Privacy Policy

Effective Date: March 30, 2026
Last Updated: March 30, 2026

1. Introduction

This Privacy Policy describes how Nerdheadz LLC (“NerdHeadz,” “we,” “us,” or “our”) collects, uses, stores, and discloses your personal information when you visit our website at https://www.nerdheadz.com/ (the “Website”) or engage us for professional services (collectively, the “Service”).

NerdHeadz specializes in AI-enabled tools, chatbot development, RAG (Retrieval Augmented Generation), web and app development, UX/UI design, prototyping, cloud-based development, and workflow automation. We serve a global, English-speaking clientele, including clients in the European Union and the United States.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Interpretation and Definitions

Interpretation

Words with initial capital letters have defined meanings under the conditions set out below. These definitions apply whether the terms appear in singular or plural form.

Definitions

• Account means a unique account created for you to access our Service or parts of our Service.
• Company (referred to as “the Company,” “we,” “us,” or “our”) refers to Nerdheadz LLC, Parq Ubud, Indonesia 80571.
• Cookies are small data files placed on your device by a website, used to store browsing information and preferences.
• Device means any device that can access the Service, such as a computer, mobile phone, or tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Website and all professional services provided by NerdHeadz.
• Service Provider means any natural or legal person who processes data on behalf of the Company to facilitate, provide, or analyze the Service.
• Usage Data refers to data collected automatically from the use of the Service or its infrastructure (for example, page visit duration or IP address).
• Website refers to NerdHeadz, accessible at https://www.nerdheadz.com/.
• You means the individual accessing or using the Service, or the company or legal entity on whose behalf such individual is acting.

3. Data We Collect

3.1 Personal Data

When you use our Service or engage us for professional work, we may collect the following categories of personal data:

• Email address
• First name and last name
• Company name
• Phone number
• Professional information (job title, company role)
• Billing and payment information (processed via Stripe and MangoPay — we do not store full payment card details)
• Project-related data and files shared during service delivery
• Communication records (emails, chat messages, support tickets)

3.2 Usage Data

Usage Data is collected automatically when you use the Service. This may include:

• Your device’s Internet Protocol (IP) address
• Browser type and version
• Device type, unique device identifiers, and operating system
• Pages visited, time and date of visits, and time spent on pages
• Referring URLs and search terms
• Browser fingerprint and device identifiers
• Other diagnostic data

When you access the Service through a mobile device, we may also collect your mobile device type, unique device ID, mobile IP address, mobile operating system, and mobile browser type.

3.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect and track information about activity on our Service. See Section 15 (Cookie Policy) for full details on the cookies we use, their purposes, and how to manage your preferences.

4. How We Use Your Data

We may use your Personal Data for the following purposes:

• To provide and maintain our Service, including monitoring usage and performance.
• To perform a contract: To fulfill the development, compliance, and delivery of products, services, or other contracts with you through the Service.
• To contact you: By email, telephone, SMS, or other electronic communication regarding updates, security notices, or information related to the services you have engaged.
• To provide marketing communications: News, special offers, and information about services similar to those you have purchased or enquired about, subject to your opt-out preferences (see Section 16).
• To manage your requests: To attend to and manage your inquiries and requests.
• For business transfers: To evaluate or conduct a merger, divestiture, restructuring, dissolution, or other sale or transfer of our assets.
• For analytics and improvement: Data analysis, identifying usage trends, evaluating the effectiveness of campaigns, and improving our Service, products, and your experience.
• For AI-powered features: To provide AI-enabled tools and services as part of our deliverables (see Section 5).

5. Artificial Intelligence and Machine Learning

NerdHeadz develops and deploys AI-powered products and uses AI tools in its internal operations. This section explains how your data may interact with AI and machine learning systems.

5.1 Third-Party AI Services

We use third-party AI services, including OpenAI and Groq, to power features in the products we build and to support our internal workflows. When you interact with an AI-enabled feature in a product we have developed, certain data may be transmitted to these third-party AI providers for processing (for example, a text prompt submitted to a chatbot).

5.2 No Use of Your Data for AI Model Training

Your personal data is not used to train AI or machine learning models. We contractually require our AI service providers to refrain from using data processed through our accounts for training their models.

5.3 Safeguards

When processing data through third-party AI services, we apply the following safeguards:

• Data minimization: Only the minimum data necessary for the AI feature to function is sent to the provider.
• No persistent storage: We configure our integrations so that AI providers do not retain your data beyond the duration of the request, unless explicitly stated for a specific feature.
• Contractual protections: Our agreements with AI providers include data processing terms that restrict how your data may be used.
• Access controls: Only authorized team members can configure or modify AI service integrations.

5.4 AI-Generated Outputs

AI-generated outputs (such as text, code, designs, or analysis) may be included in deliverables provided to clients. These outputs are reviewed by our team and are subject to the same quality standards as all other deliverables.

6. Third-Party Service Providers

We work with third-party companies and individuals to facilitate our Service, perform services on our behalf, or assist us in analyzing how our Service is used. Each provider is bound by their own privacy policy and, where applicable, a data processing agreement with NerdHeadz.

We may add or change service providers from time to time. For the most current list, contact us at [email protected].

7. Data Sharing and Disclosure

We may share your personal information in the following circumstances:

• With Service Providers: To monitor, analyze, and improve our Service, process payments, and communicate with you.
• For business transfers: In connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business.
• With business partners: To offer you certain products, services, or promotions.
• For legal compliance: When required by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• To protect rights and safety: To protect and defend our rights or property, prevent wrongdoing, protect the personal safety of users or the public, or protect against legal liability.
• With your consent: For any other purpose with your explicit consent.

