Skip to main content
MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY •
MIAMI WEB AI
LEGAL

Privacy Policy

Last updated: April 11, 2026

1. SCOPE AND CONTROLLER

This Privacy Policy ("Policy") applies to:

  • Customers and their personnel who use our services
  • Individuals whose personal data we process in the course of delivering services to our customers, to the extent we act as a service provider or processor on their behalf

This Policy does not apply to third party websites, services, or platforms that we do not control, even if they are linked from our website or used in our integrations.

Controller. For most activities described in this Policy, Nuko Nova Dynamics LLC (doing business as Miami Web AI) is the controller of your personal information. When we process personal information on behalf of a customer in connection with services we provide, the customer is the controller and we act as a service provider or processor.

If you have questions about this Policy, see the Contact us section below.

2. INFORMATION WE COLLECT

The information we collect depends on how you interact with us. We may collect the following categories of information.

2.1 INFORMATION YOU PROVIDE TO US DIRECTLY

You may provide information to us when you:

  • Fill out forms on our website (for example contact forms, project briefs, quote requests)
  • Book a call or consultation
  • Communicate with us by email, phone, or messaging tools
  • Enter into a Contract with us or sign up for services
  • Participate in surveys or provide feedback

The information you provide may include:

  • Name and contact details such as email address, phone number, job title, and company name
  • Information about your business, website, systems, and goals
  • Project details, requirements, and preferences
  • Billing and invoicing details such as billing contact and business address
  • Financial account information you choose to link via regulated third-party financial account aggregation providers, which may include account type, balance, transaction history, and account ownership details. We never receive or store your bank login credentials — those are handled exclusively by the regulated aggregation provider.
  • Identity verification data, such as government ID type and last four digits only (never full ID numbers), where required for service delivery
  • Any other information you choose to share with us

2.2 INFORMATION COLLECTED AUTOMATICALLY

When you visit our website or interact with our online content, we may automatically collect certain information about your device and usage, for example:

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages viewed, links clicked, and time spent on pages
  • Referring URLs and exit pages
  • Date and time of visits

We may collect this information using cookies, pixels, and similar technologies. See the Cookies and similar technologies section below for more information.

2.3 INFORMATION FROM THIRD PARTIES

We may receive information about you from third parties, for example:

  • Payment processors such as Stripe, which may provide limited billing related information
  • Scheduling tools, CRM systems, or forms platforms we use
  • Public sources such as professional profiles and company websites

We may combine information we receive from third parties with other information we collect, and treat the combined information as described in this Policy.

2.4 CUSTOMER DATA PROCESSED ON YOUR BEHALF

In the course of providing services, you may provide us with access to your systems, data, or content. This can include personal data about your customers, users, or employees.

For this type of data, you are the controller and we process it only:

  • As necessary to deliver the services described in our Contract with you
  • In accordance with your documented instructions and applicable law

Our use of such customer data is governed by our Contract with you and any data processing agreement we enter into, not by this Privacy Policy.

3. HOW WE USE INFORMATION

We use personal information for the following purposes:

To provide and operate our services

  • Delivering projects, automations, and implementations
  • Managing user accounts and access
  • Setting up, configuring, and maintaining integrations

To process financial data

  • Enabling secure financial account linking via regulated third-party aggregation providers
  • Verifying account ownership and availability of funds
  • Displaying account information, balances, and transaction history in customer dashboards
  • Categorizing transactions to support budgeting, analytics, and cash flow tools
  • Supporting payment processing and account verification, strictly in accordance with your explicit consent and the scope of services you have requested

To communicate with you

  • Responding to inquiries and support requests
  • Sending service related messages and updates
  • Scheduling and conducting calls or meetings

To manage our business relationship

  • Preparing and administering Contracts and statements of work
  • Processing payments, invoicing, and accounting
  • Collecting amounts owed and addressing disputes

To improve and develop our services

  • Analyzing how our website and services are used
  • Testing and improving user experience, workflows, and performance
  • Developing new offerings and features

For security and fraud prevention

  • Protecting the integrity and security of our systems and services
  • Detecting, investigating, and preventing fraud or abuse

For legal and compliance purposes

  • Complying with legal obligations and regulatory requirements
  • Enforcing our Terms of Service and Contracts
  • Protecting our rights, property, and the safety of us and others

For marketing and business development

  • Sending you information about services, features, or content we think may interest you
  • Running campaigns, events, or webinars
  • Managing your communication preferences and consent where required

We do not sell personal information.

4. LEGAL BASES FOR PROCESSING (EEA AND UK VISITORS)

If you are located in the European Economic Area, the United Kingdom, or a similar jurisdiction that requires a legal basis for processing, we process your personal information on one or more of the following bases:

  • Contract: To enter into and perform our Contract with you or the organization you represent.
  • Legitimate interests: To operate and improve our services, communicate with you about our offerings, maintain security, and prevent fraud, where these interests are not overridden by your rights and interests.
  • Consent: Where required by law, for example for certain marketing activities or non essential cookies. You can withdraw consent at any time.
  • Legal obligation: To comply with laws, regulations, or court orders.

