Last updated: May 31, 2026
NYOXA LABS is committed to protecting the privacy and confidentiality of its clients, website visitors, and individuals who submit inquiries or assessment requests. This Privacy Policy outlines how we collect, use, store, and safeguard personal and sensitive information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) in 2026.
1. Information We Collect
We collect information necessary to provide our cybersecurity services, respond to inquiries, and improve our offerings. The types of information collected may include:
- Contact Information: Name, company name, email address, phone number, and WhatsApp number.
- Service Inquiry Details: Website, domain, application, or system information submitted for scoping purposes, service request specifics, and messages communicated through forms.
- Assessment-Related Documents: Any documents voluntarily provided by clients relevant to security assessments.
- Technical Data: Basic website analytics, technical logs, and IP addresses for security and operational purposes.
2. How We Use Information
We process collected information for the following purposes, based on legitimate interests, contractual necessity, or explicit consent:
- Service Delivery: To respond to inquiries, prepare proposals and scopes, confirm authorization for testing, deliver cybersecurity services, and communicate regarding assessments, reports, and remediation efforts.
- Website and Service Improvement: To analyze website usage patterns, enhance user experience, and develop new services.
- Security and Compliance: To maintain the security of our systems, prevent abuse, and comply with legal and regulatory obligations.
- AI-Assisted Interactions: Information provided during interactions with our AI assistant, Nyo Bot, is used solely to facilitate and improve the responsiveness and accuracy of the AI's assistance. We do not use personal data submitted through Nyo Bot to train our AI models without explicit, separate consent.
3. Sensitive Security Information
All assessment details, vulnerability evidence, reports, screenshots, technical notes, access credentials, and client communications are treated as highly confidential security information. Access to such information is strictly limited to authorized personnel directly involved in the provision of services.
4. Sharing Information
NYOXA LABS does not sell personal information. We may share information only under the following circumstances:
- Service Provision: When necessary to deliver agreed-upon services, potentially involving trusted third-party service providers (e.g., cloud hosting, payment processors) who are bound by strict confidentiality and data protection agreements.
- Legal Obligation: When required by law, court order, or governmental regulation.
- Protection of Rights: When necessary to protect the rights, property, or safety of NYOXA LABS, our clients, or the public.
- Client Approval: With explicit client approval for specific disclosures.
5. International Data Transfers
For clients located in the European Economic Area (EEA) or other regions with data transfer restrictions, we ensure that any international transfers of personal data comply with applicable legal requirements, such as through the use of Standard Contractual Clauses (SCCs) or other approved mechanisms.
6. Data Retention
We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Clients may request the deletion of certain information, subject to legal and operational constraints. Specific retention periods are detailed in our Data Retention Policy.
7. Security Measures
NYOXA LABS implements robust administrative, technical, and organizational controls to protect information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular security audits, and employee training. While we strive for absolute security, no internet-based service can guarantee complete protection.
8. Your Data Protection Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain conditions.
- Right to Restriction of Processing: Request the restriction of processing your personal data under certain conditions.
- Right to Object to Processing: Object to the processing of your personal data under certain conditions.
- Right to Data Portability: Request transfer of your data to another organization or directly to you.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us using the details provided below.
9. Automated Decision-Making
NYOXA LABS does not engage in automated decision-making processes that produce legal effects concerning individuals or similarly significantly affect them.
10. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with a revised "Last updated" date.
11. Contact Us
For any privacy-related questions, concerns, or to exercise your data protection rights, please contact us at:
info@nyoxa.com security@nyoxa.com
