Last Updated and Effective Date: May 1, 2024

This Privacy Policy describes how Nimble (“we,” or “us”) collects, uses, discloses, and processes your Personal

Information (“you” and “your”). We reserve the right to change this Privacy Policy at any time. If we change our

Policy has been updated. Updates to the Privacy Policy will be referenced by the "Last Updated and Effective

Date" date shown above.

1. Definitions.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of

being associated with, or could reasonably be linked, directly or indirectly, with a particular person or

household. “Personal Information” does not include: (a) publicly available information or lawfully obtained,

truthful information that is a matter of public concern; or (b) information that is deidentified or aggregate

information.

2. Information We Collect, the Categories of Source of Collection and the Purpose for Collection.

Set forth below are the categories of Personal Information we collect and that have collected in the preceding

12 months, the categories of sources from which the Personal Information was collected and the business or

commercial purpose for such collection. Please note that we may not collect all of the information referenced

below regarding you and we may not use your Personal Information for all purposes set forth in this Privacy

Policy.

Category of

Personal

Information

What We Collect

Categories of Sources

from Which Personal

Information Collected

Business or Commercial Purposes

for Collection

PERSONAL INFORMATION

Personal

Identifiers

Real name

Online identifier

Internet protocol

address

Email address

Signature

Telephone number

Directly from you*

Automatically

To register with our app to use our

transcription services

To personalize your experience and to

allow us to deliver the type of content

and product offerings in which you are

most interested

To improve our app in order to better

serve you

To allow us to better service you in

responding to your customer service

requests

To ask for ratings and reviews of

services or products

To follow up with you after

correspondence (live chat, email or

phone inquiries)

Geolocation Data Internet protocol

address

Automatically To personalize your experience and to

allow us to deliver the type of content

and product offerings in which you are

most interested

To improve our app in order to better

serve you

* We may collect Personal Information directly from you in a number of ways, including but not limited to when

you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf

the app, or use certain other app features.

3. Personal Information We Disclose, Share for Targeted Advertising or Sell and the Purpose for It.

Disclosure of Personal Information to Service Providers

We disclose and have disclosed in the preceding 12 months Personal Information to our service providers and

contractors for the following business purposes.

 Functionality & Debugging: We disclose Personal Information to engage in debugging to identify and

repair errors that impair existing intended functionality.

 Research & Development: We disclose Personal Information for internal research related to

technological development and demonstration.

 Quality Control & Improvement of Products and Services: We disclose Personal Information to verify,

maintain, and improve our products and services.

The following chart sets forth the categories of Personal Information we have disclosed to our service providers

for a business purpose over the past 12 months.

Categories of Personal

Information that We Disclose

Business Purposes for the Disclosure of Personal Information

PERSONAL INFORMATION

Identifiers

Functionality & Debugging

Research & Development

Quality Control & Improvement of Products and Services

Geolocation Data

Functionality & Debugging

Research & Development

Quality Control & Improvement of Products and Services

As Necessary: We may also disclose Personal Information, as necessary: (a) to comply with any legal process;

(b) to respond to requests from public and government authorities; (c) to enforce our terms and conditions; (d)

to protect our operations and protect our rights, privacy, safety or property, and/or that of you or others; and (e)

to allow us to pursue available remedies or limit the damages that we may sustain. We may also use Personal

Information in connection with or during negotiation of any reorganization, acquisition, merger, sale, joint venture,

assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in

connection with any bankruptcy or similar proceedings).

Selling and Sharing (for Targeted Advertisement) of Personal Information

We do not share your Personal Information for cross-context behavioral advertising.

