Privacy Policy

1. Scope of Services and Regulatory Alignment

This Privacy Policy governs the processing, retention, and security of data collected, managed, or accessed by Nimble Software Lab("NimbleSL") in the course of providing custom software engineering, product design, cloud infrastructure deployment, and technical consulting services. We cater to clients located in North America, the European Union, the United Kingdom, and the United Arab Emirates. All operations, including source code deployment and configuration management, are handled under strict security controls from our principal headquarters in Gulshan-2, Dhaka, Bangladesh.

2. Data Processor Designations & HIPAA/GDPR Protocols

Depending on the client engagement model, NimbleSL may act as either a Data Processor or a Data Controller. We implement robust technical and organizational security measures designed to comply with key international regulatory frameworks:

• •GDPR Compliance (EU/UK): We execute standard contractual clauses (SCCs) to govern international transfers of Personal Data. Client-related metadata is isolated on designated regional database clusters, and we establish clear access controls ensuring zero unauthorized access by administrative personnel.
• •HIPAA Compliance (Healthcare): For healthcare and med-tech software configurations, we act as a Business Associate. We enforce strict data minimization, deploy database tables with column-level Advanced Encryption Standard (AES-256), mandate secure JWT session keys, and maintain comprehensive audit logs to prevent and trace unauthorized access to Protected Health Information (PHI).

3. Data Minimization & Processing Scopes

In accordance with the principle of data minimization, we collect only the information necessary to fulfill contractual obligations, process recruitment portfolios, or generate workload calculations:

• •Project Estimator Portal: Information entered into our AI-powered workload assessment tool (e.g., industry vertical, technical specification, and scope attributes) is logged solely to calculate resource allocations. No persistent marketing trackers are injected into this assessment funnel.
• •Candidate Recruiting Data: Portfolios, contact records, and Curriculum Vitae (CV) files submitted via our careers form are handled on secure pipelines. Resume files are validated locally for PDF formatting and forwarded to HR routing servers for recruitment evaluation purposes only.

4. IP Protection and Environment Segregation

We prioritize the confidentiality and integrity of our clients' intellectual property:

• •Codebase Security: All custom software deliverables, server scripts, architectural diagrams, and databases are developed inside isolated staging sandboxes. Client source code is hosted on private repositories requiring multi-factor authentication (MFA).
• •Intellectual Property Rights: 100% of code ownership, compiled assets, proprietary modules, and database structures transfer directly to the client legal entity upon completion of milestone payments. NimbleSL retains no license, access privilege, or ongoing claims on client IP.

5. Data Disclosure & Access Restrictions

NimbleSL enforces a strict zero-disclosure policy. We do not sell, rent, license, or disclose client data to third-party advertising companies or marketing aggregators. Disclosures only occur under direct, written authorization from the client (e.g., binding third-party hosting partners like AWS, GCP, Azure, or payment gateways like Stripe Connect). In the event of a legally binding government request, we notify the client immediately before disclosure, unless explicitly prohibited by law.