Nomenclature TrackerNomenclature Tracker

Privacy Policy | Nomenclature Tracker

Privacy Policy explaining how Nomenclature Tracker collects, uses, and protects your personal information and data.

Privacy Policy

Last Updated: October 28, 2025

GetIT Team ("we," "us," "our," or "Team") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Nomenclature Tracker platform, website, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you may not use the Service.

1. Information We Collect

We collect several types of information from and about users of our Service:

1.1 Personal Information You Provide

When you register for an account or use the Service, you may provide us with the following personal information:

  • Account Information: Name, email address, password, organization name, job title, and department affiliation
  • Profile Information: User preferences, role within your organization, and profile settings
  • Billing Information: Payment card details, billing address, and transaction history (processed securely through our payment processor, Stripe)
  • Communication Data: Information you provide when you contact our support team, participate in surveys, or communicate with us

1.2 User Content and Uploaded Documents

As part of the Service, you may upload documents and create content:

  • Uploaded Files: Documents in DOCX, PDF, and XLSX formats that you upload for term extraction
  • Glossary Data: Terms, definitions, contexts, and related terminology you create or approve
  • Quiz Data: Quiz questions, answers, and results
  • Comments and Notes: Any annotations, comments, or notes you add within the Service

Important: We process your uploaded documents using AI services (OpenAI) to extract terminology. OpenAI operates under a zero data retention policy for our enterprise account, meaning your documents are not stored or used to train their AI models. Once processing is complete, your document content is not retained by OpenAI.

1.3 How Your Documents Are Stored

We take the security and privacy of your uploaded documents seriously. Here's how we store and protect your files:

Secure Cloud Storage

  • Where: Your documents are stored in Vercel Blob Storage, a secure cloud storage service designed for modern applications
  • Organization: Files are organized by your organization name to ensure proper data isolation and access control
  • Encryption: All files are automatically encrypted at rest using AES-256 encryption, the same standard used by banks and government agencies
  • Access: Files are stored with private access settings, meaning they are not publicly accessible on the internet

Who Can Access Your Files

  • You: As the person who uploaded a file, you always have access to your own documents
  • Your Department: Members of the same department can access files uploaded to that department
  • Organization Administrators: Administrators in your organization can access files for management purposes
  • No One Else: Files are not accessible to users outside your organization, and we do not share your documents with third parties except as described in Section 3

File Processing

  • When you upload a document, it is securely transmitted to our servers using encrypted connections (TLS 1.3)
  • The file is stored in your organization's private storage area
  • Our AI processing system accesses the file temporarily to extract terminology, then the file remains securely stored
  • The extracted terms are saved to your glossary, but the original document remains in secure storage

Your Control

  • Delete Anytime: You can delete any file you've uploaded at any time through the upload interface
  • Immediate Deletion: When you delete a file, it is permanently removed from both our storage and database within minutes
  • No Recovery: Once deleted, files cannot be recovered, so please ensure you have backups of important documents

File Size and Types

  • Supported Formats: DOCX, PDF, and XLSX files
  • Size Limit: Maximum file size is 4.5MB per file
  • Why the Limit: This ensures fast processing and secure handling of your documents

Data Retention

  • Files remain stored as long as your account is active and you choose to keep them
  • When you delete your account, all associated files are permanently deleted within 30 days
  • We do not retain deleted files in backups longer than necessary for operational purposes

1.4 Automatically Collected Information

When you access and use the Service, we automatically collect certain information:

  • Usage Data: Information about how you interact with the Service, including features accessed, pages viewed, time spent, and actions taken
  • Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers
  • Log Data: Server logs, error reports, and diagnostic data
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7 for more details)

1.5 Information from Third Parties

We may receive information about you from third parties, such as:

  • Authentication Providers: If you log in using third-party authentication (e.g., Google, GitHub), we receive basic profile information from those providers
  • Payment Processors: Stripe provides us with payment confirmation and transaction details (but not your full payment card information)

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Service

  • Create and manage your account
  • Process your transactions and manage subscriptions
  • Provide customer support and respond to inquiries
  • Process uploaded documents and extract terminology using AI
  • Generate and manage glossaries, quizzes, and approval workflows
  • Facilitate collaboration within your organization

2.2 To Improve and Optimize the Service

  • Analyze usage patterns and user behavior to improve features and functionality
  • Conduct research and development for new features
  • Monitor and analyze trends, usage, and activities
  • Perform data analytics and testing
  • Troubleshoot technical issues and fix bugs

2.3 To Communicate with You

  • Send you service-related announcements, updates, and notifications
  • Send you marketing communications about new features, promotions, and news (you may opt out at any time)
  • Respond to your comments, questions, and support requests
  • Send you administrative messages, such as account verification, password resets, and billing notices

2.4 To Ensure Security and Prevent Fraud

  • Detect, prevent, and address fraud, security breaches, and other malicious activity
  • Monitor and verify identity and account access
  • Enforce our Terms and Conditions and other policies
  • Comply with legal obligations and protect legal rights

2.5 For Compliance and Legal Purposes

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from public authorities
  • Protect the rights, property, and safety of our users and the public

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

3.1 Within Your Organization

If you are part of an organization using the Service, certain information (such as your name, role, and activity within shared glossaries) may be visible to other members of your organization, including administrators.

