Privacy Policy

NexetRisk, Inc. ("NexetRisk," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our risk management platform (the "Service").

By using our Service, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

This policy applies to: • Visitors to our website • Users who register for an account • Enterprise customers who subscribe to our Service

We collect several types of information to provide and improve our Service:

2.1 Information You Provide • Account information during registration (name, email, company) • Billing information for payment processing • Data you upload for analysis • Communications with our support team

2.2 Information Collected Automatically • Log data (IP addresses, browser type, access times) • Device information (hardware model, operating system) • Usage information (features accessed, time spent) • Data collected through cookies and similar technologies

2.3 Information from Third Parties • Single sign-on data from authentication providers • Payment confirmation from payment processors • Business contact information for verification

We use the information we collect for:

3.1 Service Delivery • Creating and managing your account • Processing and analyzing your uploaded data • Generating risk reports and insights • Providing customer support

3.2 Service Improvement • Analyzing usage patterns to improve features • Developing new features and services • Conducting research and analysis • Fixing bugs and technical issues

3.3 Communications • Sending service-related notifications • Providing product updates and newsletters • Responding to your inquiries • Sending marketing communications (with your consent)

3.4 Security and Compliance • Detecting and preventing fraud • Monitoring for suspicious activity • Complying with legal obligations • Enforcing our Terms of Service

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers We share information with third-party vendors who help us operate our Service: • Cloud hosting providers (AWS, Google Cloud) • Payment processors (Stripe, PayPal) • Analytics providers • Customer support tools

4.2 Business Transfers If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

4.3 Legal Requirements We may disclose your information if required by law or in response to valid legal process.

4.4 With Your Consent We may share your information with other parties when you explicitly consent to such sharing.

4.5 Aggregated Data We may share aggregated, de-identified data that does not personally identify you for analytics purposes.

We implement industry-standard security measures to protect your data:

5.1 Technical Safeguards • TLS 1.3 encryption for all data in transit • AES-256 encryption for data at rest • Two-factor authentication for all accounts • Regular security audits and penetration testing

5.2 Organizational Measures • Background checks for employees • Security awareness training • Role-based access controls • Incident response procedures

5.3 Infrastructure Security • Hosted in SOC 2 certified data centers • Redundant backup systems • Intrusion detection and prevention • 24/7 security monitoring

5.4 Compliance Certifications • SOC 2 Type II • ISO 27001 • GDPR Compliant • CCPA Compliant

While we strive to protect your data, no method is 100% secure. In the event of a data breach, we will notify affected users in accordance with applicable law.

6.1 Retention Periods We retain your information for the following periods: • Account data: As long as your account is active • Uploaded data: Per your subscription plan (Standard: 90 days, Professional: 1 year, Enterprise: customizable) • Usage logs: 2 years • Billing records: 7 years (tax compliance requirement)

6.2 After Account Termination When you terminate your account: • Account data is deleted within 30 days • Uploaded data is deleted within 30 days (unless you request immediate deletion) • Backups are purged within 90 days • Some data may be retained for legal compliance

6.3 Data Deletion Requests You may request deletion of your data at any time. We will process deletion requests within 30 days.

7.1 Cookies We Use • Essential Cookies: Required for the Service to function • Functional Cookies: Remember your preferences • Analytics Cookies: Understand how the Service is used • Marketing Cookies: Deliver relevant advertising (with consent only)

7.2 Cookie Management You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.

7.3 Do Not Track We currently do not respond to browser "Do Not Track" signals as there is no uniform industry standard.

7.4 Third-Party Cookies Our Service may include cookies from third-party services: • Google Analytics (usage analytics) • Stripe (payment processing) • Intercom (customer support)

Depending on your location, you may have the following rights:

8.1 Right to Access You can request a copy of the personal data we hold about you.

8.2 Right to Rectification You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure You can request deletion of your personal data ("right to be forgotten").

8.4 Right to Restriction You can request restriction of processing of your data in certain circumstances.

8.5 Right to Data Portability You can request to receive your data in a structured, machine-readable format.

8.6 Right to Object You can object to processing based on legitimate interests.

8.7 Right to Withdraw Consent Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, contact us at: privacy@riskguard.com

9.1 Data Location Our primary data centers are located in the United States. Your data may also be stored in: • European Union (Frankfurt) • Asia-Pacific (Singapore)

9.2 Transfer Safeguards For international data transfers, we use: • Standard Contractual Clauses (SCCs) • Voluntary adherence to Privacy Shield principles • Adequacy decisions (where applicable)

9.3 Data Sovereignty Enterprise customers can choose data residency regions to comply with local regulations.

Our Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that we have collected personal information from a child, please contact us immediately and we will delete that information.

We may update this Privacy Policy from time to time. Changes become effective when we post the updated policy on this page.

For significant changes, we will: • Notify you via email • Display a prominent notice in the Service • Provide at least 30 days notice before changes take effect

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Data Protection Officer NexetRisk, Inc. 100 Market Street, Suite 500 San Francisco, CA 94105 United States

Email: privacy@riskguard.com Phone: +1 (415) 555-0124

EU Representative: NexetRisk EU Ltd. 123 Data Street Dublin, Ireland eu-privacy@riskguard.com

We will respond to all requests within 30 days.