Last updated: May 31, 2026
NYOXA LABS is committed to maintaining the highest standards of confidentiality regarding all client information, assessment findings, and communications. This Confidentiality Policy outlines our commitment to protecting sensitive data entrusted to us during the provision of cybersecurity services.
1. Definition of Confidential Materials
For the purposes of this policy, "Confidential Materials" include, but are not limited to:
- Client Information: Client names, contact details, business processes, and internal technical information.
- Target Systems and Scope: Details of systems, applications, networks, and infrastructure included in the assessment scope.
- Vulnerability Findings: All identified vulnerabilities, security weaknesses, and their associated details.
- Assessment Evidence: Screenshots, proof-of-concept data, technical notes, access credentials, and test accounts used during assessments.
- Reports and Deliverables: Draft and final assessment reports, retest reports, and any other documents generated as part of the service.
- Communications: All verbal and written communications between NYOXA LABS and the client related to the assessment.
2. Handling Principles
NYOXA LABS adheres to the following principles for handling Confidential Materials:
- Limited Access: Access to Confidential Materials is strictly limited to authorized NYOXA LABS personnel who require access to perform their duties related to the assessment.
- Need-to-Know Basis: Information is shared internally only on a strict "need-to-know" basis.
- Secure Storage: Confidential Materials are stored on secure systems with appropriate access controls, encryption, and audit logging.
- Secure Transmission: All electronic transmission of Confidential Materials, including reports and sensitive data, is conducted using industry-standard secure communication methods (e.g., encrypted channels, secure file transfer protocols).
- Data Minimization: We strive to minimize the collection of sensitive client data and redact or anonymize sensitive values (e.g., PII, credentials) in reports and internal documentation where practical and appropriate.
- Employee Training: All NYOXA LABS employees receive regular training on data protection, confidentiality obligations, and secure handling procedures.
3. Public Disclosure
NYOXA LABS will never publicly disclose client names, specific assessment findings, vulnerability details, screenshots, or reports without the explicit, prior written permission of the client. Any sample reports or case studies published by NYOXA LABS will use fictionalized targets and data to ensure client confidentiality.
4. Third-Party Disclosure
Confidential Materials will not be disclosed to any third parties unless:
- Client Consent: Explicit written consent is obtained from the client for specific disclosures.
- Legal Requirement: Disclosure is required by law, court order, or governmental regulation.
- Sub-processors: Shared with trusted third-party service providers (sub-processors) who are essential for service delivery, provided they are bound by confidentiality obligations at least as stringent as those outlined in this policy.
5. Survival of Obligations
The confidentiality obligations outlined in this policy shall survive the termination or expiration of any service agreement between NYOXA LABS and the client for a period of five (5) years, or as otherwise specified in a separate Non-Disclosure Agreement (NDA) or service contract.
6. Breach Notification
In the event of a confirmed or suspected breach of confidentiality involving client data, NYOXA LABS will notify the affected client(s) without undue delay, in accordance with applicable legal and contractual obligations. The notification will include details of the breach, the data affected, and the steps being taken to mitigate the impact.
7. Changes to This Policy
NYOXA LABS reserves the right to update this Confidentiality Policy at any time. Any changes will be posted on our website with a revised "Last updated" date.
8. Contact Us
For any questions regarding this Confidentiality Policy, please contact us at:
