Privacy Policy
We are Nicolai Schmid and offer nicool.ai, a personal agent that runs across web chat, WhatsApp, Slack, and connected tools such as Google Drive.
To provide that service, we process personal data ranging from account details and session data to conversation content, attachments, and connector metadata. This page explains what we process, why we process it, which providers are involved, and what rights you have under the GDPR.
If you have questions about this policy, contact [email protected].
1. Data protection at a glance
Who is responsible for data collection?
Data processing on this website and within the nicool.ai application is carried out by:
Nicolai Schmid
Viertelkamp 44
23611 Bad Schwartau
Germany
Email: [email protected]
How do we collect your data?
We collect data when you register, sign in, connect a service, send messages, upload files, or interact with nicool.ai through web, WhatsApp, or Slack. Technical request data is also collected automatically when you use the site.
What do we use your data for?
We use personal data to run the service, maintain account and session state, process messages and files, operate connected tools, respond to support requests, secure the platform, and improve reliability.
What rights do you have?
You can request access, correction, deletion, restriction, portability, objection, or withdrawal of consent at any time. The full list appears in section 12 below.
2. Personal data categories overview
| Category | Examples | Shared with |
|---|---|---|
| Profile and contact details | Name, email address, profile image, and account identifiers. | Convex, Vercel, Resend. |
| Account and authentication data | Password-derived credentials, session cookies, login timestamps, and verification state. | Better Auth via Convex, Vercel. |
| Conversation and memory data | Messages, attachments, conversation titles, runtime context, and contact memory. | Convex and, when needed to answer a request, AI model providers through the configured AI gateway. |
| Connected service data | Slack identifiers, WhatsApp sender IDs and message payloads, Google Drive OAuth data, mounted file metadata. | Slack, Pons, Meta, Google, Convex. |
| Technical and usage data | Browser type, operating system, request timestamps, referrer URL, and basic error logs. | Vercel and Convex. |
3. Hosting and infrastructure
Vercel
We use Vercel to host the public website and application frontend. This includes request metadata and technical data needed to deliver the site securely.
Provider: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA.
Convex
We use Convex for database, realtime state, authentication backend, and file storage. Account data, conversations, connector state, and attachments may be stored there.
Provider: Convex, Inc., San Francisco, CA, USA.
Resend
We use Resend to send verification emails during account creation and related email authentication flows.
4. Authentication and account creation
nicool.ai uses Better Auth with Convex as the backing store for email-and-password and Google sign-in.
When you create an account or sign in, we process your name, email address, profile image when provided, password-derived credentials when applicable, verification state, session data, and login timestamps.
We also use technically necessary cookies or equivalent session state so authenticated areas such as the dashboard can function.
5. Our service — personal agent runtime
We process messages, conversation metadata, attachments, and contact memory to provide continuity across chats and channels. This may include user-supplied files and context derived from prior conversations.
To generate responses, relevant message content, context, and selected attachments may be sent to the configured AI gateway and underlying model providers. We do this only to operate the service you requested.
If you connect Slack or Google Drive, we process the identifiers, OAuth data, and content needed to complete the action you asked for. Without an explicit connection, nicool.ai should not act in that system.
We keep data for as long as it is needed to operate your account and the service, unless legal obligations require longer retention. You can request deletion of your account and associated data by contacting us.
6. External processors and integrations
Depending on which channel or connector you use, personal data may be transmitted to third-party providers that are necessary to deliver the service.
These include Pons for inbound WhatsApp bridge operations, Meta for WhatsApp message delivery, Slack for workspace-linked conversations, and Google for Drive-based file access.
Those providers process data under their own privacy terms in addition to ours.
7. Cookies
We use only technically necessary cookies or equivalent session mechanisms required for authentication and secure operation of the application.
We do not currently describe any advertising or marketing cookie use on nicool.ai in this policy.
8. Server log files
Our infrastructure providers may automatically process technical log data such as request time, browser type, operating system, referrer URL, and similar operational metadata needed to keep the service stable and secure.
9. International data transfers
Where providers are based outside the EU/EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses, encryption in transit, data minimization, and provider contractual commitments where available.
10. Security
- Encryption of data transmission via TLS.
- HMAC verification for inbound Pons webhooks.
- Scoped account linking and role-based access control in runtime flows.
- Fail-closed access checks when role resolution or grants are missing.
- Concise operational logging for failures and denied access events.
- Secrets and tokens stored server-side and not exposed in client responses.
11. No automated decision-making
We do not use automated decision-making within the meaning of Art. 22 GDPR that has legal effect on you or similarly significant effect.
12. Your rights
- Right to information (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to revoke consent at any time with future effect (Art. 7(3) GDPR)
To exercise your rights, contact [email protected]. You also have the right to lodge a complaint with a competent data protection supervisory authority.
13. Changes to this privacy policy
We may update this privacy policy to reflect legal requirements, changes to nicool.ai, or new integrations and processors. The latest version is always published at /privacy.
Last updated: 8 March 2026