1. Introduction

This Privacy Notice applies to all the products, services, websites and apps offered by NXTKey Corporation, and other NXTKey affiliates (product name “NXTCyber”), except where otherwise noted. The services include NXTCyber AI Engine. We refer to those products, services, websites, and apps collectively as the “services” in this notice. Unless otherwise noted in your contract, our services are provided by NXTCyber inside of the United States of America.

  • Data Collection
  • Contact information.

You might provide us with your contact information (for example: name or email address), whether through use of our services, a form on our website, an interaction with our sales or customer support team, or a response to one of NXTCyber’s own surveys or forms.

(b) Cookie information.

We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails.

When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. To change your cookie settings and preferences for one of our websites, click the Cookie Preferences link in the footer of the page. You can also control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our websites and services.

(c) Customer support information.

We collect information submitted through our Customer Support portal, such as name, email, and message text.

(d) Device and Usage data.

As is true of most websites, we gather certain device information when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.

In addition, we gather certain information as part of your use of our products and services (“Usage Data”). This information may include: (i) identifiers, such as user ID, organization ID, username, email address and user type; (ii) commercial information; and (iii) internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, language, browser type, Internet service provider or mobile carrier, user interactions such as the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system type and version, system configuration information, date and time stamps associated with your usage and details of which of our products and product versions you are using. In addition, we may use aggregated Usage Data for other internal business purposes, such as to identify additional customer opportunities and to ensure that we are meeting the demands of our customers and their users. Please note that this Usage Data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.

(e) Event data.

Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

(f) Referral information.

If you arrive at a NXTCyber website from an external source (such as a link on another website or in an email) or have been invited to review a survey as a guest, we record information about the source that referred you to us.

(g) Integration data.

We collect information from third parties with whom NXTCyber enables integrations in order to allow you to use both services.

  • Use of Data

In our commitment to transparency and privacy, we clearly outline how we use the personal data collected through our SaaS product. Below are the purposes for which your data is used:

  1. To Provide and Manage Services:          
    We use your information to operate, maintain, enhance, and provide all features of our SaaS product, to provide services and information that you request, to respond to comments and questions, and to provide support to users of our services.
  2. To Improve Services:
    We use your information to understand and analyze the usage trends and preferences of our users to make our SaaS product better, diagnose technical issues, and develop new features and functionality.
  3. To Communicate With You:
    We may use your email address or other information we collect to contact you for administrative purposes such as customer service or to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties we work with. You have the ability to opt out of receiving any promotional communications as described below under “User Rights.”
  4. Security and Fraud Prevention:
    We use information about you and your service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of service policies.
  5. Legal Compliance:
    We may use your information to comply with applicable laws, lawful requests, and legal processes, such as responding to subpoenas or requests from government authorities.
  6. Analytics and Performance:
    We utilize data, including user behavior and interactions, to perform analytics that help us improve our SaaS product and marketing efforts.

User Consent:
By using our SaaS product, you consent to the data practices described in this policy. If we plan to use personal data in a manner different from that stated at the time of collection, we will notify users via email and/or a prominent notice on our service, and where necessary we will seek prior consent.

  • Data Sharing and Disclosure

We value your privacy and limit disclosure of your personal data to third parties. The information collected from you is used as described in the “Use of Data” section and may be shared under the following circumstances:

  1. Service Providers:
    We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. These third-parties have agreed to maintain the confidentiality, security, and integrity of the information and to use it only for the purposes for which they have been engaged by us.
  2. Business Transfers:
    We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  3. Legal Requirements and Law Enforcement:
    We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
    1. Comply with a legal obligation,
    1. Protect and defend the rights or property of the Company,
    1. Act in urgent circumstances to protect the personal safety of users of the Service or the public, or
    1. Protect against legal liability.
  • Affiliates:
    We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy policy. Affiliates include our parent company and any other subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
  • Aggregated or Anonymized Data:
    We may share aggregated or anonymized information that does not directly identify you with the third parties described above. We may also share it with other third parties for lawful purposes.

Consent:
We will share personal data with companies, organizations, or individuals outside of NXTCyber when we have your consent to do so.

  • Data Security

We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Data we process or use.

While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us.

NXTCyber is an ISO 27001 certified company and follows all the best practices and is in compliance with generally accepted NIST security standards for information security.

  • Data Retention

NXTCyber is committed to only retaining personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Here’s how we handle data retention:

  1. Retention Period:

Customer Data: Data collected from customers is retained as long as the individual remains an active user of our services. Customer data is subject to a retention period of 1 years post account deactivation, to comply with legal obligations and resolve disputes.

Transactional Records: Financial transactions and related data are retained for a minimum of 7 years to comply with tax law and auditing requirements.

Marketing Information: Data used for marketing purposes is retained until a user opts out of such communications or requests deletion of their data.

  • Criteria Used to Determine Retention Periods:

We determine the retention period based on the necessity of the data for providing services, the existence of a legal obligation, or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

  • Deletion of Data:

After the retention period expires, personal data is either deleted, anonymized, or isolated from further processing without use unless there is a lawful basis for continued storage (e.g., unresolved disputes or ongoing customer support issues).

  • Review of Data Retention:

We regularly review our data retention practices to ensure they comply with our policies and relevant regulatory requirements. Adjustments are made based on changes in legislation or operational needs.

We understand the importance of protecting our users’ privacy and limiting the retention of data to what is strictly necessary. If you have any questions about our data retention practices, please contact our Data Protection Officer

  • User Data Protection Rights

We recognize and uphold your rights concerning your personal data. Below are the rights you hold, along with descriptions on how you can exercise these rights:

  1. Right to Access
    You have the right to access your personal data that we hold. This allows you to receive a copy of the personal data we have about you and to check that we are lawfully processing it.
  2. Right to Rectification
    You are entitled to request the correction of your personal data if it is inaccurate or incomplete.
  3. Right to Erasure (‘Right to be Forgotten’)
    You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law.
  4. Right to Restrict Processing
    You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  5. Changes to the Privacy Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated “Effective Date,” and the updated version will be effective as soon as it is accessible.

By using our Software, you agree to the collection and use of information in accordance with this policy. If you have any questions about this Privacy Policy, please contact us.

  • Contact Information

Contact NXTCyber at support@nxtcyber.com

Scroll to Top