Skip to main content

Privacy Policy

Last updated: May 21, 2026

1. Introduction

Nerra Labs, Inc. ("Nerra AI," "we," "us," or "our"), a Delaware C-corporation, operates the website located at nerra.ai and the Nerra AI platform (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide to Us

  • Contact information (name, email address, company name, country) submitted through our contact form
  • Account registration information
  • Communications you send to us (e.g., support requests, feedback)

2.2 Information Collected Automatically

  • IP address
  • Browser type and version
  • Operating system
  • Referring URLs
  • Pages visited and time spent on pages
  • Device identifiers

2.3 Customer Data Processed Through the Platform

When customers connect their tools to the Nerra AI platform via OAuth, we process operational data from those tools to provide our Service. Supported services include, but are not limited to:

  • Google Workspace (Gmail, Google Calendar, Google Drive, Google Contacts)
  • Atlassian (Jira, Confluence)
  • Slack
  • HubSpot
  • CRM systems and other business tools

The data we access may include: emails, calendar events, documents, issue metadata, messages, contacts, and similar workspace content — limited to the OAuth scopes you explicitly approve.

We do not store raw logs. We only persist the analytical results required to deliver the Service.

2.4 Google User Data

When you connect a Google account to the Service through Google OAuth, Nerra AI accesses data from your Google Workspace services to provide operational analysis. Depending on the permissions you grant, this may include Gmail, Google Drive, Google Calendar, Google Chat, Google Docs, Google Sheets, Google Slides, Google Forms, Google Tasks, Google Apps Script, Google Analytics, and your basic Google profile and email address.

We access this data only to detect operational patterns, surface signals, and provide the analysis the Service is designed to deliver — for example, to identify stalled work, communication delays, and operational bottlenecks across a company's connected tools. We do not display raw Google content back to users; we process it to produce derived operational signals, which are stored in an encrypted, per-user index. Access is granted only to the user who connected the account, and one user cannot access another user's connected data.

Nerra AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not use Google user data for serving advertisements, we do not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymized. We do not use Google user data to train, develop, or improve generalized or non-personalized AI and/or machine learning models.

3. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process and respond to your inquiries and requests
  • Detect operational patterns, anomalies, and insights for our customers
  • Improve and develop the Service using aggregated and anonymized usage data that does not contain Google user data or customer content
  • Send administrative communications (e.g., service updates, security alerts)
  • Comply with legal obligations
  • Protect the rights, property, and safety of Nerra Labs, Inc., our users, and the public

4. How We Share Your Information

We do not sell, rent, or trade your personal information.

We may share information in the following limited circumstances:

  • Service providers: third-party vendors who perform services on our behalf (e.g., hosting, analytics, customer support), subject to confidentiality obligations.
  • AI subprocessors: To generate operational analysis, we process data through third-party large language model providers (Anthropic, OpenAI, and Google). These providers operate under zero-retention and no-training terms: they do not retain your data after processing and do not use it to train their models. Data is processed in the moment to produce analysis and is not stored by these providers.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with explicit prior user consent.
  • With your consent: We may share information with your explicit consent.

Nerra Labs employees, agents, contractors, and successors do not read your personal data unless:

  • You have provided affirmative consent to view specific data
  • It is necessary for security purposes (e.g., investigating a bug or abuse)
  • It is required to comply with applicable law
  • The data is aggregated and anonymized for internal operations

We do not:

  • Transfer or disclose your data to advertising platforms, data brokers, or information resellers
  • Use your data for serving ads, including retargeting, personalized, or interest-based advertising
  • Use your data to determine creditworthiness or for lending purposes
  • Use your data for any purpose unrelated to providing the Nerra AI service

5. Data Security

We apply technical and organizational measures designed to protect your data:

  • Encryption in transit: all external connections use HTTPS with TLS 1.2 or higher. OAuth tokens are transmitted only over HTTPS.
  • Encryption at rest: data stored on disk is encrypted at the infrastructure level (equivalent to Azure Disk Encryption), using AES-256.
  • Credential management: OAuth tokens and credentials are stored in HashiCorp Vault (encrypted storage) — never in our database or in code.
  • Per-user isolation: connected data is indexed in an isolated, per-user index. One user cannot access another user's connected data, even within the same organization. Access is only available to the user who connected the account, through the in-product chat, on request.
  • No raw data retention: we do not store raw content (emails, files, messages). We index data into a per-user index and persist only derived analytical signals.

Our infrastructure is hosted on Microsoft Azure in the European Union. Where data is transferred outside your jurisdiction, we rely on Standard Contractual Clauses and, where applicable, the UK Addendum, as described in Section 9.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Customer platform data is retained in accordance with the terms of the applicable customer agreement. You can request deletion of all your data at any time by contacting info@nerra.ai. Upon request, we will delete your stored data, OAuth tokens, and indexed content within 30 days.

7. Your Rights and Choices

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Portability: Request a portable copy of your information in a structured, commonly used format.
  • Revoke access: Disconnect any integration at any time from the connected service's settings or from within Nerra AI.
  • Withdraw consent: Stop data processing at any time by disconnecting the integration.
  • Opt-out: Opt out of marketing communications at any time.

To exercise any of these rights, please contact us at info@nerra.ai. We will respond to your request within 30 days.

8. Google API Services User Data Policy

Nerra AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect Google Workspace services (such as Gmail, Google Calendar, Google Drive, or Google Contacts), we access only the data permitted by the OAuth scopes you explicitly approve. This data is used solely to provide user-facing features of the Nerra AI platform that are prominent in the application's user interface.

Specifically, with respect to Google user data, Nerra AI does not:

  • Transfer or sell Google user data to third parties, advertising platforms, data brokers, or information resellers
  • Use Google user data for serving ads, including retargeting, personalized, or interest-based advertising
  • Use Google user data to determine creditworthiness or for lending purposes
  • Use Google user data to train, develop, or improve generalized or non-personalized AI and/or machine learning models
  • Allow humans to read Google user data unless the user has provided affirmative consent, it is necessary for security purposes (e.g., investigating abuse), it is required by applicable law, or the data is aggregated and anonymized for internal operations

All employees, agents, contractors, and successors of Nerra Labs, Inc. are required to comply with the Google API Services User Data Policy.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of standard contractual clauses or other approved transfer mechanisms.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

Nerra Labs, Inc.
Email: info@nerra.ai
Website: nerra.ai

455 Market Street 1940 PMB 920211
San Francisco, CA 94105, US