Privacy Policy

Last Updated: November 21, 2025

1. Introduction

The protection of your personal data is important to us. This Privacy Policy informs you about how we collect, process, and use your personal data when using NexusForge. This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

We collect and process the following categories of personal data:

Personal Data:

  • Full Name
  • Email Address
  • Password (stored encrypted)
  • Organization Information (Name, Slug)

Technical Data:

  • IP Address
  • Browser Type and Version
  • Device Information
  • Usage Data and Access Times

3. Legal Basis for Processing

Contract Performance (Art. 6(1)(b) GDPR):

Processing is necessary for the performance of the contract for using our services or for pre-contractual measures.

Consent (Art. 6(1)(a) GDPR):

Where you have given us consent to process your personal data.

Legitimate Interests (Art. 6(1)(f) GDPR):

To protect our legitimate interests, such as improving our services and IT security.

Legal Obligations (Art. 6(1)(c) GDPR):

To comply with legal obligations to which we are subject.

4. Purpose of Data Processing

  • Managing your user account and organization
  • Providing and operating our services
  • Ensuring the security and integrity of our systems
  • Improving and developing our services
  • Complying with legal obligations

5. Data Retention

We store your personal data only for as long as necessary for the respective purposes:

  • Account Data: As long as your account is active
  • Log Files and Technical Data: Generally 90 days
  • After deletion of your account, all personal data will be deleted within 30 days, unless legal retention obligations exist

6. Data Sharing

We do not share your personal data with third parties, except:

  • With trusted service providers who assist us in operating our services (e.g., hosting providers, database providers) - these are contractually obligated to comply with GDPR
  • When we are legally required to do so or when necessary to enforce our rights
  • In the event of a merger, acquisition, or sale of assets, whereby you will be notified in advance

7. Data Location

Your data is stored and processed exclusively within the European Union:

Server Hosting: Hetzner Online GmbH, Germany

Database: Hetzner Online GmbH, Germany

All your data remains within the EU and is therefore fully subject to GDPR. No data is transferred to third countries outside the EU.

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us.
  • Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your data.
  • Right to Restriction (Art. 18 GDPR): You have the right to request the restriction of processing.
  • Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used format.
  • Right to Object (Art. 21 GDPR): You have the right to object to the processing of your data.
  • Withdrawal of Consent: You can withdraw any consent given at any time with effect for the future.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority.

9. Data Security

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons:

  • SSL/TLS encryption for data transmission
  • Strict access control mechanisms
  • Regular security audits and monitoring
  • Current security standards and regular updates

10. Cookies and Similar Technologies

We use cookies to ensure the functionality of our services and improve your user experience:

Essential Cookies:

These are required for the operation of the website (e.g., session cookies for authentication).

Functional Cookies:

These enable enhanced functionality and personalization (e.g., language settings, theme preferences).

11. Children's Privacy

Our service is not directed to persons under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected data from children, we will delete it immediately.

12. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or changes to our services. The current Privacy Policy can always be found on this page. We will notify you of significant changes via email.