We do not sell your personal information to third parties.

8. Data Retention

We retain your personal data only for as long as is necessary for the purposes described in this policy, or as required by law. Specific retention periods are as follows:

After the applicable retention period, personal data is securely deleted or anonymized so that it can no longer be linked to you.

9. International Data Transfers

Your information, including Personal Data, is processed at NerdHeadz’s operating offices (Indonesia) and by our third-party service providers, who may be located in the United States, the European Union, and other jurisdictions. This means your data may be transferred to and maintained on systems located outside of your country, where data protection laws may differ.

Where personal data is transferred outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Transfers to countries deemed to provide an adequate level of data protection by the European Commission
• Other legally recognized transfer mechanisms

By submitting your information, you consent to these transfers, provided that adequate safeguards are in place as described above.

10. Your Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Union or European Economic Area, the GDPR grants you specific rights regarding your personal data. NerdHeadz acts as a data controller for personal data collected from website visitors and prospective clients, and as a data processor when handling client project data on behalf of our clients.

10.1 Legal Bases for Processing

We process your personal data on the following legal bases:

• Consent: You have given clear consent for us to process your personal data for a specific purpose (e.g., marketing emails, cookie consent).
• Contractual necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering a contract.
• Legitimate interests: Processing is necessary for our legitimate interests (e.g., improving our Service, fraud prevention), provided those interests are not overridden by your fundamental rights.
• Legal obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

10.2 Your Rights

Under the GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data where there is no compelling reason for its continued processing.
• Restriction of processing: Request that we restrict the processing of your personal data under certain conditions.
• Data portability: Request a copy of your personal data in a structured, commonly used, machine-readable format.
• Objection: Object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Withdrawal of consent: Withdraw your consent at any time where we rely on consent as the legal basis for processing.
• Lodge a complaint: Lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates the GDPR.

To exercise any of these rights, contact us at [email protected] with the subject line “GDPR Request.” We will respond within 30 days.

10.3 Data Protection Contact

While NerdHeadz is not required to appoint a Data Protection Officer under Article 37 of the GDPR, all privacy-related inquiries can be directed to our designated privacy contact at [email protected]. We commit to responding to privacy inquiries within 30 days.

11. Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

11.1 Categories of Personal Information Collected

11.2 Your Rights

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale or sharing: NerdHeadz does not sell or share your personal information as defined by the CCPA/CPRA.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your rights, contact us at [email protected] with the subject line “CCPA Request” or submit a request via our contact page. We will verify your identity before processing your request and respond within 45 days.

12. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols.
• Encryption at rest: Stored personal data is encrypted using industry-standard encryption algorithms.
• Access controls: Role-based access controls and the principle of least privilege ensure that only authorized personnel can access personal data relevant to their responsibilities.
• Security reviews: We conduct regular security reviews and vulnerability assessments of our systems and infrastructure.
• Employee obligations: All team members are subject to confidentiality obligations and receive security awareness training.
• Breach notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

While we implement robust security measures, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the highest reasonable standard.

13. Children’s Privacy

NerdHeadz’s services are designed for businesses and professionals, not for children. We do not knowingly collect personally identifiable information from anyone under the age of 13 (in the United States, per COPPA) or under the age of 16 (in the European Union/EEA, or the applicable age of digital consent in their member state, which may be as low as 13 depending on the country).

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at [email protected]. If we become aware that we have collected Personal Data from a minor without appropriate parental consent, we will take steps to delete that information promptly.

14. Links to Other Websites

Our Service may contain links to third-party websites that are not operated by us. If you click on a third-party link, you will be directed to that party’s site. We strongly advise you to review the privacy policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

15. Cookie Policy

When you first visit our Website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. Your cookie preferences are saved and can be changed at any time.

15.1 Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the Website to function and cannot be switched off. They are usually set in response to actions you take (such as setting your privacy preferences, logging in, or filling in forms). No consent is required for these cookies.

Analytics and Performance Cookies

These cookies help us understand how visitors interact with our Website by collecting and reporting information. We use Hotjar to analyze user behavior such as page visits, scroll depth, and click patterns. These cookies are only placed with your consent.

Functionality Cookies

These cookies allow the Website to remember choices you make (such as language preference or region) and provide enhanced, more personalized features. These cookies require your consent.

15.2 Cookie Duration

• Session cookies: Expire when you close your browser.
• Persistent cookies: Remain on your device for up to 12 months or until you delete them.

15.3 Managing Your Cookie Preferences

You can manage your cookie preferences in the following ways:

• Cookie consent banner: Adjust your preferences via the cookie consent banner displayed on your first visit. To change your preferences later, clear your browser cookies for our site and the banner will reappear.
• Browser settings: Most web browsers allow you to control cookies through their settings. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Please note that disabling certain cookies may affect the functionality of our Website.

16. Marketing and Opt-Out

Where you have provided consent or where we have a legitimate interest, we may send you marketing communications about our services, events, and industry insights.

You can opt out of marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Contacting us at [email protected] with the subject line “Unsubscribe”

We will process your opt-out request within 10 business days. Please note that opting out of marketing communications does not affect transactional or service-related communications (such as project updates, invoices, or security notices).

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Post the updated Privacy Policy on this page with a revised “Last Updated” date
• Where appropriate, notify you via email or a prominent notice on our Website prior to the changes taking effect

We encourage you to review this Privacy Policy periodically. Changes are effective when posted on this page.

18. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us:

• Email: [email protected] (use subject line “Privacy Inquiry” for privacy-related requests)
• Contact page: https://www.nerdheadz.com/contact-us

We commit to responding to all privacy-related inquiries within 30 days of receipt.