3.2 With Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

  • OpenAI: For AI-powered term extraction and quiz generation (with zero data retention policy)
  • Stripe: For secure payment processing (Stripe is PCI DSS Level 1 compliant)
  • Cloud Hosting Providers: For data storage and infrastructure (e.g., AWS, Vercel)
  • Email Service Providers: For sending transactional and marketing emails
  • Analytics Providers: For usage analytics and performance monitoring

These service providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain the confidentiality and security of your information.

3.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

  • Legal processes (e.g., subpoenas, court orders, government requests)
  • Enforcement of our Terms and Conditions
  • Protection of the rights, property, or safety of our users or the public
  • Investigation of fraud, security issues, or technical problems

3.4 Business Transfers

If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or use of your personal information.

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. Data Security

We implement reasonable administrative, physical, and technical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your uploaded documents are automatically encrypted when stored (see Section 1.3 for details on document storage)
  • Access Controls: Role-based access control (RBAC) ensures users only access information relevant to their roles. Document access is restricted to authorized users within your organization
  • Secure Infrastructure: Hosting on secure cloud infrastructure with regular security audits. Documents are stored in Vercel Blob Storage with private access settings
  • Authentication: Secure authentication using Auth.js (NextAuth.js) with industry-standard protocols
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Backups: Automated backups to prevent data loss

Important: While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Retention

We retain your information for as long as necessary to provide the Service, fulfill the purposes outlined in this Privacy Policy, and comply with legal obligations.

  • Account Information: Retained while your account is active and for a reasonable period after account closure for legal and operational purposes
  • User Content: Retained while your account is active unless you delete it. Upon account deletion, we will delete or anonymize your User Content within a reasonable timeframe, except where retention is required by law
  • Uploaded Documents: Files remain stored as long as your account is active and you choose to keep them. You can delete individual files at any time through the upload interface. When you delete your account, all associated files are permanently deleted within 30 days (see Section 1.3 for more details)
  • Usage Data: Typically retained for up to 24 months for analytics and service improvement
  • Backup Data: May be retained in backup systems for up to 90 days

You may request deletion of your account and associated data at any time by contacting us (see Section 14).

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to access and obtain a copy of your personal information. You can export your glossary data and other User Content directly through the Service or by contacting us.

6.2 Correction and Update

You have the right to correct or update inaccurate or incomplete personal information. You can update most information through your account settings.

6.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention). You can delete your account through the Service or by contacting us.

6.4 Opt-Out of Marketing

You have the right to opt out of receiving marketing communications from us. You can unsubscribe by clicking the "unsubscribe" link in our emails or by contacting us. Note that you will still receive service-related communications.

6.5 Objection and Restriction

You may have the right to object to or restrict certain processing of your personal information. Contact us to exercise these rights.

6.6 Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another service provider.

6.7 Withdraw Consent

If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

How to Exercise Your Rights: To exercise any of these rights, please contact us at support@nomenclature-tracker.com. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information and improve the Service.

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you, remember your preferences, and analyze usage patterns.

7.2 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (e.g., authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics)
  • Marketing Cookies: Track your activity for advertising purposes (if applicable)

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect your ability to use certain features of the Service.

8. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

9. International Data Transfers

The Service is operated from the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it, in accordance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information as soon as possible. If you believe we have collected information from a child under 18, please contact us immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Opt-Out: You have the right to opt out of the "sale" of your personal information (Note: We do not sell your personal information)
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights

To exercise these rights, please contact us at support@nomenclature-tracker.com.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract: To perform our contract with you (i.e., to provide the Service)
  • Legitimate Interests: For our legitimate business interests (e.g., improving the Service, security)
  • Consent: Where you have provided consent (e.g., marketing communications)
  • Legal Obligation: To comply with legal requirements

12.2 Your GDPR Rights

You have the rights described in Section 6, including the right to lodge a complaint with a supervisory authority in your country.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending an email notification to the address associated with your account
  • Displaying a prominent notice within the Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Service.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

GetIT Team
Nomenclature Tracker Project
Chicago, Illinois
Email: support@nomenclature-tracker.com
Website: https://nomenclature-tracker.com

Note: We are committed to transparency and protecting your privacy. This Privacy Policy is designed to comply with applicable privacy laws, including GDPR and CCPA. As our project evolves, we may update this policy to reflect new practices or legal requirements. We encourage you to review this policy periodically.