NervatoNervatoPrivacy Policy v1.3

Privacy Policy

Last updated: May 2026 (v1.3 — contact email updated to support@nervato.ai)

Stroik Ops LLC ("Company," "we," "our," "us") operates the Nervato platform ("Nervato" or "Service"). Nervato is a product of Stroik Ops LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Nervato. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use the Service.

1. Information We Collect

We collect information in several ways:

a) Personal Information

When you create an account or subscribe to Nervato, we collect your name, email address, business name, phone number, and billing address.

b) Business Data

We collect information about your business including industry, business type, location, website, and business description. This information helps our AI agents provide more tailored and relevant services.

c) Usage Data

We automatically collect information about how you interact with the Service, including the features you use, content you create, posts you approve or reject, AI agent interactions, and the time and duration of your activities.

d) Social Media Account Data

When you connect your social media accounts (Instagram, Facebook, TikTok, LinkedIn, Google Business Profile), we collect information necessary to manage your accounts on your behalf, including account names, follower/audience data, and performance metrics from your connected platforms.

e) Point of Sale (POS) and Financial Data

If you integrate Nervato with POS systems (SpotOn, Square) or payment processors, we collect transaction summaries, sales data, and product information to enable our AI agents to generate informed business insights and recommendations. We do not store complete financial records or banking credentials.

f) Email Service Data

When you connect email services (Constant Contact), we collect email campaign data and subscriber information to coordinate marketing efforts across channels.

g) Google Workspace Data (when connected)

When you connect a Google account, we access only the data needed to power the specific feature you have authorized. This includes: your email address and profile information for sign-in, the contents of Google Sheets you create or open with Nervato (used by the Marketing and Bookkeeping agents to log activity and read transaction exports), files you explicitly hand to Nervato through the Google Drive Picker, photos you explicitly select through the Google Photos Picker, and reviews + business listing data from Google Business Profile locations you manage. We never request broad library access or read scopes that would let us see Google data you have not explicitly directed Nervato to use.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Nervato Service
  • Create and manage your account and subscription
  • Process billing and payment transactions
  • Generate AI-powered content suggestions and recommendations using our Marketing, Consultant, Reputation, Operations, Website, Bookkeeping, Assistant, and HR agents
  • Analyze usage patterns and provide analytics about your account activity
  • Send you transactional emails, service updates, and notifications
  • Provide customer support and respond to your inquiries
  • Detect, prevent, and address fraud, security, and technical issues
  • Comply with legal obligations

3. Third-Party Integrations

Nervato integrates with multiple third-party services to provide you with comprehensive business management capabilities. Your use of these integrations is subject to their respective terms of service and privacy policies:

a) Social Media Platforms

We integrate with Instagram, Facebook, TikTok, LinkedIn, and Google Business Profile to enable content posting, account management, and analytics. When you authorize these connections, we receive permission to post content, access insights, and manage your accounts according to each platform's API permissions.

b) Point of Sale Systems

Integrations with SpotOn and Square allow us to access sales data and transaction summaries to support our AI-powered business insights and recommendations.

c) Email Services

Constant Contact integration enables coordinated email marketing campaigns with your other marketing channels.

d) AI Providers

We use Anthropic and Replicate to power our AI agents. Your content and business data may be transmitted to these providers' services to generate recommendations, but only as necessary to provide the Service. These providers are bound by strict data processing agreements.

e) Payment Processing

Stripe processes all payments. We do not store complete credit card information; Stripe securely handles payment data according to PCI compliance standards.

f) Google API Services

Nervato uses the following Google API services and OAuth scopes when you connect a Google account. The data accessed under each scope is used solely for the user-facing feature described:

  • User profile and email (userinfo.email, userinfo.profile) — identifies the Google account you connected so we can label the connection and route notifications correctly.
  • Google Sheets (spreadsheets) — reads and writes Sheets that you create or open with Nervato. Used by the Marketing agent for the activity log and by the Bookkeeping agent for transaction-export workflows. We do not read Sheets you have not directed Nervato to use.
  • Google Drive Picker (drive.file) — the drive.file scope is non-sensitive and grants Nervato access only to files you explicitly select through the Google Drive Picker dialog. We cannot list, search, or read any other files in your Drive.
  • Google Photos Picker (photospicker.mediaitems.readonly) — lets you select specific photos from Google Photos through Google's official Picker session flow. Nervato never lists or browses your library; we only see the photos you hand-pick during a picker session, and only for the duration of that session.
  • Google Business Profile (business.manage) — reads reviews, business locations, and posts for the Reputation agent and writes review replies + posts you have authored or approved. Used only for business profiles you manage.

Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. See the dedicated section below for our Limited Use commitments.

4. Data Sharing

We Do Not Sell Your Data

We do not sell, rent, lease, or otherwise disclose your personal information to third parties for their marketing purposes.

Limited Sharing with Service Providers

We share information with third-party service providers who assist us in operating the Service, processing payments, providing customer support, and delivering features. These providers are contractually obligated to use your information only as necessary to provide services to us.

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, government requests) to comply with applicable laws and regulations.

Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Social Media Account Access

When you connect your social media accounts to Nervato:

Permissions We Request

We request permissions to post content, access account insights and analytics, and manage your profile information on your behalf. The specific permissions vary by platform and are displayed when you authorize the connection.

Why We Request These Permissions

These permissions enable Nervato to create and schedule posts, analyze your content performance, and provide recommendations to improve your social media strategy.

