helps our support team if you ever have an issue (“Did you receive an alert last week about the pump?”).	Consent – Push notifications are by opt-in only. The first time the app wants to send notifications, iOS will ask your permission (Art. 6(1)(a)). If you allow, you can always change your mind in iPhone Settings > Notifications. We only send system and service-related alerts – no marketing via push, ever.Legitimate Interests – Keeping a log of alerts (especially on your device) is in your interest and ours for troubleshooting (Art. 6(1)(f)). It’s a minimal record of notifications you would have seen anyway. If we email critical alerts as backup, we do so under legitimate interest as it’s important for safety (you can opt out of non-essential emails).	Push Tokens: Stored on our notification server (at our cloud provider) and with Apple. We keep the token as long as you use the app’s notifications. If you disable notifications or uninstall the app, Apple typically invalidates the token, and we remove it from our system. We periodically purge tokens that appear inactive. We don’t use push tokens for any purpose except sending you notifications you opted into.Alert Logs: The in-app log is stored on your device until you clear it or remove the app. If your system is also linked to our cloud dashboard, certain alerts may also be recorded on our server (e.g. to generate an email or to show in a web portal). Server-side, we keep alert records for up to 1 year for diagnostics, then delete them. These logs are typically not personal in nature (they relate to device status), but we treat them as personal data since they pertain to your account.

Notes: The “Legal Basis” column above refers to the justification under the EU GDPR. In many cases, multiple bases could apply; we’ve listed the primary ones. Whenever we rely on consent, you have the right to withdraw that consent at any time (e.g. turn off location or notifications), and we will stop that processing. Contract means the data is used to deliver a service you’ve requested or agreed to (like showing sensor data in the app). Legitimate Interests means we’ve evaluated that using the data in that way is necessary for our business (or others) in a fair way that doesn’t override your own rights – and we implement safeguards to protect your privacy.

We do not collect any of the following: social media profile info, contacts, or other unrelated personal data. The app does not request access to your photos, contacts, or microphone. The only time the camera might be used is if we add a feature for scanning a QR code on the device during setup – and even then, the camera input isn’t recorded or sent to us, it’s just used on the spot to decode the QR code. We will always be clear about new data types if we introduce them.

3. How We Use Your Data (Purposes)

In general, we use the data we collect to provide, maintain, and improve the JustNimbus app and your experience. Here’s a summary of the main purposes:

Delivering App Services: We use sensor data, device info, and settings to present the app’s core functions. For example, the app displays your water tank level in real time by processing the sensor data coming from your JustNimbus system. If you set a threshold in settings (like a minimum water level alert), we use that preference combined with sensor data to decide when to notify you. Essentially, all those data points in Section 2 enable the app to do what it’s supposed to: give you insight and control over your rainwater system. Without processing that data, the app would not work.
Communication & Alerts: We use your information to communicate with you, but only in service of the product. For instance, if you enabled notifications, we send push alerts or in-app messages for important events (pump errors, water level warnings, maintenance reminders). If you contact us via support email, we’ll use your email address to reply and help you out. We might send you an email to confirm a subscription purchase or remind you that your subscription is about to renew – these are transactional communications, not marketing. We do not send marketing emails unless you separately sign up for a newsletter (and even then, you can opt out anytime).
Analytics & Improvements: To improve our app and services, we may use aggregated, de-identified usage data. For example, we might track how often users access the “History” screen or use the Justin chatbot in general (not what you specifically asked, just how many users tend to use it and when). This helps us identify which features are popular or if some feature isn’t working well. If the app crashes or has errors and you agreed to share diagnostics, we use those reports to fix bugs and improve stability. We don’t use this information to profile you – it’s used in a general sense to make the product better for everyone. We also don’t do any automated decision-making that would affect you legally or significantly; all data analysis is either for product improvement or providing you insights about your water usage.
Personalized Assistance (Justin chatbot): If you use the AI assistant, we use the context of your current data and your query to generate a useful answer. This is a dynamic, on-demand processing of your data to give you advice (like a smarter user manual). We or Anthropic might briefly log these interactions (without your identity) to ensure the feature works well and to improve our automated support, but these logs aren’t used to train the model’s general knowledge base without your consent. The primary use is to answer your question helpfully.
Optional Features: For instance, if you subscribe to our weather forecast, we integrate with a third-party weather API to get precipitation forecasts for your area. We use your location only for fetching weather data, and then we show it to you along with suggestions (like “Heavy rain in 6 hours – consider switching to rainwater mode to fill the tank”). Similarly, if we add integration with other smart home platforms (like HomeKit or Alexa) and you choose to enable them, we will use the necessary data to connect with those services (with your permission at each step).
Security & Fraud Prevention: We use data to keep your information safe and to prevent misuse. For example, our systems may detect repeated failed login attempts or unusual activity on the cloud dashboard, and in response, we might temporarily lock access to protect you, and log that event. If we suspect any fraudulent activity (like someone trying to impersonate you or a stolen device token being misused), we’ll use available data to investigate and prevent harm. This may involve analyzing logs or contacting you for verification.
Legal Compliance: If we have a legal obligation, such as a court order, to disclose data, we will only do so after verifying the request’s legitimacy and within the strict confines of the law. Apart from those rare cases, we aim to never disclose your personal data to government or third parties unless you direct us to or we are required by law.

