Last updated: May 8, 2026
NerveLabs Inc., a Delaware corporation ("we," "us," or "Nerve"), operates the Nerve platform at getnerve.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Account Information: When you create an account, we collect your name, email address, and authentication credentials through our identity provider (Clerk).
Google Integration Data: When you connect your Google account, we request the following permissions:
Gmail: Nerve requests the Gmail scopes gmail.modify, gmail.send, gmail.compose, and gmail.labels. These are write-capable scopes, we ask for them so that, when you explicitly approve a drafted reply or follow-up, Nerve can save the draft, send the email, or apply a label on your behalf. Nerve never sends, deletes, modifies, or labels an email without an explicit user approval of a specific action you reviewed first. Read access is used to identify action items, stale threads, follow-up needs, and relationship patterns for your daily briefings. You can revoke these scopes at any time from your Google account.
Google Calendar: Nerve requests calendar.readonly and calendar.events. Read access powers conflict detection, meeting prep, and focus-block protection. Write access is used only when you explicitly approve a scheduling action (e.g., booking a meeting via the scheduling agent). Nerve never creates, modifies, or deletes calendar events automatically.
Google Drive: Nerve requests drive.readonly. Read-only access is used solely so that you can search your Drive from a deal page in Nerve, select files to attach as canonical references on deals (e.g., signed contracts, term sheets, proposals), and click through to view them in Drive. Nerve does not download, modify, delete, or share your Drive files. Only file metadata (name, mimeType, modification time, web view link) and the file ID of files you explicitly attach are stored. You can revoke this scope at any time from your Google account.
Limited Use of Google User Data: Nerve's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: (a) we do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models; the data is used only to provide the user-facing features described above; (b) we do not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in the Nerve application, or as required by law, or as part of a merger, acquisition, or sale of assets with notice to users; (c) we do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising; (d) we do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations (and then only when the data has been aggregated and anonymized).
Slack Integration Data: When you connect Slack, we access messages from channels and direct messages you have access to in order to cross-reference signals with email and calendar data. We never post or send messages on your behalf without your explicit approval.
Microsoft Integration Data: When you connect your Microsoft account, we access Outlook email metadata and content, and Outlook Calendar events, under the same read-only principles described above for Google. We never send, delete, or modify your Outlook emails or calendar events without your explicit approval.
AI Processing & Data Flow: Your integration data is processed by Anthropic's Claude AI via their commercial API. Here is how your data flows: (1) Nerve fetches data from your connected integrations via OAuth over encrypted HTTPS; (2) relevant data is sent to Anthropic's API for analysis; (3) Anthropic processes the data and returns AI-generated summaries; (4) Nerve stores only the AI-generated summaries and extracted metadata, not raw email bodies or full message content, in encrypted Redis storage. Per Anthropic's commercial API terms: Anthropic does not use your inputs or outputs to train their models unless you explicitly opt in (e.g., via their Development Partner Program, which NerveLabs Inc. has not opted into). Anthropic automatically deletes API prompts and outputs within 30 days of receipt. Your data is not shared with any other third parties for AI training purposes.
Behavioral & Usage Data: We collect behavioral signals such as feature interactions (e.g., which sections you expand, which actions you approve or dismiss, input method preferences) to silently adapt the Nerve interface to your usage patterns. This data is stored in your user-scoped account and is not shared with third parties. We also collect anonymized analytics data including page views, feature usage, and performance metrics via PostHog to improve our service.
Website Visitor Identification (Reverse-IP): When you visit getnerve.ai, we may use third-party reverse-IP identification services to identify the company and, in the case of US-based business networks, the professional associated with the visit. Specifically, we use Apollo.io for person-level identification on US B2B traffic and IPinfo for company-level network classification. The information these services may collect or provide includes your IP address, business name, business email address, job title, LinkedIn profile URL, employer / company name, employer industry and size, the pages you visited on getnerve.ai, referrer URL, and visit timestamps. We use this information on the basis of legitimate interest for sales and account-based marketing purposes (e.g., understanding which companies are evaluating Nerve and reaching out with relevant context). This data is stored in our internal systems and is not sold or shared externally. If you do not want to be identified by Apollo, you can opt out or request deletion through Apollo's Privacy Center at apollo.io/company/privacy-center, or by emailing privacy@apollo.io. You can also block all visitor-identification scripts using a privacy-focused browser, ad blocker, or VPN. To request deletion of any visitor data we hold about you, contact us at the address in section 13.
