Privacy Protected

Privacy Policy

We are committed to protecting your privacy and being transparent about how we handle your data.

Last updated · June 2026

Privacy at a glance.

30-day auto-delete
Project files removed after upload
AES-256 encryption
At rest, with TLS 1.3 in transit
No AI training
Your schedule isn't used to train AI
You own your data
Export & delete on demand
GDPR-aligned
Access, correction, deletion

01 Introduction

Nahla AI is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our project-intelligence platform at nahla.ai.

02 Information we collect

Account information

When you create an account, we collect:

  • Email address
  • First and last name
  • Company name (optional)
  • Password (encrypted)

Project files

When you use our service, you may upload:

  • Project schedule files (.XER, .xlsx including MS Project exports)
  • These files are processed to generate analytics and reports

Usage data

We automatically collect:

  • Browser type and version
  • Pages visited and features used
  • Date and time of access

03 How we use your information

We use the information we collect to:

  • Provide and maintain our service
  • Process and analyze your project files
  • Generate reports and visualizations
  • Send important service updates and notifications
  • Respond to your inquiries and support requests
  • Improve our platform and develop new features

AI & your schedule data

We do not use your schedule data to train AI models — ours or anyone else's. Your uploaded schedules are processed only to generate your analysis, reports and the agent actions you request.

When you use AI chat or an agent, the relevant schedule context is sent to a specialist third-party AI provider located in the United States to generate the response. Your prompts are not used to train their models. Your chat history is stored in your account so you can return to a conversation; you can delete conversations at any time.

AI agents & communications

Some agents can draft emails on your behalf — for example, Progress Collection drafts update requests to the subcontractors you choose. These are sent only after you approve them, and only to the recipients you specify. Each recipient opens a secure single-use link (no account required); we store only a hashed token, never the raw link. The information you include in a request is shared with that recipient.

04 Data storage & retention

Project files

Your uploaded project files (.XER, .xlsx including MS Project exports) are stored temporarily in secure cloud storage and are automatically deleted after 30 days. We do not retain your raw project files beyond this period.

Auto-deletion after 30 days. No manual cleanup required. You can also request deletion at any time before then.

Reports and analytics

Generated reports and analytics data may be stored to allow you to access your previous analyses. You can request deletion of this data at any time.

Account data

Your account information is retained for as long as your account is active. You can request account deletion at any time by contacting us.

05 Data security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Hosted on SOC 2 / ISO 27001-certified cloud infrastructure (AWS)
  • Regular security audits and monitoring

Subprocessors

We rely on a small set of trusted subprocessors to run the Service: Amazon Web Services (cloud hosting & storage, in Sydney, Australia), a specialist AI provider in the United States (AI processing), and Amazon SES (transactional & agent email). Each processes data only as needed to provide the Service, and none uses your data to train models.

06 Your rights

You have the right to:

  • Access — request a copy of your personal data
  • Correction — update or correct your account information
  • Deletion — request deletion of your account and associated data
  • Export — download your reports and analytics data
  • Withdraw consent — opt out of non-essential data processing

To exercise any of these rights, please contact us at [email protected].

07 International data transfers

Our core services are hosted on cloud infrastructure in the Asia-Pacific (Sydney) region. To generate AI responses, limited schedule context is processed by a specialist AI provider located in the United States. By using the AI features, you consent to this overseas processing. If you are accessing our services from outside Australia, please also be aware that your data may be transferred to, stored, and processed in Australia.

08 Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

09 Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Questions about your privacy?

Reach out — we respond within 24 hours and treat every question as a real one.

Contact us → [email protected]