Last updated: May 2026
This Privacy Policy explains how G7 Company LLC processes personal data in connection with Nimera. Independent third-party providers may process personal data under their own privacy notices when they perform regulated or provider-controlled services.
This Privacy Policy explains how G7 Company LLC, a company registered in Georgia and operating Nimera, collects, uses, stores, discloses and protects personal data in connection with https://www.nimera.io, the Nimera dashboard, APIs, software interfaces, merchant onboarding support, technical integration, commercial coordination, support and related Services.
Important role clarification. We may provide software/interface, API connectivity, onboarding support, technical integration, commercial coordination, dashboard, routing/orchestration and support functions for provider-led crypto acquiring only. Regulated virtual asset, payment, acquiring, exchange, conversion, transfer, custody, KYC/KYB/KYT, Travel Rule, wallet screening, sanctions screening, transaction monitoring or settlement functions may be performed by independent authorised, registered or licensed third-party providers under their own privacy notices, terms and legal obligations. We do not sell personal data.
For processing carried out by us for operation of Nimera, account administration, support, security, direct merchant/business relationship management, compliance controls, technical integration and legal administration, the Company acts as data controller unless stated otherwise. Third-party providers may act as separate controllers or processors for their own regulated, compliance, payment, acquiring, exchange, KYC/KYT, settlement, execution, fraud monitoring or other provider-controlled services. Their privacy notices may apply in addition to this Privacy Policy.
Account and contact data
Name, email address, phone number, username, role, support messages, communication history, language preferences and related contact details.
To create and administer accounts, communicate with you, provide support, manage contractual relationships, send service notices and prevent abuse.
Business and merchant data
Corporate documents, registration number, jurisdiction, registered address, website/domain, business model, products/services, ownership and control, directors, representatives, beneficial owners, licences/permits where relevant, settlement information and expected activity.
To onboard and support merchants/business users, assess prohibited/restricted activity, configure integrations, comply with provider and internal AML/CTF requirements and manage risk.
Identification and verification data
Identity documents, date of birth, nationality, residence, selfies/biometric checks, beneficial ownership information, authorised representative documents, PEP/adverse media/sanctions results and verification status.
To perform or support KYC/KYB, sanctions screening, fraud prevention, AML/CTF risk controls, provider onboarding and legal/compliance requirements. These checks may be performed by us and/or third-party providers.
Wallet and blockchain data
Public wallet addresses, transaction hashes, blockchain network metadata, invoice/payment references, provider wallet-screening results, KYT alerts and public ledger data.
To support provider-led crypto acquiring, troubleshoot transaction status, coordinate support, assist with risk review and comply with provider/internal AML/CTF requirements. We do not request, store or recover private keys or seed phrases.
Provider-service data
Provider onboarding status, checkout/payment metadata, conversion/settlement status, refund/reversal information, limits, declines, provider risk flags, provider requests and support information.
To display provider-service activity, coordinate support, manage risk, comply with provider requirements and respond to disputes or compliance requests. Provider-controlled data may also be processed by providers under their own notices.
Device, log and usage data
IP address, approximate location, device model, operating system, browser, API logs, dashboard activity, app/version data, crash logs, diagnostics, security events, cookies, SDK data and similar technical data.
To maintain security, prevent fraud, troubleshoot, improve reliability, analyse usage, monitor API performance and protect Nimera and users.
Depending on the context and law applicable to the relevant individual, we may rely on performance of a contract, legitimate interests, legal obligations, consent, establishment/exercise/defence of legal claims, substantial public interest or another lawful basis. For EU/EEA or UK data subjects, we will apply the relevant GDPR/UK GDPR legal bases where applicable. For Georgian data subjects, we will process personal data in accordance with Georgian personal data protection requirements applicable to our role and processing activities.
We may share personal data only where necessary and proportionate, including with:
Our business, infrastructure and providers may involve processing in multiple jurisdictions. Where personal data is transferred outside the country where it was collected, we use appropriate safeguards where required, such as contractual protections, confidentiality obligations, data processing terms, technical and organisational security measures and, for EU/EEA transfers where applicable, Standard Contractual Clauses or other recognised mechanisms.
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including service provision, support, security, accounting, tax, contractual, compliance, AML/CTF, sanctions, fraud prevention, audit, dispute and legal purposes. Compliance, due diligence, provider allocation, screening, escalation, rejection, termination and training-related records may be retained for at least five years after the end of the relevant relationship or activity, unless a different period is required by applicable law, provider requirements, litigation hold, regulatory request or legal advice.
Some information cannot be fully erased, including immutable public blockchain data and records retained by independent regulated or compliance providers under their own legal obligations.
We use organisational and technical measures designed to protect personal data against unauthorised access, alteration, loss, misuse or disclosure, including access controls, encryption where appropriate, logging, monitoring, secure development practices, API security controls and confidentiality restrictions. No system is completely secure. You are responsible for securing your devices, credentials, API keys, authorised users and access rights.
Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability or withdrawal of consent. Some rights may be limited where we or a provider must retain data for compliance, AML/CTF, sanctions, fraud prevention, legal claims, security or statutory obligations. Where a third-party provider acts as an independent controller, we may route your request to that provider or ask you to contact the provider directly.
We may use cookies, SDKs and similar technologies to maintain session integrity, secure Nimera, remember preferences, analyse usage, monitor API/dashboard performance and improve user experience. Where required by law, we will request consent for non-essential cookies or analytics. You can manage cookies through your browser settings.
The Services are not intended for persons under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact us so that we can take appropriate action.
We may update this Privacy Policy to reflect changes in law, provider requirements, risk controls, products or processing activities. Questions or requests may be submitted to support@nimera.io.
Data controller for Company-controlled processing: G7 Company LLC, Georgia, identification number 424094786.
.png)
.png)