Cookies: We use essential cookies for authentication and session management, and optional analytics cookies with your consent.
We use your information to: provide, operate, and maintain the Nerve platform; generate automated briefings and AI-powered recommendations; manage your workstreams and task tracking; process subscription payments; communicate service updates and support; comply with legal obligations.
Your data is stored using industry-standard encryption. Integration tokens are encrypted at rest. All data in transit is encrypted via TLS. We do not sell your personal data to third parties.
Nerve uses the following sub-processors to provide the Service. Each maintains industry-standard security certifications:
Clerk (authentication & identity), SOC 2 Type II certified. Handles user authentication, session management, and identity verification.
Upstash (data storage), SOC 2 and GDPR compliant. Provides encrypted Redis storage for user data, briefings, and application state.
Vercel (hosting & CDN), SOC 2 compliant. Hosts the Nerve application and serves static assets.
Anthropic (AI processing), Processes integration data via the commercial API with zero-training-on-customer-data policy and 30-day automatic deletion of API inputs/outputs.
AWS Bedrock (AI processing), Some Anthropic Claude requests are routed through AWS Bedrock cross-region inference for capacity. AWS does not retain inputs or outputs and does not use them for model training under Bedrock's commercial terms.
Stripe (payments), PCI DSS Level 1 certified. Processes subscription payments. Nerve does not store credit card numbers.
Resend (transactional email), Delivers welcome emails, briefing notifications, and account-related messages.
Bird (transactional email), Delivers investor relations email when explicitly used. SOC 2 compliant.
PostHog (analytics), Processes anonymized usage analytics to improve the Service.
Apollo.io (website visitor identification): performs person-level reverse-IP identification on US B2B traffic to getnerve.ai, including via its identity partner LiveIntent. Receives the visitor IP address, page URL, and referrer; returns business contact details (name, work email, job title, LinkedIn URL) and company context. Visitors can opt out or request deletion via Apollo's Privacy Center at apollo.io/company/privacy-center.
IPinfo (IP enrichment): classifies visitor IP addresses to detect corporate networks vs. residential ISPs vs. VPN/hosting infrastructure, returning the network organization name, city, region, and country. Used as a company-level fallback when Apollo does not identify the visitor.
Nerve integrates with third-party services including Google (Calendar, Gmail), Microsoft (Outlook Mail, Outlook Calendar), Slack, and payment processors (Stripe). Each integration is authorized by you and can be revoked at any time from your dashboard settings. These services have their own privacy policies which we encourage you to review.
Nerve offers an optional SMS messaging program for registered account holders. Phone numbers are collected only when you explicitly opt in via the Account → Notifications screen by entering your number and checking the consent box. The exact consent statement shown at the point of entry is preserved in our audit records alongside a timestamp, IP address, and user agent for each consent event.
Phone numbers and SMS message content are used solely to deliver the briefings, meeting preparation, agent notifications, and conversational replies you have opted in to. We do not share, sell, lease, or transfer phone numbers or consent records to third parties or affiliates for their own marketing purposes. Information shared with our SMS delivery vendor (Bird / Messagebird) is used only to deliver messages you have requested.
You can withdraw SMS consent at any time by texting STOP to the Nerve number, by removing your phone number from your account profile, or by disabling SMS delivery on the Account → Notifications screen. Consent withdrawal is recorded with the same timestamping discipline as the original opt-in.
Full SMS program terms, including frequency, supported carriers, sample messages, and the STOP/HELP keywords, are published at https://getnerve.ai/sms.
You have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data ("right to be forgotten"); object to or restrict processing of your data; data portability, receive your data in a structured, machine-readable format; withdraw consent at any time for consent-based processing.
To exercise any of these rights, contact us at patrick@getnerve.ai or through your account settings.
We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we remove your personal data within 30 days, except where retention is required by law. AI-generated summaries stored in Redis have a rolling 90-day retention window and are automatically purged after that period.
In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with GDPR and applicable state breach notification laws. Notification will include the nature of the breach, the data affected, steps we are taking to address it, and recommended actions for you.
Nerve is hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to such transfer. For users in the European Economic Area, we rely on Standard Contractual Clauses or other lawful transfer mechanisms as applicable.
Nerve is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
If you have questions about this Privacy Policy, contact us at: patrick@getnerve.ai or NerveLabs Inc., c/o The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington, DE 19801.