Privacy Policy

Last updated: April 4, 2026

This Privacy Policy describes how Nyoxis collects, uses, discloses, and protects information when you use our products and services.

1. Who We Are

Nyoxis provides AI-powered web request threat analytics and data-redaction tooling.

Controller contact:

• Name: Nyoxis
• Email: [email protected]

2. Information We Collect

We collect information in three main categories.

2.1 Account and billing information

• Account identifiers (for example email and account profile data)
• Authentication/session data required to keep you signed in
• Billing and subscription data processed through Stripe

2.2 Request telemetry and security data

When your services send HTTP requests to Nyoxis for analysis, we process:

• Method and path
• Query string (after sensitive-value redaction)
• Request body (after sensitive-value redaction)
• Header data

Sensitive values are redacted before storage where supported by our sanitization pipeline, including credentials, tokens, secrets, API keys, passwords, OTP/MFA codes, and similar fields.

2.3 Metadata used for security analytics

• IP address data (or normalized IP/network representation)
• User-Agent
• Accept-Language
• Selected HTTP headers used for request-pattern generation (content-type and accept)
• Session fingerprints generated for abuse detection and correlation

3. How We Transform and Minimize Data

To reduce personal-data exposure while preserving threat-detection value:

• Sensitive fields are replaced with <redacted> where applicable.
• Dynamic request values are normalized (for example <int>, <float>, <bool>, <uuid>).
• Query keys are normalized/sorted to reduce duplicate pattern noise.
• For request-pattern hashing and storage, only a reduced header subset is retained (content-type, accept).

4. Why We Process Data

We process data to:

• Detect suspicious and malicious request behavior
• Classify attack families and score risk
• Provide customer-facing request/session logs
• Improve and train machine-learning models from normalized request patterns
• Operate billing, security, abuse prevention, and service reliability workflows

5. Legal Bases (GDPR)

Depending on context, Nyoxis relies on:

• Contract performance (providing requested services)
• Legitimate interests (service security, fraud/abuse prevention, analytics)
• Consent (non-essential analytics cookies, where required)
• Legal obligations (tax/accounting/compliance records)

6. Retention

• Request logs: retained up to 60 days maximum, depending on your plan.
• Normalized request patterns used for ML training and model quality: retained indefinitely unless deleted or restricted by law/contract.
• Cookie/consent preferences: retained for compliance and preference persistence.

7. Cookies and Tracking

Nyoxis uses:

• Essential cookies for login/session continuity and security
• Google Analytics cookies only after user consent

See our Cookie Policy for details.

8. Sharing and Subprocessors

We share data with subprocessors that help us provide the service, including:

• Stripe (billing/payment processing)
• Next Hat (cloud operations)
• Hetzner and OVH (infrastructure used under Next Hat)

See full details in Subprocessors.

9. International Transfers

Data may be processed in countries outside your own jurisdiction. We use contractual and organizational safeguards appropriate to the transfer context.

10. Your Rights (GDPR/CCPA)

Subject to applicable law, you may request:

• Access to your personal data
• Correction of inaccurate data
• Deletion of personal data
• Restriction or objection to certain processing
• Data portability (where applicable)
• Withdrawal of consent (for consent-based processing)

CCPA/CPRA users may have rights to know, delete, correct, and limit certain uses of personal information.

To exercise rights, contact [email protected].

11. Security

Nyoxis applies technical and organizational safeguards, including data redaction, access controls, and monitoring. No system can guarantee absolute security.

12. Children's Data

Nyoxis services are not directed to children under 16, and we do not knowingly collect personal data from children for independent consumer use.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date.