Privacy Policy

We collect information you provide directly when you create an account, request a demo, or contact us. This includes your name, email address, company name, and role.

We also collect technical information automatically when you use our services, including IP addresses, browser type, device identifiers, and usage patterns. This data helps us maintain service reliability and improve the product experience.

When you integrate Glyph Guard into your infrastructure, the system processes agent request metadata to evaluate risk and enforce policies. We do not retain the content of intercepted requests beyond the real-time inspection window.

We use the information we collect to provide, maintain, and improve our services. Specifically, we use it to operate the Glyph Guard platform, respond to your inquiries, send service-related communications, and analyze usage patterns to improve product quality.

We do not sell your personal information to third parties. We may share information with service providers who assist in operating our infrastructure, subject to contractual obligations that limit their use of that data.

Our website uses strictly necessary cookies to maintain session state and ensure core functionality. We do not use third-party advertising cookies or cross-site tracking pixels.

If we introduce analytics in the future, we will use privacy-respecting tools that do not build user profiles or share data with advertising networks. This policy will be updated before any such change takes effect.

We retain personal information for as long as your account is active or as needed to provide services. Account data is deleted within 90 days of account closure, unless we are required to retain it for legal or compliance purposes.

Structured audit logs (timestamps, risk scores, policy outcomes) are retained according to your organization's configured retention policy, with a default of 90 days.

Demo request submissions (name, email, company, message) are retained for the purpose of responding to your inquiry and are deleted within 12 months if no service relationship is established.

We implement technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), access controls, and regular security assessments.

No method of transmission or storage is perfectly secure. If you become aware of any unauthorized access to your account, contact us immediately at security@nxt-ai.net.

We use a limited number of third-party service providers to operate our business: cloud infrastructure hosting, transactional email delivery, and payment processing. Each provider is bound by data processing agreements that restrict their use of your data to the services they perform on our behalf.

We do not share your personal information with third parties for their own marketing purposes.

NXT AI operates from the United States. If you access our services from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate.

Where required by applicable law, we rely on appropriate transfer mechanisms (such as standard contractual clauses) to ensure your data is protected in accordance with this policy.

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal information. You may also have the right to restrict or object to certain processing activities.

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information (which we do not engage in).

If you are located in the European Economic Area or the United Kingdom, you have rights under the GDPR including access, rectification, erasure, data portability, and the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact us at privacy@nxt-ai.net. We will respond to verified requests within 30 days.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will take steps to delete that information promptly.

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or our data practices, contact us at privacy@nxt-ai.net.