We do not sell your Personal Information as that term is commonly understood to be disclosure of your Personal

Information in exchange for money. Rather, as used herein, definition of sale includes situations where another

company can use your Personal Information for its own purposes. For example, we use Google Analytics to

ensure app functionality and improve our app and services. This software may record information such as your

IP address, location, age and gender, browser type and language, operating system, access time, duration of

visit, pages you view within our app, search terms you enter and other actions you take while visiting us, the

pages you view immediately before and after you access the services, how often you use our Services,

aggregated usage and performance data, app errors and debugging information. Google Analytics is owned

and controlled by Google LLC. Data collected by Google is subject to its privacy policy. To the extent Google

uses this information for its own purposes, this may be considered a sale under California law. To learn how

Google uses data related to app analytics, please click here: https://policies.google.com/technologies/partner-

sites. You may opt-out of having your activity on our app made available to Google Analytics by installing the

Google Analytics browser add-on, available here: https://tools.google.com/dlpage/gaoptout.

We may also provide aggregated or non-Personal Information to other parties for marketing, advertising, or other

uses.

4. Do Not Track Signals.

We honor do not track signals.

5. Our Retention Policy – How Long We Keep Your Personal Information.

We will retain each category of your Personal Information identified above for an amount of time that is

reasonably necessary for us to use the information for the purposes disclosed herein and for any other permitted

purposes, including retention of Personal Information pursuant to any applicable contract, law or regulation. To

determine the appropriate retention period for Personal Information, we consider the amount, nature, and

sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your

Personal Information, the purposes for which we process your Personal Information and whether we can achieve

those purposes through other means, and the applicable legal requirements.

6. Data Security.

We implement technical, organizational, administrative and physical measures to help ensure a level of security

appropriate to the risk to the Personal Information we collect, use, process and disclose. These measures are

aimed at ensuring the on-going integrity and confidentiality of Personal Information. We evaluate these

measures on a regular basis to help ensure the security of the processing. Please be aware that, despite our

ongoing efforts, no security measures are perfect or impenetrable.

7. Email Communications.

You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in our

commercial emails we send, or by sending us a request to privacy@nimblercm.com. If you opt-out of receiving

marketing email communications, we may still send you email messages related to specific transactions with us.

Unsubscribing yourself from our marketing communications will not affect our service to you.

8. Children.

We do not direct our app to children under thirteen (13) years of age. We do not knowingly collect information

from persons under 13 years of age. We do not allow persons known to be under 13 years of age to receive

direct marketing communications from us. No information should be submitted to our apps or applications by

persons under 13 years of age. When appropriate, we may ask you to indicate your date of birth to verify

compliance with the age requirements set forth herein.

9. Your Rights if You Are a Resident of California.

California residents may exercise certain privacy rights pursuant to the California Consumer Privacy Act of 2018,

as amended by the California Privacy Rights Act of 2023, and related regulations (“CCPA”). Your right to submit

certain requests as a California resident are described below. Please note that these rights are subject to certain

exceptions and certain of these rights are subject to verification mechanisms.

 Right to Know Personal Information Collected About You. You have the right to know: (1) the categories

of Personal Information we have collected about you; (2) the categories of sources from which the

Personal Information is collected; (3) the business or commercial purpose for collecting Personal

Information; (4) the categories of parties to whom we disclose Personal Information; and (5) the specific

pieces of Personal Information we have collected about you. You may submit a request by calling us at

(800) 930-9366 or emailing us at privacy@nimblercm.com.

 Right to Know Personal Information Disclosed and to Whom. You have the right to request that we

disclose to you: (1) the categories of Personal Information that we collected about you; and (2) the

categories of Personal Information that we disclosed about you for a business purpose and the categories

of persons to whom it was disclosed for a business purpose. You may submit a request by calling us at

(800) 930-9366 or emailing us at privacy@nimblercm.com.

 Right to Request Deletion of Your Personal Information. You have the right to request that we delete

your Personal Information, subject to a number of exceptions. Following receipt of a request, we will let

you know what, if any, Personal Information we can delete from our records. If we cannot delete all of

your Personal Information, we will let you know the reason. You may submit a request by calling us at

(800) 930-9366 or emailing us at privacy@nimblercm.com.