No Advertising Use: We reiterate that we do not use your personal data for advertising or marketing profiling. We don’t show third-party ads in the app, and we don’t sell or share lists of users to advertisers. Your data is collected to serve you – to help you save water, maintain your system, and get the most out of JustNimbus – and for no other hidden motives.

4. How We Share Data (Third Parties)

We strictly control who gets access to your data. We do not sell your information to anyone. In certain scenarios, we need to share data with third parties to run the app’s features or to comply with the law. When we do share data, we ensure it’s done securely and only what’s necessary. The key partners (data “processors”) who might handle your data on our behalf are:

Anthropic PBC (AI Assistant Processor): If you use the “Ask Justin” feature, your question and relevant context data are sent to Anthropic, the company that provides the AI (Claude) that generates the answer. Anthropic only receives the text of your queries and the necessary sensor readings or error codes included for context. They do not get your account identity or other unrelated info. We have a Data Processing Agreement with Anthropic that forbids them from using your data for any purpose except to answer our question and requires them to delete or de-identify the data after a short period. Anthropic is based in the USA, so when your data crosses borders, we ensure it’s protected (see Section 6 on International Transfers). Notably, by default Anthropic will not use API data to train their AI models, so your queries aren’t feeding into any public AI. They hold the data transiently to generate the response and for abuse monitoring, then it is discarded according to strict policies.
Cloudflare, Inc. (Networking & Remote Access): Cloudflare is a cloud network provider we use to enable secure remote connectivity to your device. For example, if you opt to access your JustNimbus system from outside your home network, we may use Cloudflare’s Tunnel service to securely route data from your device to your phone over the Internet. In that case, your device’s data (like sensor readings) is encrypted and sent through Cloudflare’s servers and on to your app. Cloudflare acts like a secure postman – it handles delivering the data, but it cannot read the contents (since it’s end-to-end encrypted) and it’s not allowed to use the data for anything except this transit. Cloudflare may incidentally see IP addresses and device identifiers as part of network logs, but our agreement with them (and their public commitments) prohibit any personal data sale or unrelated use. Cloudflare is a US-based company that has certified adherence to the EU-U.S. Data Privacy Framework, and we have Standard Contractual Clauses in place for extra protection. In summary, they provide infrastructure to make remote access possible, without mining your data.
Apple Inc. (App Store & Notifications): Apple is involved in several ways: (a) App Distribution – When you download the app from the App Store, Apple is the platform but does not share any of your personal info with us (we just see aggregate install numbers). If you enable app analytics/crash sharing with developers via iOS settings, Apple may send us anonymized data, as described in Section 2. (b) In-App Purchases – If you buy a subscription via Apple, they process the payment. We receive from Apple a receipt and confirmation of the purchase, but no credit card or billing info. (c) Push Notifications – We send notifications through Apple’s Push Notification service (APNs). We send the notification content and your device token to APNs, which then delivers the message to your device. Apple’s terms forbid using push notifications for any purpose you didn’t consent to, and Apple does not use the content of push messages for their own purposes. In fact, push content may be encrypted such that Apple cannot read it (Apple requires apps not to send sensitive personal data in pushes without encryption). Your use of Apple’s services (like the App Store) is covered by Apple’s privacy policy as well. Apple is a multinational company; for European users, Apple Distribution International (Ireland) is often the data controller for App Store-related data, and Apple abides by GDPR through its own arrangements (including intra-group agreements and participation in international data transfer frameworks). In our relationship, Apple mostly acts as a service provider: delivering the app and notifications as instructed.
Weather API Provider: If you use our weather forecast feature, we integrate with a third-party weather service (for example, OpenWeatherMap) to get rainfall forecasts. We send them only the necessary data – typically your location (city or coordinates) and our API key. They return a forecast which we display to you. We do not share any identifying information about you with the weather provider (they don’t know who is asking, just that some authorized application requested weather for a location). The weather data may be cached on our servers briefly to reduce calls. Our contract with the provider ensures they use the location query only to provide the weather data and not for other purposes. Many weather APIs log requests for usage metrics (e.g., counting how many times we ask for Amsterdam’s forecast) but they do not get your name or any user ID. Depending on the provider’s location (some are EU-based, some US), we ensure compliance with transfer rules (if US, we’d use SCCs or require similar protections). The bottom line: your location is used to fetch weather info, and the provider can’t use it beyond that.
Service Providers for Support and Operations: Beyond the main ones above, we use common business service providers to run our operations – for example, an email service for support emails (like Microsoft Outlook or Gmail) or cloud storage for saving backups. If you email us, your message will naturally pass through email servers. We choose reputable providers (who often operate under their own strict privacy policies and GDPR terms). They may incidentally process some personal data (your email address, anything in your message) purely as needed to carry out the service (delivering the email, storing it, etc.). We have agreements in place (or rely on their publicly available terms/DPA) to ensure they protect your data. For instance, if we use Microsoft 365 for email, Microsoft is bound by GDPR as a processor. We won’t belabor every such minor processing here, but rest assured we require confidentiality and care from all our vendors.
Legal Disclosures: If ever compelled by law (e.g., a valid subpoena or court order) to disclose data, we may have to share the required information with authorities or other requesting parties. Our policy is to review each request carefully, require proper authority, and to only provide the minimum data necessary. When permitted, we would inform you of such requests. In the ordinary course of business, this is a rare or nonexistent occurrence for us (it’s hard to imagine a scenario requiring disclosure of water usage data, but we include this for completeness).