5. COOKIES AND SIMILAR TECHNOLOGIES

We use only essential cookies and storage mechanisms necessary to operate our website and remember your preferences. We do not currently use non-essential cookies for analytics, advertising, or tracking.

Cookies and similar technologies in use
NameTypePurposeDurationParty
themeLocal storageRemembers your light/dark mode preferencePersistentFirst-party
cf_clearanceCookieBot detection and DDoS protection (Cloudflare Turnstile)SessionThird-party (Cloudflare)
_vercel_*CookieInfrastructure and session support from our hosting providerSessionThird-party (Vercel)

You can control cookies at the browser level by adjusting your settings to refuse or delete cookies. If you disable essential cookies, some website features may not function properly.

If we add any non-essential cookies in the future, we will update this table and, where required by law, present a cookie banner to obtain your consent.

6. HOW WE SHARE INFORMATION

We may share personal information with the following categories of recipients, as necessary for the purposes described above:

Service providers and vendors

Companies that help us operate our business and deliver services, such as:

  • Hosting and infrastructure providers
  • Email and communication tools
  • Payment processors (for example Stripe)
  • Analytics and monitoring services
  • Project management and CRM platforms

Subcontractors and collaborators

Independent contractors and partner firms who help us deliver specific projects or services, under appropriate confidentiality obligations.

Professional advisors

Lawyers, accountants, auditors, and other professional advisors, where necessary for the services they provide to us.

Business transfers

In connection with a merger, acquisition, financing, sale of assets, or similar transaction involving our business. In such cases, personal information may be transferred as part of the transaction, subject to appropriate safeguards.

Legal and safety reasons

When we believe in good faith that disclosure is necessary to:

  • Comply with a law, regulation, or legal request
  • Protect the rights, property, or safety of Miami Web AI, our customers, or others
  • Detect or address fraud, security, or technical issues

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We do not sell personal information, and we do not share it with third parties for their own independent marketing purposes.

When we share personal information with service providers, we require them to use it only for the purposes we specify and to protect it appropriately.

7. DATA RETENTION

We retain personal information only as long as needed to fulfill the purposes described in this Policy. Specific retention periods vary by data category:

Data retention periods by category
Data categoryRetention period
Active customer relationship dataDuration of relationship + 90 days
Financial account connection data30 days after user disconnects the account or terminates the service
Imported transaction history from financial providers24 months rolling (matches provider default)
Billing and tax records7 years (IRS requirement)
Marketing communications dataUntil opt-out + 30 days
Security and audit logs12 months
Aggregated / anonymized analyticsIndefinite (non-personal)

When personal information is no longer needed for these purposes, we delete it or take steps to anonymize it, unless we are required by law to keep it longer.

Users may request earlier deletion of their personal information, subject to our legal, tax, accounting, and security retention obligations. See §10 (Your Rights and Choices) for the request process.

If we process personal information on behalf of a customer, we retain and delete that information in accordance with our Contract with the customer.

8. SECURITY

We implement technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures include:

  • TLS 1.2 or higher encryption for all data in transit
  • AES-256 encryption at rest for all customer data, via Convex and Vercel managed encryption
  • Multi-factor authentication on all internal administrative systems
  • Principle of least privilege for staff and contractor access to customer data
  • Hosting on SOC 2 Type II certified infrastructure (Vercel, Convex); note that Miami Web AI is not independently SOC 2 certified
  • Regular review of dependencies, security practices, and access controls

For a detailed description of our security posture, see our Security page.

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

You are responsible for maintaining the security of your own systems and credentials, and for promptly notifying us if you suspect any unauthorized access to accounts related to our services.

8.5 DATA BREACH NOTIFICATION

In the event of a data breach affecting your personal information, we will notify you and any required regulatory authorities in accordance with applicable law, typically within 72 hours of becoming aware of the breach.

The notification will describe, to the extent we are permitted to disclose:

  • The nature and scope of the incident
  • The categories of personal information affected
  • The steps we have taken to contain and remediate the incident
  • Recommended actions you can take to protect yourself
  • Our contact information for further questions

This notification obligation does not apply to information that has been encrypted or otherwise rendered unreadable in a manner that provides equivalent protection, where the encryption key or other access mechanism was not compromised.

9. INTERNATIONAL TRANSFERS

We are based in the United States and use service providers that may process information in the United States and other countries.

If you are located outside the United States, your information may be transferred to and processed in a country that may not provide the same level of data protection as your home jurisdiction.

Where required by law, we implement appropriate safeguards for such transfers, such as standard contractual clauses or equivalent measures.

