Zookeeper.Sign in
Legal

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how Nivalmi Consulting ("Nivalmi", "we") collects, uses, discloses, and protects personal information when you use the Nivalmi Zookeeper platform and Zoo Insights assessment (the "Service").

1. Who is the controller?

For workspace accounts, your employer or contracting organization is the controller of participant data and we act as a processor on their behalf. For account holders who sign up directly, Nivalmi is the controller of your account data.

2. Information we collect

  • Account data: name, email, password hash, organization, role, profile preferences.
  • Assessment data: responses you provide, computed archetype results, team-dynamics aggregates, generated reports.
  • Billing data: credit purchases, order history, billing email. Card details are handled directly by Stripe and never touch our servers.
  • Usage data: log records, IP address, device and browser information, session-replay (via Microsoft Clarity and Contentsquare) used to debug and improve the product.
  • Communications: emails we send (invitations, report-ready notifications) and your responses.

3. How we use information

  • To provide, secure, and improve the Service.
  • To deliver assessments, generate reports, and notify the right people when results are ready.
  • To process payments and prevent fraud.
  • To respond to support requests and send service announcements.
  • To comply with legal obligations and enforce our Terms.

We do not sell personal information. We do not use assessment responses to train third-party AI models.

4. Legal bases (GDPR)

Where GDPR applies we rely on: contract (to provide the Service), legitimate interests (security, product improvement), consent (where required, e.g. optional analytics), and legal obligation (tax, accounting). You may withdraw consent at any time without affecting prior processing.

5. Sharing & processors

  • Lovable Cloud / Supabase — managed database, auth, and storage.
  • Stripe — payment processing.
  • 24x7 Assessments — delivery of the underlying assessment instrument.
  • Email delivery provider — sending transactional email.
  • Microsoft Clarity & Contentsquare — anonymized usage analytics and session replay.

Each processor is bound by contractual confidentiality and security obligations. We may also disclose information when required by law or to protect rights, safety, and the integrity of the Service.

6. International transfers

Personal data may be processed in countries outside your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

7. Retention

We keep account data for as long as your account is active. Assessment reports are retained for the life of the workspace plus a reasonable archive period. Billing records are retained as required by law (typically 7 years). You may request deletion at any time, subject to legal retention obligations.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. Workspace participants should typically contact their employer first; we will assist as processor. For account-level requests, email hello@nivalmizookeeper.com.

9. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the CPRA gives you the following rights regarding personal information we collect:

  • Right to know what categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties we share it with.
  • Right to delete personal information we hold about you, subject to legal-retention exceptions (e.g. tax records, fraud prevention).
  • Right to correct inaccurate personal information.
  • Right to limit use of sensitive personal information to what is necessary to provide the Service.
  • Right to opt out of "sale" or "sharing" of personal information. We do not sell personal information and we do not share it for cross-context behavioral advertising.
  • Right to non-discrimination for exercising these rights.

Categories of personal information we collect (per Cal. Civ. Code §1798.140): identifiers (name, email, IP), commercial information (purchase history), internet activity (usage logs, session replay), professional information (employer, role), and inferences drawn from assessment responses (behavioral archetypes). We retain each category for the periods described in Section 7. We do not knowingly collect personal information of California residents under 16 without affirmative consent.

To exercise your CCPA rights, email hello@nivalmizookeeper.com with the subject line "California Privacy Request". We will verify your identity using account-based authentication or, for non-account requests, by matching at least two data points you provide against our records. You may designate an authorized agent to submit a request on your behalf with written permission. We respond within 45 days (extendable once by 45 days when reasonably necessary).

10. "Do Not Track" and Global Privacy Control

We honor the Global Privacy Control (GPC) browser signal as an opt-out of any "sale" or "sharing" of personal information under the CCPA.

9. Security

We use industry-standard safeguards including encryption in transit, role-based access controls, row-level security on the database, audit logging, and least-privilege service credentials. No system is perfectly secure; you are responsible for keeping your password confidential and reporting suspected compromise.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes

We may update this Policy. Material changes will be notified in-product or by email.

12. Contact

Privacy questions or requests: hello@nivalmizookeeper.com.