International Transfers: Whenever we share data with a partner outside the European Economic Area (EEA), we ensure compliance with GDPR transfer rules. This often means using European Commission-approved Standard Contractual Clauses (SCCs) in our contracts, and verifying that the recipient has adequate safeguards. For example, our DPA with Anthropic includes EU SCCs since data may be processed in the U.S., and Cloudflare, as noted, is certified under the EU-U.S. Data Privacy Framework. We cover more on international data flows in Section 6.

In summary, we only share your data with trusted partners who help us run the app, and only as necessary for specific purposes. They act on our instructions and are prohibited from using your data for their own goals. We remain responsible for protecting your data in these contexts.

5. Data Security

We take the security of your data very seriously. We implement a variety of technical and organizational measures to safeguard your personal information and the data coming from your JustNimbus system. Here are key aspects of our security approach:

Secure Device Connection: The connection between your iOS app and your JustNimbus device is protected. When on your home network, data is typically exchanged within your local network or via encrypted channels (the device supports TLS encryption and/or a secure WebSockets connection for MQTT). For remote access, as mentioned, we use Cloudflare Tunnel or similar, which means the data travels over HTTPS (end-to-end encrypted). Essentially, whenever data leaves your home and goes over the Internet, we ensure it’s encrypted in transit (so outsiders can’t read it).
Authentication and Access Control: The app and device use authentication tokens/keys to ensure that only authorized users (you) can access the system. For instance, pairing the app with your device involves either scanning a unique QR code or entering a secure key, so that only you (and those you authorize) can connect. Our cloud API (if you use it) requires secure API keys or OAuth tokens. We strongly encourage using strong, unique passwords for any accounts and enabling device-level security on your iPhone (like a passcode or Face ID) to prevent unauthorized app access.
Data Minimization and Local Processing: As much as possible, data stays on your device or on your JustNimbus unit rather than on our servers. The JustNimbus device itself runs a local dashboard (Node-RED interface) which stores data locally. The mobile app pulls data directly from the device when you’re at home, so we’re not continuously pulling your data into our cloud. Even features like historical graphs are built by the app collecting and storing data points locally over time. This local-first design means there’s less risk of large data exposure – your detailed usage history isn’t sitting on our servers unless you choose to use the cloud sync.
Cloud Security: For the data that we do hold in the cloud (like for remote access, push notifications, or account info), we host it on reputable cloud platforms that implement robust security measures (such as Microsoft Azure or Amazon Web Services in EU data centers). We use access controls to ensure that only authorized JustNimbus personnel can access the systems that store personal data – and then only on a need-to-know basis. Administrative access to databases or servers is logged and protected by multi-factor authentication. We also segment our network and systems so that, for example, the system that handles push notification tokens cannot directly access other sensitive data.
Contractual Safeguards with Processors: As described in Section 4 and detailed in Section 7 (DPA), our contracts with third-party processors require them to also implement strong security. For instance, Anthropic’s DPA includes extensive security requirements (access control, encryption, audit logging, etc.), and Cloudflare is regularly audited for security and compliance. Apple’s systems, like APNs, have their own security (push tokens are random and are not meaningful to anyone except APNs and us, and Apple has system-wide security to prevent unauthorized access to user data on their platform).
Encryption: We use encryption to protect data both in transit and at rest. “In transit” means when data is moving between your device and our servers (or your device). We use HTTPS (TLS) for all client-server communication. “At rest” means when data is stored, e.g., in databases or backups; we encrypt sensitive data at rest as well. For example, if for some reason any of your data is stored on a mobile device backup or our server storage, it’s encrypted. Push notification contents are kept minimal for security, but they are transmitted via Apple’s secure APNs and can be encrypted such that only the app on your device can read them.
Physical Security: The JustNimbus device in your home stores data locally. It is important you keep it physically secure (it’s likely in a garage or basement, connected to the pump system). The device is not easily accessible without network access. Our cloud server infrastructure is hosted in professional data centers with 24/7 security, biometric access controls, surveillance, and redundancy for power and cooling. Physical access to servers that may store data is restricted to authorized engineers of the cloud provider.
Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. For example, we employ firewalls and anomaly detection – if our systems see a flood of requests that looks like an attack, we block it. We keep our software and libraries updated to patch security issues promptly. We may also perform periodic security audits or penetration tests with the help of third-party experts to find and fix weaknesses. The JustNimbus device firmware can receive secure updates (with your consent or during maintenance) to improve security over time.
Employee Access and Training: Internally, our team members are trained on data privacy and security. Only a limited set of personnel in engineering or support roles can access personal data, and only what’s necessary for their job (principle of least privilege). For instance, a support agent can see your account info and basic device status if you give them a support code or request help, but they won’t randomly browse user data. All employees with such access are bound by confidentiality obligations and undergo background checks as allowed by law.
Data Retention and Deletion: As described in Section 2, we don’t keep personal data longer than needed. When you delete the app or request account deletion, we delete associated personal data from our servers (except data we must keep for legal reasons, which we’ll isolate and protect). The JustNimbus device itself stores historical sensor data locally; if you sell or transfer the device, we recommend resetting it to wipe any stored data (and we can assist with instructions). We design our systems to make sure data can be deleted thoroughly upon request.
Incident Response: In the unlikely event of a data breach or security incident affecting your personal data, we have an incident response plan. We will notify affected users and relevant authorities (such as the Dutch Data Protection Authority) as required by law (GDPR Articles 33, 34). Our plan involves immediate containment of the issue, analysis of impact, restoration of secure operations, and post-incident review to prevent future occurrences. We aim to be transparent and proactive should anything unanticipated occur.