How We Use Connected Account Data

We use connected account data solely to provide the Service—to manage your content, generate performance insights, and fuel our AI agents' recommendations. Data from your connected accounts remains your property.

Password Security

Nervato uses OAuth and secure token-based authentication. We do not store your social media passwords. All account access is managed through secure API connections to the respective platforms.

6. AI and Automated Processing

Nervato uses artificial intelligence to generate content suggestions and business recommendations:

How AI Content Is Generated

Our eight specialized AI agents (Marketing, Consultant, Reputation, Operations, Website, Bookkeeping, Assistant, and HR) analyze your business data, industry trends, and historical performance to generate tailored content and recommendations.

Human-in-the-Loop Approval

All AI-generated content requires your manual review and approval before publication. You have complete control over what is posted and can edit or reject any suggestions.

Data Used for AI Processing

To generate recommendations, the AI agents may process your business information, social media metrics, sales data, and previous content history. This data is transmitted to our AI providers (Anthropic and Replicate) only as necessary to generate suggestions. We use data processing agreements to ensure these providers protect your information according to industry standards.

Review Theme Analysis

The Reputation agent periodically (typically weekly) sends recent review content from your connected platforms to our AI provider (Anthropic) for theme extraction. The output — structured customer-insight themes such as recurring praise points, recurring complaints, and trends — is stored in your Nervato account and used to drive recommendations to your other agents (Marketing, Operations, HR, Consultant). Review text is transmitted only to the AI provider for analysis and is not retained by them under our data processing agreement. Themes are stored as long as your account is active.

7. Limited Use of Google User Data

Nervato's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data solely to provide or improve user-facing features that are prominent in the Nervato platform, namely the Marketing, Bookkeeping, Reputation, and Executive Assistant agents.
  • We do not transfer Google user data to third parties for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
  • We do not use Google user data for credit-worthiness or lending purposes.
  • We do not allow humans to read your Google user data, except: (i) with your explicit consent for limited specific purposes (such as a support request you initiate); (ii) for security purposes (such as investigating abuse); (iii) where required by applicable law; or (iv) where the data has been aggregated and anonymized for internal operations and product analytics.
  • We do not sell, rent, or lease Google user data.
  • We retain Google user data only for as long as needed to provide the connected feature, and we delete it when you disconnect your Google account or close your Nervato account.

If you believe Nervato has misused your Google data, contact us at support@nervato.ai and we will investigate within 30 days.

8. Data Security

We implement comprehensive security measures to protect your information:

Encryption

All data transmitted between you and Nervato is encrypted using industry-standard TLS/SSL protocols. Sensitive information such as social media tokens and API credentials is encrypted at rest.

Secure Storage

Your information is stored on secure, password-protected servers with restricted access. We use multiple layers of security controls including firewalls and intrusion detection systems.

Access Controls

Only authorized Stroik Ops LLC employees with a legitimate business need have access to your personal information. All employees are required to maintain the confidentiality of customer information.

Data Breach Notification

In the event of a data breach affecting your information, we will notify you promptly and provide information about the breach, affected data, and steps you can take to protect yourself.

9. Data Retention

How Long We Keep Your Data

We retain your information for as long as your account is active and as needed to provide the Service. This includes usage data, connected account information, and business data used by our AI agents.

After Account Termination

Upon account termination, we retain your information for thirty (30) days to allow for data export or backup. After this period, we securely delete your personal information, except where we are required to retain it by law.

Backup and Recovery

We maintain backups of our systems for business continuity and disaster recovery purposes. Backup data may be retained longer than active data but is eventually deleted according to our backup retention schedule.

10. Your Privacy Rights

Access

You have the right to request and access a copy of all personal information we hold about you. To request your data, contact us at support@nervato.ai.

Correction

You have the right to correct inaccurate or incomplete personal information. You can update your account information directly through your Nervato dashboard.

Deletion

You have the right to request deletion of your personal information, subject to certain legal obligations. Upon your request, we will delete your account and associated data within thirty (30) days.

Data Portability

You have the right to request that we provide your data in a structured, commonly-used, machine-readable format so you can transfer it to another service.

Opt-Out

You may opt out of marketing communications by clicking the "Unsubscribe" link in any email or by contacting us directly. You may also disable certain features through your account settings.

Right to Withdraw Consent

If we process your information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

11. Children's Privacy

Nervato is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18 without verifiable parental consent, we will delete such information and terminate the child's account. If you believe we have collected information from a child, please contact us immediately at support@nervato.ai.

12. California Consumer Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: You can request to know what personal information is collected, used, shared, or sold
  • Right to Delete: You can request deletion of personal information collected from you
  • Right to Opt-Out: You can opt out of the sale or sharing of your personal information (we do not sell data, but you may opt out of data sharing with service providers)
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, contact us at support@nervato.ai with your request. We will verify your identity before processing.

13. International Users

Nervato is operated in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from your country of residence. By using Nervato, you consent to the transfer of your information to the United States.

European Users (GDPR)

If you are located in the European Union or European Economic Area, the processing of your personal information is based on our legitimate interest in providing the Service and with your consent. You have the right to request access to, rectification of, erasure of, or restriction of processing of your personal information. You also have the right to data portability and to lodge a complaint with your local data protection authority.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or in-app notification at least thirty (30) days before taking effect. Your continued use of the Service after changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Information

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us:

Email: support@nervato.ai

We will respond to all privacy requests within thirty (30) days or as required by applicable law.

For more information about how we handle your data when using Nervato, please also review our Terms of Service.