 Right to Correct Inaccurate Information. If you believe that any of the Personal Information we maintain

about you is inaccurate, you have the right to submit a request for us to correct that information. Upon

receipt of a request, we will use commercially reasonable efforts to correct the information as you direct.

You may submit a request by calling us at (800) 930-9366 or emailing us at privacy@nimblercm.com.

 Right to Opt-Out of the Sale and Sharing of Your Personal Information. As noted, we do not sell your

Personal Information. As such this right does not apply to you. To the extent you want to opt-out of

Google Analytics, please see above.

 Right to Limit the Use of Your Sensitive Personal Information. We do not collect or use sensitive Personal

Information that is covered by the CCPA. As such, this right does not apply.

 Right to Non-Discrimination for Exercising Your Rights. If you choose to exercise any of your rights, you

have the right to not receive discriminatory treatment by us.

When you make a request to know, delete and/or correct, to help protect your privacy and maintain security, we

will take steps to verify your identity. Our verification procedure may differ depending on whether you have an

account with us or not and the request you are making. The following generally describes the verification

processes we use:

 Password Protected Accounts. If you have a password-protected account with us, we may use existing

authentication practices to verify your identity but will require re-authentication before disclosing,

correcting or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will

require further verification (as described below) before complying with a request to know, correct or

delete.

 Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account

with us, we will generally verify your identity as follows:

o For requests to know categories of Personal Information, we will verify your identity to a

reasonable degree of certainty by matching at least two data points provided by you with reliable

data points maintained by us.

o For requests to know specific pieces of Personal Information, we will verify your identity to a

reasonably high degree of certainty by matching at least three data points provided by you with

reliable data points maintained by us. We will also require a declaration, signed under penalty of

perjury, that the person requesting the information is the person whose information is the subject

of the request or that person’s authorized representative. We will maintain all signed declarations

as part of our records.

o For requests to correct or delete Personal Information, we will verify your identity to a reasonable

degree or a reasonably high degree of certainty depending on the sensitivity of the Personal

Information and the risk of harm posed by unauthorized deletion. We will act in good faith when

determining the appropriate standard to apply.

If there is no reasonable method by which we can verify your identity, we will state so in response, including an

explanation of why we have no reasonable method to verify your identity.

If you use an authorized agent to submit a request to know, delete or correct, we may require the authorized

agent to provide proof that you gave the agent signed permission to submit the request. We may also require

you to do either of the following: (a) verify your own identity directly with us; or (b) directly confirm with us that

you provided the authorized agent permission to submit the request. This requirement does not apply if you

have provided the authorized agent with power of attorney pursuant to California Probate Code sections 4121

to 4130.

There may be situations where we cannot grant your request. For example, if you ask us to delete personal

information that we are obligated to keep to comply with applicable law we may not be able to fulfill some or all

of your request. We may also decline to grant your request where our use of your personal information serves a

legitimate purpose such as for security purposes. Your request may also be denied if it compromises the privacy

of others, is overly repetitive or extremely burdensome to fulfill.

We will respond to requests to know, requests to delete and / or delete no later than 45 calendar days. If we

cannot verify your request within 45 days, we may deny your request. If necessary, we may take up to an

additional 45 days to respond to your request but in such an event will provide you a notice and an explanation

of the reason that we will take more than 45 days to respond to your request.

10. Nevada Privacy Notice.

Nevada law provides that Nevada residents may opt-out of the “sale” of “covered information” to third parties,

including but not limited to name, address, social security number, and online service activity. Our uses of your

Personal Information are not sales under Nevada law, so no opt-out right applies.

11. How to Contact Us.

If you have any questions or concerns about our privacy policies and practices, please feel free to contact us by

calling us at (800) 930-9366, emailing us at privacy@nimblercm.com or by mail at 7 Arnage Rd., Chesterfield,

MO 63005.