In summary, we apply best practices to keep your data safe: encryption, access control, monitoring, and contractual commitments from our partners . While no system can be 100% immune to threats, we continuously improve our security to meet evolving risks and to maintain your trust.

6. International Data Transfers

JustNimbus operates primarily in the Netherlands, and we aim to store and process data within the EU as much as possible. However, some of the services we use are based outside the EU, which means personal data might be transferred across borders (for example, to the United States). The GDPR requires that such transfers have certain protections. We want to reassure you that any time your data leaves Europe, it remains protected to EU standards.

Here are the relevant transfers and how we handle them:

Anthropic (United States): The AI assistant queries can be processed on servers in the U.S. We have signed the European Commission’s Standard Contractual Clauses (SCCs) with Anthropic to cover these transfers, obligating Anthropic to uphold GDPR-level protections. In plain language, this means Anthropic must treat European personal data according to strict rules (as detailed in our DPA with them, parts of which we referenced earlier). Anthropic also commits to security measures and confidentiality for the data it processes. As of the date of this policy, Anthropic is not yet listed under the new EU-U.S. Data Privacy Framework, but we monitor developments. The SCCs, combined with encryption and Anthropic’s enterprise privacy promises (no secondary use of data, etc.), ensure a high level of protection for your data sent to the AI service. If we ever change AI providers or if Anthropic achieves a recognized certification, we’ll update this policy.
Cloudflare (Global, primarily U.S.): Cloudflare is a U.S.-based company with a global network (they have data centers in the EU and worldwide). Cloudflare has certified its compliance with the EU-U.S. Data Privacy Framework (as of 2023), meaning it is officially recognized as providing adequate protection for EU personal data transferred to the U.S. They also employ SCCs in their contracts. Furthermore, the nature of the data passing through Cloudflare in our use is end-to-end encrypted, so even during transit through the U.S., the contents can’t be read. Cloudflare’s publicly stated policy is that they do not access or use the personal data they transmit except as needed to provide the service (for example, they might briefly log IP addresses for debugging network issues, but they don’t profile users). This, combined with strong contractual and technical safeguards, protects the data routed via Cloudflare.
Apple (various regions): Apple is a global company. The App Store and related services for European users are generally operated by Apple’s European subsidiary in Ireland, so downloading the app or making in-app purchases would involve European data processing. However, Apple may send certain data to the U.S. (e.g., for iCloud or push notification routing). Apple has approved Binding Corporate Rules (BCRs) and uses SCCs for internal data transfers, adhering to GDPR for global data movement. Additionally, Apple was an early participant in the original Privacy Shield and is expected to comply with the new Data Privacy Framework. In practice, the data we exchange with Apple (like push tokens and purchase confirmations) is minimal and handled in an automated way. We rely on Apple’s robust privacy and security program to protect that data. If you have concerns, we encourage you to review https://www.apple.com/legal/privacy/ for details on their practices. But rest assured, Apple’s handling of data on our behalf (e.g. delivering a notification) is protected under well-established legal mechanisms and Apple’s own commitments to privacy.
Weather Provider (if outside EU): Our current weather API partner is [Name of Provider]. They store and process data on servers [in the EU / in the US]. If they are outside the EU, we have SCCs or comparable safeguards in place with them as well. Many major weather providers (like OpenWeather) have EU-based infrastructure or comply with EU data protection laws because they serve international customers. We ensure through contract that any personal data (like a location query, which can be personal data if it can be connected to an individual) is protected when transferred. Typically, the only data is a latitude/longitude or city name, which by itself has limited identifiability. Nevertheless, we treat it with care.

