Legal

Privacy Policy

This policy explains how Nbility handles personal information, request data, and compliance matters while providing the AI gateway, console, billing, logs, and support services.

Scope

This policy applies when you visit, register for, sign in to, or use the Nbility website, console, API gateway, Playground, prompt library, support tickets, top-ups, and related services. If an enterprise contract, data processing agreement, or dedicated policy says otherwise, that separate written agreement controls.

Information collected

We collect information under the principles of lawfulness, fairness, necessity, and data minimization. The main categories are:

  • Account and identity information: email address, username, avatar, login state, language preference, OAuth identifiers, and information needed for authentication.
  • Service usage information: API keys, model names, request times, call status, error details, quota deductions, task status, IP address, and basic device or browser information.
  • Transaction and billing information: top-up orders, payment status, invoice or refund communications, account balance, plans, and usage records.
  • Information you submit voluntarily: tickets, feedback, business inquiries, attachments, screenshots, and content you enter in Playground or the prompt library.

Information use

We use information to create and maintain accounts, authenticate users, provide API routing and model calls, calculate quota and fees, display logs and task results, handle top-ups, refunds, and tickets, troubleshoot issues, detect abnormal or abusive behavior, comply with laws and regulatory requirements, and send service notices when necessary.

AI request data processing

When you call upstream model services through Nbility, prompts, context, files, images, audio, video, parameters, generated results, and related metadata may be processed to complete the request, track async tasks, debug errors, reconcile billing, and support security audits.

  • To complete model calls, we may forward necessary request content to the upstream model provider selected by you or routed by the system.
  • Without your explicit written permission, we will not use personal information, business data, or user input obtained from you to train our own large models or create training datasets.
  • Without your explicit authorization or a legal requirement, we will not copy, retain, provide, or share your personal information or request data in ways unrelated to the service.

Data security

We apply reasonable security measures according to data sensitivity, including access control, permission isolation, transport encryption, key protection, operation records, abnormal access detection, backup and recovery, and confidentiality obligations for employees and partners, to reduce risks of leakage, tampering, loss, and unauthorized access.

Information sharing

We do not sell personal information. We may provide or share only the minimum necessary information with third parties in the following necessary situations, and require them to process it only for the agreed purposes and under security obligations:

  • Upstream model, payment, verification code, sign-in, risk control, hosting, analytics, customer support, and similar service providers needed to deliver the requested service.
  • Situations required by laws, courts, administrative authorities, regulators, or where necessary to protect the lawful rights of users, the platform, or third parties.
  • Situations based on your explicit authorization, an enterprise contract, a data processing agreement, or integrations, migrations, exports, or sharing actions you choose.

Retention and deletion

We retain information only for the period needed to achieve the purposes described in this policy, satisfy billing audits, resolve disputes, support security traceability, or comply with laws and regulatory requirements. After the necessary period, we delete, anonymize, or otherwise process information as allowed by applicable law. After you delete an account, token, or related content, backups, logs, and billing records may remain for a reasonable period for security, audit, or compliance reasons.

Cookies

We may use cookies, LocalStorage, or similar technologies to maintain login state, save basic preferences such as language and theme, protect session security, identify abnormal access behavior, and improve page experience. You can manage cookies through browser settings, but some features may not work correctly if they are disabled.

User rights

Subject to applicable law, you may request access to, correction of, copies of, deletion of, or export of your personal information, withdraw consent, close your account, or ask us to explain personal information processing rules. To protect account security, we may verify your identity before handling a request.

Compliance assistance

If regulators, partners, or enterprise customers reasonably request materials related to personal information protection, data compliance, algorithm filings, cybersecurity, security assessments, illegal content handling, regulatory guidance, or supplemental materials, we will cooperate within our responsibilities by providing necessary explanations, records, evidence, or remediation measures. If we find illegal, infringing, abusive, or harmful information risks, we may lawfully restrict calls, remove content, freeze accounts, retain records, report, or notify relevant parties.

Contact

For questions about this privacy policy, data handling, user rights requests, or data security incidents, contact Nbility through in-site tickets, the console support entry, or the business and support channels later announced on the site.