← Home

Privacy Policy

Effective date: 22 April 2026 · Last updated: 22 April 2026

1. Who we are

NIMRAD AI Companion (“NIMRAD”, “we”, “us”) is a learning companion for children, operated by eBrains Digital SRL, a company registered in Romania. We act as the data controller for the personal data processed through this application. You can contact us at .

2. About children and parental responsibility

NIMRAD is designed for children between the ages of 6 and 12. Children of this age cannot, on their own, create an account or give legal consent to the processing of their personal data.

Accounts must be created and managed by a parent or legal guardian. By creating an account and allowing a child to use NIMRAD, the parent or guardian confirms that they are authorised to consent to this Privacy Policy on behalf of the child.

3. What data we collect

We collect only what we need to operate the service:

  • Account data:the parent’s email address used to sign in, and a record of one-time login codes that have been issued.
  • Usage data: which companion was selected, language preference, number of prompts sent, approximate cost of AI usage, timestamps of sessions, and basic events (sign-in, session started, query sent).
  • Conversation content:questions sent to the AI and the AI’s replies. These may be processed by our AI provider in order to generate a response.
  • Technical data: a session cookie used to keep you signed in, and minimal logs needed to keep the service running and secure.

We do not knowingly collect special category personal data (such as health, religion, or biometric data) and we do not sell personal data to anyone.

4. Why we process this data (legal bases)

  • Performance of a contract— to provide the learning service the parent has signed up for, including authentication, sending replies, and keeping account state.
  • Consent— for non-essential cookies, optional analytics, and any future feature that goes beyond what is needed to deliver the service. Consent can be withdrawn at any time.
  • Legitimate interests— to keep the service safe, prevent abuse, debug problems, and improve product quality, balanced against the rights of children and families.
  • Legal obligation— where we are required to keep records or respond to lawful requests.

5. AI processing and content safety

To answer a child’s question, the text or transcribed voice input is sent to an AI provider that runs the language model on our behalf. Replies are generated in real time and returned to the app. We instruct the model with child-safety rules so that sensitive topics are handled in a neutral, age-appropriate way. Content may be processed in countries outside the European Economic Area; in that case we rely on appropriate safeguards such as Standard Contractual Clauses.

6. Cookies

We use a small number of cookies and similar technologies:

  • Strictly necessary cookies— for example, the session cookie that keeps you signed in. These do not require consent.
  • Preference storage— your language choice and your cookie consent decision are stored locally in your browser.
  • Optional cookies— if we add analytics or measurement tools in the future, they will be loaded only after you accept them in the cookie banner. You can change your decision at any time by clearing your browser’s storage for this site.

7. How long we keep data

We keep account and usage data for as long as the account is active. One-time login codes expire shortly after issue. Conversation history is kept so that families can review what was asked; you may ask us to delete it at any time. When an account is deleted, we remove or anonymise associated personal data within a reasonable period, except where we are required to keep records for legal reasons.

8. Who we share data with

We share personal data only with service providers that help us run NIMRAD, including the AI model provider, our hosting provider, the email delivery provider used to send sign-in codes, and (where applicable) error and security monitoring tools. These providers act as data processors and may only use the data on our instructions. We do not sell or rent personal data, and we do not use children’s data for advertising.

9. Your rights under the GDPR

As a data subject (or as the parent of a child user) you have the right to:

  • access the personal data we hold about you or your child;
  • ask us to correct inaccurate or incomplete data;
  • ask us to delete the data (the “right to be forgotten”);
  • restrict or object to certain processing;
  • receive a copy of your data in a portable format;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with a data protection authority — in Romania, this is ANSPDCP (dataprotection.ro).

To exercise any of these rights, contact us at . We will respond within the time limits set by the GDPR.

10. Security

We use technical and organisational measures appropriate to the risk, including encrypted transport (HTTPS), short-lived login codes instead of passwords, signed session tokens, and least-privilege access for our team. No system is perfectly secure, so if you become aware of a problem please tell us straight away.

11. Changes to this policy

We may update this policy as the service evolves. When we make material changes we will update the “Last updated” date above and, where appropriate, ask you to review the changes the next time you sign in.

12. Contact

eBrains Digital SRL — for any privacy question or request, write to .