Privacy Policy
Last updated: 13 July 2026
Nimo ("we", "us") is a communication app for nurseries and kindergartens, operated through nimo.club. It lets school staff share daily updates, photos and messages with the families of the children in their care.
This policy explains what personal data is processed when you use Nimo, why, where it is stored, and what rights you have. If anything is unclear, write to us at hello@nimo.club — we answer personally.
1. Who is responsible for your data
Your school decides what information is recorded in Nimo. For the data about children and families (profiles, daily logs, photos, messages), the school is the data controller and Nimo acts as its data processor — we process that data only on the school's instructions.
For the data needed to operate the service itself (user accounts, technical logs, push notification tokens), Nimo is the data controller.
2. What data we process
- Account data: your name, email address, role (teacher, parent, school admin) and an optional profile photo.
- Children's information entered by the school: name, classroom, attendance, daily activity (meals, naps, nappy changes and similar), notes, and photos or videos.
- Messages exchanged between school staff and families.
- Staff check-in location: when a teacher clocks in or out on a school device, their location is used at that moment to verify presence within the school perimeter. Parents' locations are never collected.
- Device and technical data: push notification tokens, app version and technical logs needed to keep the service running and secure.
3. Photos and videos of children
Photos and videos are taken and uploaded by school staff. They are visible only to the school's staff and to the family members the school has authorised for each tagged child.
Media is stored in the European Union and delivered through time-limited signed links. It is never public, never used for advertising, never used to train AI systems, and never shared with third parties beyond the storage providers listed below.
4. Why we process data (legal bases)
- To provide the service, under our contract with your school (Art. 6(1)(b) GDPR).
- To keep the service secure and working, as a legitimate interest (Art. 6(1)(f) GDPR).
- On the basis of consent where it is required — for children's data and photos, that consent is collected and managed by the school from the families (Art. 6(1)(a) GDPR).
5. Where data is stored
All data is stored in the European Union: application data on Google Cloud (Belgium) and photos/videos on Amazon Web Services (Ireland). Data is encrypted in transit.
6. Service providers (sub-processors)
We use a small number of infrastructure providers, each bound by data processing agreements:
- Google Cloud — application hosting and database (EU).
- Amazon Web Services — photo and video storage and delivery (EU).
- Google Firebase, Apple Push Notification service — delivery of push notifications to your device.
- Resend — transactional email (invitations, password resets).
7. What we never do
- We do not sell or rent personal data.
- We show no advertising and use no advertising trackers.
- We do not profile children or families.
- We do not use your content — including photos — to train AI systems.
8. How long we keep data
Data is kept while the school's contract with Nimo is active. When a school leaves Nimo, its data is deleted within 90 days, allowing for backup cycles. Schools can delete individual photos, messages or child profiles at any time, and parents can request deletion of their child's data through the school.
9. Security
All traffic is encrypted (TLS). Access is role-based: parents only ever see their own children. Photos and videos are served through expiring signed links. If you enable Face ID / biometric unlock, the biometric check happens entirely on your device — we never receive biometric data.
10. Your rights
Under the GDPR you can request access to, correction of, deletion of, or a copy of your personal data, and you can object to or restrict certain processing.
For data about your child, the quickest route is your school, which controls that data. For anything else — or if you need help — contact us at hello@nimo.club. You also have the right to lodge a complaint with your data protection authority (in Spain, the AEPD at aepd.es).
11. App permissions
The app may ask for the following device permissions. All of them are optional and can be revoked in your device settings:
- Camera and photo library — for staff to take and upload photos.
- Notifications — to tell you about new updates and messages.
- Location — staff check-in verification only; never requested from parents.
- Calendar — to add school events to your calendar, if you choose.
- Face ID / biometrics — optional app lock, processed on-device only.
12. Children
Nimo accounts belong to adults: school staff and parents or guardians. Children do not have accounts and cannot use the app. Information about children is entered by the school under its own legal responsibility and the consent it collects from families.
13. Changes to this policy
If we change this policy, we will publish the new version on this page and inform schools of any material changes before they take effect.
14. Contact
Nimo · nimo.club · hello@nimo.club