Your data, handled with care.

Who we are

NRMD is a brand of Maní Digital Ventures, S. A. de C. V., the controller (responsable, under Mexico's LFPDPPP) of the personal data we process through this website and our services.

• Legal entity: Maní Digital Ventures, S. A. de C. V.
• Registered address: Tintoreto 103, Departamento 302, Col. Ciudad de los Deportes, Del. Benito Juárez, Ciudad de México, México, C. P. 03710
• Privacy contact: privacy@nrmd.io

For specifics on how we use cookies and similar tracking technologies, see our Cookies notice.

Information we collect

We only collect what we need to operate, respond to you, and improve our services. Three categories:

Information you give us directly

• When you fill out a form or book a call: name, business email, phone (optional), company name, role, and the message or context you provide.
• When you subscribe to updates: your email address and language preference.
• When you become a customer: billing information, contract terms, and project-specific data we agree on in writing.
• When you contact support: anything you share in your message or attachments.

Information collected automatically

• Server logs: IP address, browser user-agent, referring page, and timestamp, kept short-term for security and operations.
• Analytics & marketing data: only when you consent via the cookie banner. See the Cookies notice for the full list and durations.

Information from third parties

We may supplement what you give us with limited business information from publicly available sources or B2B databases (for example, your role on LinkedIn) to understand who we are speaking with. We do not buy consumer-grade personal data.

How we use your information

We use personal data to:

• Respond to your inquiries and deliver the services you've contracted
• Operate, maintain, and secure the site and our infrastructure
• Send service-related messages (project updates, billing, security notices)
• Send marketing communications only if you've opted in, and every message includes an unsubscribe link
• Improve our services and content based on aggregated analytics
• Comply with legal, tax, and regulatory obligations
• Detect, prevent, and respond to fraud, abuse, or security incidents

We do not sell your personal information. We do not use automated decision-making that produces legal or similarly significant effects on you.

Legal bases for processing

Depending on the activity and your location, we rely on one or more of these legal bases:

• Contract: processing necessary to deliver services you've engaged us for (project work, account administration).
• Consent: for marketing emails, non-essential cookies, and any optional processing. You can withdraw consent at any time, without affecting the lawfulness of prior processing.
• Legitimate interest: for operating the site, security, fraud prevention, limited B2B prospecting, and service improvement. We balance these interests against your rights.
• Legal obligation: for tax, accounting, regulatory, and judicial requirements.

Who we share information with

We share personal data only when necessary, and only with parties bound by appropriate confidentiality and security obligations.

• Service providers we rely on to run the business: hosting, email delivery, CRM, analytics, payment processing. Each is contractually limited to processing data on our behalf for specific purposes.
• Professional advisors: lawyers, accountants, auditors, under confidentiality.
• Authorities: when required by valid legal process or to protect rights, property, or safety.
• Business successors: in the event of a merger, acquisition, or sale of all or part of our assets, personal data may transfer to the successor under the same protections.

International data transfers

NRMD is based in Mexico and serves clients across Mexico, the United States, and Canada. Your data may be processed or stored in any of these countries, and in countries where our service providers operate.

Where data crosses borders, we use:

• Contractual safeguards equivalent to LFPDPPP requirements
• Standard contractual clauses for transfers to or from the EU/UK where applicable
• Service providers with mature privacy programs and recognized certifications (e.g., SOC 2, ISO 27001)

By using our services, you understand that your data may be processed in a country other than the one you reside in.

How long we keep your data

We keep personal data only as long as needed for the purpose it was collected, or as required by law:

• Inquiry data: 24 months from last contact, then deleted or anonymized.
• Customer / contract data: duration of the engagement plus 5 years for tax and commercial recordkeeping (Mexican Código de Comercio).
• Marketing subscribers: until you unsubscribe, then deleted within 90 days.
• Cookie-derived analytics: per the durations in our Cookies notice.
• Server logs: 90 days, unless retained for an active security or legal matter.

When the retention period ends, we delete or irreversibly anonymize the data.

Your rights

You have meaningful rights over your personal data. The exact set depends on where you live. We honor the highest applicable standard.

If you're located in the European Economic Area, the United Kingdom, or Switzerland, you also have rights under the GDPR and UK GDPR, including the right to lodge a complaint with your local supervisory authority.

How to exercise your rights

Email privacy@nrmd.io with:

• Your name and contact information
• The specific right you want to exercise
• Enough information for us to verify your identity (we may request additional verification to protect you)

We will not retaliate against you for exercising your rights, and exercising them is free of charge.

In Mexico, if you believe we have not handled your request properly, you can file a complaint with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): home.inai.org.mx.

Security

We use technical and organizational measures appropriate to the sensitivity of the data we process. These include:

• Encryption in transit (TLS) for all traffic to nrmd.io
• Access controls and least-privilege internal permissions
• Logging and monitoring of administrative activity
• Vendor due diligence for any service that processes personal data
• Incident response procedures with notification of affected individuals and authorities within the timelines required by applicable law

No system is 100% secure. If you suspect a vulnerability or see something off, please report it to privacy@nrmd.io.

Children's privacy

NRMD's services are designed for businesses, not for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact privacy@nrmd.io and we will delete it.

Changes to this notice

We may update this notice as our practices evolve. For example, when we adopt a new tool, change how we use data, or refine the language for clarity. The "Last updated" date at the top of the page always reflects the most recent revision.

For material changes, we will surface a clear update notice on the site and, where we have a way to reach you (such as an active subscription), notify you by email so you can review and act before the change takes effect.

Contact

For any privacy matter, the fastest channel is email:

• Privacy: privacy@nrmd.io
• General: hello@nrmd.io

By postal mail:

Maní Digital Ventures, S. A. de C. V.
Attn: Privacy Officer
Tintoreto 103, Departamento 302
Col. Ciudad de los Deportes
Del. Benito Juárez
Ciudad de México, México, C. P. 03710

For broader rules that govern the use of our services, see our Terms. For cookies specifically, see the Cookies notice.