NymStorm (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our asynchronous, anonymous brainstorming platform. Please read this policy carefully. If you do not agree with the terms, do not access or use NymStorm.

1. Information We Collect

We collect only the minimum data necessary to run anonymous brainstorming sprints:

• Email address – used solely for magic link authentication and to associate you with a random animal alias. We never display your email to other participants.
• Sprint content – ideas, thread replies, votes, and the “How might we…” prompt you submit. All content is stored anonymously (only your animal alias is shown to others).
• Animal alias mapping – internally, we link your email to your alias so you can see your own submissions and vote once per sprint. This mapping is never shared with other participants.
• Usage metadata – timestamps of submissions, votes, and login events for operational and anti‑abuse purposes.

2. How We Use Your Information

• Authenticate you via magic links (no passwords ever stored).
• Run brainwriting sprints, show ideas under animal aliases, and aggregate votes for leaderboards.
• Inject “wild card” provocations from a fixed, pre‑written bank – we do not use generative AI or store any additional data from these prompts.
• Prevent abuse (e.g., multiple votes from the same user) while preserving anonymity.
• Improve the platform’s performance and fix bugs using aggregated, de‑identified data.

3. Third‑Party Services We Rely On

NymStorm is built on modern, privacy‑conscious infrastructure. The following third parties process your data only as necessary to deliver the service:

• Email delivery provider (e.g., Resend, SendGrid, or AWS SES) – we use a trusted email service to send you the magic login link. Your email address is transmitted to this provider only for the purpose of delivering that single email. They do not receive any other data and are contractually bound to delete it after sending.
• Turso (SQLite‑compatible edge database) – stores all sprint data, email–alias mappings, and votes. Data may be replicated across Turso’s distributed edge locations for low latency.
• Cloudflare Workers / Pages – runs the application logic and serves the website. Cloudflare may collect basic request metadata (IP address, user agent) for security and performance, but we do not use that data for any other purpose.

Important note on authentication: We use Better Auth, an open‑source authentication library that runs inside our own application. No data (including your email address) is ever sent to the Better Auth team or any external authentication server. The library simply helps us generate and verify magic links locally.

Each of the listed third‑party services (email provider, Turso, Cloudflare) is GDPR and CCPA compliant where applicable. We have data processing agreements in place where required.

4. Data Anonymity & Visibility

By design, NymStorm hides your real identity from other participants. Only your random animal alias is shown next to any idea or vote you contribute.

However, please be aware: the system internally knows which email created which alias for a given sprint. This is necessary to let you see your own submissions, edit them (if we add that feature), and prevent duplicate votes. Sprint organisers (the person who created the sprint) do not have access to the email–alias mapping unless you explicitly share it.

If you post illegal, threatening, or abusive content, we reserve the right to investigate and disclose your identity to law enforcement – but this is extremely rare and only done to comply with legal obligations.

5. Data Retention & Deletion

• Sprints: stored for as long as your account is active. You may request deletion of any sprint you created by contacting us (see Section 9).
• Personal data (email + alias mapping): retained only while you have an active account. You can delete your account at any time, which will permanently remove your email and all associated personal identifiers. Your anonymous ideas will remain(because they are no longer linked to you), unless you explicitly request full anonymisation of all contributions.
• Usage logs: anonymised after 30 days and used only for aggregate analytics.

6. Cookies & Tracking

We use a single session cookie to keep you logged in after clicking your magic link. No third‑party analytics cookies, advertising trackers, or fingerprinting scripts are deployed. You may disable cookies in your browser, but then magic link login will not work.

7. Your Rights (GDPR / CCPA / LGPD)

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your personal data (the “right to be forgotten”).
• Object to or restrict certain processing.
• Export your data in a portable format.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at privacy@nymstorm.com (or the contact in Section 9). We will respond within 30 days.

8. Children’s Privacy

NymStorm is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn we have inadvertently done so, we will delete it immediately.

9. Contact Us & Data Controller

If you have questions, concerns, or data deletion requests, please contact:

For data protection matters, our representative in the EU can be reached at the same email.

10. Changes to This Privacy Policy

We may update this policy from time to time. If we make material changes, we will notify you via email (using the address you registered with) and through a notice on the platform before the changes become effective. Your continued use of NymStorm after the effective date constitutes acceptance of the updated policy.

NymStorm is an MVP – we built it to test whether anonymous async brainstorming actually works. Privacy and anonymity are core to that experiment. We’ll never sell your email or ideas.