10. YOUR RIGHTS AND CHOICES

Your rights may depend on where you live and how you interact with us. Subject to applicable law, you may have the right to:

  • Access personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information
  • Object to or request restriction of certain processing
  • Withdraw consent where processing is based on your consent
  • Receive a copy of your personal information in a portable format where technically feasible (data portability)

You can exercise these rights by contacting us using the details in the Contact us section. We may need to verify your identity before fulfilling your request.

If we process personal information on behalf of a customer, we may redirect your request to that customer where appropriate, since they are the controller of that data.

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law. We encourage you to contact us first so we can try to resolve your concerns.

10.5 US STATE-SPECIFIC RIGHTS

This section provides additional disclosures and rights for residents of US states with comprehensive privacy laws. These rights are provided to the extent required by applicable law and, where not currently required, as a matter of policy.

10.5.1 CALIFORNIA (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know what personal information we collect, use, disclose, and sell or share
  • Right to delete personal information we have collected
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information — we do not sell personal information
  • Right to limit the use and disclosure of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

California residents may also request information under California's "Shine the Light" law regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

California residents may designate an authorized agent to submit requests on their behalf, subject to verification.

10.5.2 VIRGINIA (VCDPA)

Virginia residents have the right to confirm, access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale of personal data, and certain profiling decisions.

If we decline to take action on a request, you may appeal by contacting us at privacy@miamiweb.ai with "APPEAL" in the subject line. We will respond within sixty (60) days.

10.5.3 COLORADO (CPA)

Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale, and profiling.

We honor the Global Privacy Control (GPC) and similar universal opt-out mechanisms as an opt-out signal for targeted advertising and sale of personal data.

10.5.4 CONNECTICUT (CTDPA)

Connecticut residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale, and profiling. We honor universal opt-out mechanisms including the Global Privacy Control.

10.5.5 UTAH (UCPA)

Utah residents have the right to access, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising and sale of personal data.

10.5.6 TEXAS (TDPSA)

Texas residents have the rights under the Texas Data Privacy and Security Act (effective July 1, 2024) to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale, and certain profiling.

10.5.7 FLORIDA (FDBR)

The Florida Digital Bill of Rights applies to controllers exceeding $1 billion in annual revenue. As of the last updated date of this Policy, Miami Web AI does not currently meet this threshold. We nonetheless honor requests from Florida residents consistent with the rights provided in this Policy as a matter of policy.

10.5.8 HOW TO EXERCISE THESE RIGHTS

To exercise any of the rights described in this section, contact us at privacy@miamiweb.ai with a clear description of your request and the state in which you reside.

We will respond to verifiable consumer requests within forty-five (45) days, extendable by an additional forty-five (45) days where reasonably necessary. We may need to verify your identity before fulfilling your request.

If we decline to take action on your request, you may appeal by contacting us at privacy@miamiweb.ai with "APPEAL" in the subject line. We will respond to appeals within sixty (60) days.

You also have the right to file a complaint with your state Attorney General's office if you believe we have violated applicable law.

11. CHILDREN

Our website and services are designed for business and professional use and are not directed to children.

We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal information from a child under 16 without appropriate consent, we will take steps to delete it.

If you believe a child has provided personal information to us, please contact us.

12. THIRD PARTY LINKS AND SERVICES

Our website and services may contain links to third party websites, applications, or services. We are not responsible for the privacy practices of those third parties.

We encourage you to review the privacy policies of any third party sites or services you use.

12.5 SUBPROCESSORS AND SERVICE PROVIDERS

We engage the following categories of service providers to help us deliver our services. Each provider processes personal information only for the purposes specified, subject to appropriate confidentiality and security obligations.

Subprocessors and service providers
ProviderPurposeLocation
Vercel Inc.Hosting, edge network, analyticsUnited States
Convex Inc.Application database and backendUnited States
Stripe Inc.Payment processing and billingUnited States
ResendTransactional email deliveryUnited States
Cloudflare Inc.Bot detection and DDoS protection (Turnstile)United States / Global
Upstash Inc.Rate limiting (Redis)United States
AI model providers (OpenAI, Anthropic, ElevenLabs)Content processing only (not authentication or financial data)United States
GitHub Inc.Source code managementUnited States
Regulated financial account aggregation providersSecure financial account linking, balance verification, and transaction retrievalUnited States

This list may change as our infrastructure evolves. Material changes will be reflected in an updated version of this Policy with a new "Last updated" date. A dated changelog is available upon request to privacy@miamiweb.ai.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time.

When we make changes, we will revise the "Last updated" date at the top of the Policy. If changes are material, we may also provide additional notice, such as by email or through our website, where appropriate.

Your continued use of our website or services after an updated Policy becomes effective means you acknowledge the changes.

14. CONTACT US

If you have any questions or requests regarding this Privacy Policy or our handling of personal information, contact us at:

Nuko Nova Dynamics LLC

66 W Flagler Street, Suite 900, Miami, FL 33130

Email: privacy@miamiweb.ai (or) hello@miamiweb.ai

We maintain a record of material changes to this Policy. A dated changelog is available upon request to privacy@miamiweb.ai.