In addition to these measures, we may implement additional technical safeguards for cross-border data. For instance, wherever feasible we employ encryption that only we (and you) can decrypt, meaning even if data goes through another country, it’s gibberish to any unauthorized party.

If you’d like more information about our international data transfer protections (for example, to see a copy of the SCCs we use), you can contact us at our email. We’ll provide as much detail as we’re able (sometimes parts of these legal documents might be confidential, but we can describe the protections in general).

By using the JustNimbus app, you understand that your data may be processed in countries outside your own. However, we promise that no matter where your data is processed, it will receive the same level of protection as required by GDPR. We remain responsible for ensuring our service providers comply with these standards.

7. Your Rights & Choices

As a user of the JustNimbus app, especially if you are in the EU or UK, you have certain rights regarding your personal data. We are committed to enabling you to exercise those rights. Here’s an overview of your key data subject rights and how to use them:

Right to Access: You can ask us for a copy of the personal data we hold about you and details on how we use it . For example, you might want to know if we have any email address on file for you, or see what sensor data has been stored on our cloud (if any). We will provide this in a structured format. Most of your data is on your device or viewable through the app (like all your sensor readings and alerts), but if you want a full export or have used cloud features, just contact us.
Right to Rectification: If you believe any personal data we have is incorrect or incomplete, you have the right to have it corrected. In many cases, you can do this yourself: for instance, if you set the wrong location for your device, you can change it in the app settings; if we have your name or email wrong, you can update it in your profile (if an account exists). Otherwise, reach out to us and we’ll fix it promptly.
Right to Erasure (Right to be Forgotten): You can request that we delete your personal data. If you have an account, this typically means deleting the account which will remove personal info like your name, email, and any cloud-stored sensor logs from our servers (except data we are required to keep – see below). If you’re not using an account and only using local data, erasure is usually achieved by uninstalling the app (which removes data stored in the app). For any server-side data, you can contact us. We will erase the data or anonymize it so it’s no longer linked to you. Note: If you have an ongoing subscription and you request erasure of all data, you may lose the remaining service, and some info (like transaction records for purchases) might be retained separately as required by law (e.g., we can’t delete invoice records before the legally required time, but we can detach them from your identity).
Right to Restrict Processing: In certain situations, you can ask us to limit how we’re using your data. For example, if you contest the accuracy of data or object to our use of it, you can request that we hold off on processing (except for storing it) until we resolve your concern. Another example: if we no longer need data but you need us to keep it for a legal claim, you can request a restriction. When data is restricted, we’ll just store it securely and not use it until the restriction is lifted.
Right to Data Portability: You have the right to get your data in a portable, machine-readable format, and to have it transferred to another service where feasible. For example, you might want a CSV file of your water usage history or a JSON export of your device settings and logs. We will help export your data in a commonly used format. Given the nature of our service, most data (like sensor readings) is already in standard formats and could be re-used elsewhere. We can provide you with these files upon request.
Right to Object: You can object to our use of your data in certain cases. You have an absolute right to object to any direct marketing, but as we mentioned, we don’t do that. You can also object to processing based on legitimate interests. For instance, if we were using your data for some research or product improvement purpose that you’re not comfortable with, you can tell us to stop. We will evaluate your objection and unless we have a compelling reason to continue that overrides your rights, we will stop the processing. For example, if you object to us using crash reports, we will stop collecting your crash data (which you can also achieve by simply not opting in to share crash analytics in iOS). If you object to being part of aggregated usage statistics, we can opt you out – though our aggregated stats don’t identify individuals anyway.
Right not to be subject to automated decisions: We do not make any legally significant decisions about you purely by algorithms. There is no “AI credit score” or anything like that happening. The AI assistant may give you suggestions, but you decide whether to act on them. If in the future we ever implement something that feels like an automated decision (say, an automatic valve shut-off if our system “thinks” a leak is happening), such logic would be there to protect equipment and would not have legal or similar significant effects on you. Nevertheless, you have the right to human review of any automated decision, and to express your point of view.
Right to Withdraw Consent: When we rely on your consent (e.g. for using location or sending push notifications or for using the AI assistant), you can withdraw that consent at any time. Withdrawing is easy: toggle off the feature or change your settings. For instance, to withdraw consent for location, you can turn off location access for the app in your phone’s privacy settings. To stop chatbot processing, simply don’t ask further questions and we won’t send any more data to the AI. Note that withdrawing consent doesn’t affect processing that has already happened while consent was in place; it only stops future processing.
Right to Complain: If you believe your data has been handled improperly or your rights not respected, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, that’s the Autoriteit Persoonsgegevens (Dutch Data Protection Authority). You can find details at their website: https://autoriteitpersoonsgegevens.nl. If you’re in another country, you can complain to your local authority. Of course, we would appreciate the chance to address your concerns directly first – we take privacy seriously and will do our best to resolve any issues if you contact us.

