PlatformCompanyPricingBlogsNexula Labs
Start
Privacy & Data Protection

Privacy Policy

Your trust is our foundation. We're committed to protecting your data with enterprise-grade security.

Last Updated: December 27, 2025

Introduction

Nexula ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI supply chain security platform and related services.

As an India-first cybersecurity platform, we comply with all applicable Indian data protection laws, including the Information Technology Act, 2000, CERT-In directives, and relevant data localization requirements.

Information We Collect

1. Account Information

  • Name, email address, phone number
  • Company name and organization details
  • Billing and payment information
  • Account credentials (securely hashed)

2. Technical and Security Data

  • Software dependencies and package information (SBOM/BOM data)
  • Vulnerability scan results and security findings
  • AI/ML model metadata and framework information
  • Container, Kubernetes, and infrastructure configurations
  • License and compliance information
  • CI/CD pipeline integration data

3. Usage Information

  • Platform usage patterns and feature interactions
  • API calls and integration activity
  • Log data, IP addresses, and device information
  • Browser type, operating system, and access times

4. Communication Data

  • Support tickets and customer service interactions
  • Survey responses and feedback
  • Email communications and notifications

How We Use Your Information

Security Analysis & Vulnerability Detection

We analyze your SBOM/BOM data, AI models, and dependencies to identify vulnerabilities, security risks, license conflicts, and compliance issues using our dual AI engines (Llama 3.1 + GPT-4o).

Service Delivery & Platform Operations

We use your data to provide, maintain, and improve our platform, including real-time monitoring, threat hunting, compliance reporting, and multilingual support across 11+ Indian languages.

Model Training & Improvement

Aggregated and anonymized vulnerability patterns are used to fine-tune our AI models on Indian threat intelligence and CERT-In advisories. Your specific data is never used to train models without explicit consent.

Compliance & Legal Obligations

We use your information to generate CERT-In compliant reports, meet incident reporting requirements, and fulfill legal obligations under Indian cybersecurity regulations.

Communication & Support

We use your contact information to send security alerts, platform updates, respond to support requests, and provide training materials in your preferred Indian language.

Data Security

We implement industry-leading security measures to protect your data:

Encryption

AES-256 encryption at rest and TLS 1.3 encryption in transit for all data

Access Control

Role-based access control (RBAC) with multi-factor authentication (MFA)

Infrastructure Security

ISO 27001 certified infrastructure on hybrid AWS + Azure cloud

Audit Logging

Comprehensive audit logs with SIEM integration for security monitoring

Data Localization

Indian customer data stored in India as per data localization requirements

Regular Audits

Third-party security audits and penetration testing (SOC 2 Type II planned)

Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

Service Providers

We may share data with trusted third-party service providers (e.g., cloud hosting, payment processors, AI inference providers like Azure OpenAI, Sarvam.ai for multilingual support) under strict confidentiality agreements.

Legal Requirements

We may disclose information to comply with Indian law, CERT-In directives, court orders, or to protect our rights and the safety of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with appropriate safeguards.

Aggregated Data

We may share anonymized, aggregated vulnerability statistics and threat intelligence with the cybersecurity community and CERT-In to improve national security posture.

Your Rights

You have the following rights regarding your personal data:

Access & Portability

Request a copy of your personal data in a structured, machine-readable format

Correction

Update or correct inaccurate or incomplete personal information

Deletion

Request deletion of your personal data (subject to legal retention requirements)

Objection & Restriction

Object to certain processing activities or request restriction of data processing

Withdraw Consent

Withdraw consent for data processing at any time (may affect service availability)

To exercise any of these rights, please contact us at support@nexula.one

Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

  • Active account data: Retained for the duration of your subscription
  • Vulnerability scan results: Retained for 2 years for compliance reporting
  • Audit logs: Retained for 1 year as per CERT-In requirements
  • Billing records: Retained for 7 years as per Indian tax regulations
  • After account termination: Personal data deleted within 90 days (except legally required records)

International Data Transfers

For Indian customers, your data is stored and processed within India to comply with data localization requirements. When using cloud AI services (e.g., Azure GPT-4o), data may be temporarily transferred to secure international data centers with appropriate safeguards and encryption. Enterprise and Government customers can opt for on-premise or Indian-only cloud deployments.

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or platform notifications. The "Last Updated" date at the top of this policy indicates when it was last revised.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Office Address

Nagercoil, Kanniyakumari
Tamil Nadu, India

Contact Support Team