Exercising Your Rights:
To make any request regarding your rights, you can contact us at privacy@justnimbus.com. Please clearly state what you’re asking (for example, “I want a copy of my data” or “Please delete my account”). For security, we might need to verify your identity – e.g., if you email from the address associated with your account, that’s usually sufficient, or we might ask you to confirm via a code sent to your device. We will respond to your request as soon as we can, generally within one month. If it’s a complex request or we have a high volume of requests, we might take an extra month or two, but we’ll let you know if that happens.

We generally do not charge any fee for these requests. If a request is manifestly unfounded or excessive (like repetitive requests without reason), the law allows us to charge a reasonable fee or refuse, but we have never had to do that and hope we never will.

Your Controls in the App: We also strive to build user controls directly into the app. For example, you can erase local data by uninstalling the app; you can control notification preferences in the app’s settings; you can choose whether or not to use the AI assistant or weather features. These are ways for you to shape how data is used without needing to formally exercise a GDPR right. We want you to feel in charge.

Finally, if you have any questions about your rights or need guidance, feel free to ask us. We’re here to help and to ensure you have a great, privacy-respecting experience with JustNimbus.

8. Additional Information

Children’s Privacy: The JustNimbus app and system are not directed to children under 16. Our product is typically used by homeowners or adult residents, not minors. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has somehow provided personal data to us (perhaps by using the app on their own), please contact us. We will promptly delete such data. By using the app, you represent that you are an adult or have appropriate supervision.

Changes to This Policy: We may update this Privacy Policy from time to time as our app or practices change, or as laws change. If we make material changes, we will notify you in a suitable way – for example, via an in-app notification or a message on our website, and by updating the “Effective” date at the top. For example, if we later add a new feature that collects new types of data, we’ll update this policy accordingly. We encourage you to review this policy periodically. Continued use of the app after an update will signify your acceptance of the revised policy. If you do not agree to a change, you should stop using the app and can request us to delete your data.

Contact Us: If you have any questions, concerns, or requests regarding this Privacy Policy or your data, you can reach us at:
Email: privacy@justnimbus.com
Postal Mail: JustNimbus B.V. – Privacy Office, [Address], [Postal Code], [City], Netherlands.
We will be happy to answer your questions or address any issues. Your trust is our priority.

Appendix: Data Processing Agreement (DPA) Overview

This section outlines how our third-party processors (mentioned in Section 4) are obligated to handle your data, per our agreements. In legal terms, these are key points from our Data Processing Addenda with them, fulfilling GDPR Art. 28 requirements.

Our Commitments from Processors: All companies that process personal data on our behalf must contractually agree to strict data protection terms. Highlights include:

Process Only on Our Instructions: Each processor (Anthropic, Cloudflare, etc.) is authorized to use your data solely for the purposes we specify – they cannot use it for anything else. For example, Anthropic can only use the chatbot query data to generate the answer and is explicitly prohibited from reusing it to train their general AI or for any other purpose. Cloudflare similarly only relays data and cannot inspect or sell it. This “instructions-only” rule is fundamental.
No Selling or Sharing: The processors are forbidden from selling your data or sharing it with third parties except sub-processors needed to provide their service (and any such sub-processor must agree to the same obligations) . They also cannot “combine” data from our service with their own data or others’ data to build profiles, except as allowed by privacy laws for very limited purposes.
Confidentiality: Personnel at our processors who handle your data are under strict confidentiality obligations. In practice, most of the processing is automated (machines handling the data), but if, say, an engineer at Anthropic or Cloudflare had to access the data for troubleshooting, they are legally bound to secrecy and to only use it to fix the issue.
Security Measures: Processors must implement appropriate technical and organizational security measures to protect your data. This includes measures like encryption, access control, monitoring, physical security, and regular security audits (as applicable). We reviewed our processors’ security certifications and policies. For instance, Cloudflare is certified on various security standards (like ISO 27001) and uses state-of-the-art DDoS protection and encryption. Anthropic details extensive security controls in their DPA (see Schedule 2 excerpt above, which includes encryption in transit and at rest, access controls, logging of access, etc.) . We only work with processors that have strong security track records.
Sub-processors: If our processors need to engage sub-processors (like how we engage them), they must obtain our consent and impose the same level of data protection obligations on those sub-processors. For example, if Anthropic uses cloud storage by another provider to process any data, that provider must also sign on to equivalent GDPR terms. We maintain transparency about major sub-processors in this policy (e.g., Anthropic’s sub-processor could be a cloud platform, Cloudflare’s sub-processors are its data center partners, etc.).
Assistance with User Rights and Compliance: Our processors assist us in fulfilling your data subject rights and in maintaining compliance. For example, if you requested your chatbot conversation be deleted, we can relay that to Anthropic and they must delete any stored logs of it (to the extent they have any). If we needed to conduct a Data Protection Impact Assessment or were audited by regulators, our processors must provide information to us to demonstrate their compliance .
Data Breach Notifications: If a processor (say, Anthropic or Cloudflare) experiences a security breach affecting our users’ data, they are obligated to notify us without undue delay. This allows us to take timely action and inform you and authorities as required. They must also provide details of what happened and cooperate in investigating and remedying the issue.
Data Return/Deletion: When a processor’s service is no longer needed, they must delete or return to us all personal data. For instance, if we ever terminated our contract with Anthropic, they would be required to erase our users’ data from their systems (which in their case would likely just be transient logs of prompts). Similarly, if you delete your account or data, we ensure that any processors holding that data also purge it.
Audits and Accountability: We retain the right to verify our processors’ compliance, either through direct audits or reviewing their external audit reports. Many of our processors (like Cloudflare, Apple, Anthropic) regularly undergo independent security audits and publish summaries or provide them on request. We do our due diligence in selecting and continuing partnerships only with processors who meet high standards.

Below is a brief table of our main processors, summarizing what they do, what data they handle, and relevant safeguards:

Processor & Location	Role & Service	Data Processed	Safeguards
Anthropic PBC (USA)	AI Assistant Provider – Processes your queries to “Ask Justin” using the Claude AI model.	User Queries & Context: The text of your question + relevant sensor data or error messages we include for context. No personal identifiers (name, email, etc.) are sent, only device readings and your question content.	– SCCs in place for EU data export.- DPA ensures Anthropic acts only on our instructions and will not use data for other purposes (no training on it by default, no sharing).- Anthropic maintains high security: encryption, access control, logging, and employee confidentiality .- Prompt deletion policies: ephemeral processing (prompts are not stored long-term, as per policy).
Cloudflare, Inc. (Global network, HQ in USA)	Network Security & Tunneling – Securely tunnels data from your device to your app when you’re remote, and provides DDoS protection and routing.	Network Traffic Data: Encrypted data packets from your JustNimbus device (may include sensor values, commands) – content is end-to-end encrypted so Cloudflare mostly sees metadata (IP addresses, timestamps, amount of data).Service Logs: Basic logging for performance and abuse prevention (non-content info like IPs and routing data).	– EU-U.S. Data Privacy Framework certified (approved for data transfer); SCCs included by reference in our agreement.- No content access: Data is encrypted; Cloudflare cannot read sensor values or commands inside the tunnel.- Committed no-selling, no secondary use of any personal data in transit – acts as a conduit only.- Robust security infrastructure (ISO 27001 certified, etc.) and 24/7 network monitoring.
Apple Inc. (USA/Ireland)	App Store & Notifications – Distributes the iOS app, handles in-app purchases, and delivers push notifications.	App Distribution Data: No personal data shared by Apple with us for downloads (except aggregate stats).Purchase Data: Confirmation of subscription status and anonymous transaction IDs (via Apple’s servers).Push Data: Device push token and notification payload (e.g. “Tank low at 15%”) are sent through Apple’s APNs. Content of notifications is minimal and not stored by Apple after delivery.Diagnostic Data (optional): If user opts in, crash logs and analytics may be shared via Apple (anonymized).	– Apple operates under GDPR-compliant terms through Apple Distribution International for EU users. They have Binding Corporate Rules and incorporate SCCs for transfers. – Push notifications: governed by Apple’s strict rules – they require user consent and forbid misuse; Apple does not use push data for marketing. Messages are delivered securely (APNs) and Apple cannot use them beyond forwarding.- In-app purchases: Financial info stays with Apple; we receive only non-sensitive info. Apple is known for strong privacy safeguards (e.g., not even Apple can decrypt end-to-end encrypted iCloud data in some cases).- We and Apple both are committed to user privacy; Apple’s systems are regularly audited and certified (e.g. ISO 27018 for cloud privacy).
Weather API Provider (EU or USA)	Weather Forecast Service – Provides rain forecast data based on location queries.	Location Data: Typically a city name, postal code, or GPS coordinates of your system (as provided by you or your device).Weather Response: Forecast data (e.g., “10mm rain in next 12h”) which we show in the app.	– If provider is EU-based, data stays in EEA; if US-based, we use SCCs for GDPR compliance.- Only minimal data shared: no user name or contact, just location query and API key. The query is transmitted over HTTPS (secure connection).- Contractual obligation that data is used solely to provide weather info, not for other purposes (common term in API usage policies).- The provider may keep logs of requests (for service quality) but those contain at most location and timestamps, not your identity. We do not tie location queries to your personal identity when communicating with the API.

Note: We may update this list if we add or change significant processors. For example, if in the future we integrate a new cloud analytics service or a different notification provider, we will reflect that here or in an updated policy version. We remain responsible for our processors and will ensure any new partner is held to the same high standards.

By understanding the above, we hope you feel assured that when our partners help us deliver the JustNimbus app’s functionality, your data remains protected. We’ve chosen these partners for their expertise and trustworthiness, and we continuously monitor and enforce their compliance with our privacy requirements.

Thank you for reading our Privacy Policy and Data Processing Agreement overview. We believe in being transparent and honest about how your data is handled. Our mission is to help you save water and manage your system efficiently – and respecting your privacy is integral to that mission. If you have any questions or concerns, please reach out to us. We’re here to help.

JustNimbus App – Privacy Summary for App Store (Short Version)

The JustNimbus iOS app is designed to help you monitor and manage your home rainwater recuperation system. We value your privacy and do not sell or misuse your data. Below is a brief summary of our privacy practices:

Data We Collect: The app collects only what’s necessary to function: live sensor readings from your JustNimbus system (water level, pump status, etc.), your preferences and settings, and optional features data (e.g. location for weather forecasts, questions you ask our in-app assistant). No unnecessary personal info like your contacts or photos is collected. If you create an account or subscription, we store your email and subscription status.
How We Use Data: Collected data is used to display your water tank level, send alerts (like low water or maintenance reminders), provide weather forecasts if subscribed, and power the “Ask Justin” chatbot to answer your questions. We do not use your data for advertising or marketing. Data helps run the app’s features and improve service reliability (for example, anonymously diagnosing app crashes to fix bugs).
Data Sharing: Your data is generally kept local to your device. For cloud features, we share minimal data with trusted partners: e.g., we use Anthropic to answer your support questions via AI (they receive your question and relevant sensor data only, and cannot use it for other purposes), Cloudflare to secure remote connections (they tunnel encrypted data; they cannot read it), and Apple for app distribution, in-app payments, and push notifications (Apple does not share your personal info with us beyond what’s needed for these services). Any third-party processing is under strict agreements to protect your data and used solely for the app’s functionality.
Security: We employ strong security measures. All communications are encrypted. Your sensor data is stored primarily on your device; any data in our cloud (for remote access or backups) is secured and encrypted. Access is restricted to authorized personnel. We also allow you to enable additional security (like Face ID lock on the app, if available).
Your Control: You are in control of your data. You can choose whether to enable features like location-based weather or the AI assistant. You can opt out of push notifications. You have the right to access or delete your cloud data – just contact us. Uninstalling the app will delete data stored on your iPhone.
GDPR Compliance: If you’re in a region like the EU, know that we respect all user rights under GDPR. You can access, correct, or request deletion of your data. We have a Data Protection Officer contact and have proper legal bases (like your consent or fulfilling a service contract) for all data we process. We also use European safeguards (Standard Contractual Clauses, etc.) when transferring data to our U.S.-based service partners, ensuring your data gets an equivalent level of protection.

This is a summary. For full details, please see our complete Privacy Policy (available in-app or on our website). By using JustNimbus, you agree to this policy. If you have any questions or need help, reach out to us at privacy@justnimbus.com. Happy water saving!