Privacy Policy

1. Introduction

Edelweiss Cyber Intelligence ("we", "us", or "our") operates the Nexus intelligence platform and this website (collectively, the "Services"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have in relation to it.

By accessing or using our Services you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Services.

2. Data We Collect

2.1 Account & Contact Data

When you create an account or contact us we may collect your name, email address, organisation name, job title, and billing information (processed via our payment provider — we do not store full card details).

2.2 Usage Data

We automatically collect information about how you interact with the Services, including IP address, browser type and version, pages visited, features used, query counts, and timestamps.

2.3 Platform Content

Data you submit to Nexus — entities, case notes, archived pages, enrichment results — is stored on your behalf to deliver the Services. This content remains yours.

2.4 Cookies & Similar Technologies

We use strictly necessary session cookies to authenticate you. We do not use advertising or cross-site tracking cookies.

3. How We Use Your Data

We use the data we collect to:

• Provide, operate, and improve the Services
• Authenticate users and maintain account security
• Process payments and send transactional communications (receipts, expiry notices)
• Respond to support requests and enquiries
• Detect, investigate, and prevent abuse or security incidents
• Comply with legal obligations

We do not sell your personal data. We do not use your data to train machine-learning models.

4. Legal Basis for Processing (EEA / UK)

Where the GDPR or UK GDPR applies, we process your personal data under the following legal bases:

• Contract — processing necessary to fulfil our agreement with you (account operation, billing)
• Legitimate interests — security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your rights
• Legal obligation — where processing is required to comply with applicable law
• Consent — where you have provided explicit consent (e.g. optional communications)

5. Data Sharing & Third Parties

We share personal data only as necessary:

• Service providers — hosting, payment processing, and email delivery partners who process data solely on our instruction under data processing agreements
• Data source connectors — queries you initiate against third-party intelligence providers (AbuseIPDB, VirusTotal, etc.) are subject to those providers' own privacy policies
• Legal requirements — where required by law, court order, or to protect the rights and safety of our users or the public
• Business transfers — in the event of a merger or acquisition, your data may be transferred to the successor entity subject to equivalent privacy protections

6. Data Retention

We retain account and billing data for as long as your account is active and for up to seven (7) years thereafter for legal and financial record-keeping purposes. Platform content (cases, entities, archives) is deleted within 90 days of account closure on request. Usage logs are retained for up to 12 months.

7. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure, including encryption in transit (TLS) and at rest, access controls, and security monitoring. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Your Rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to erasure")
• Object to or restrict certain processing
• Receive your data in a portable format
• Withdraw consent where processing is based on consent
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at contact@edelweisscyber.com. We will respond within 30 days.

9. International Transfers

If we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in accordance with applicable data protection law.

10. Children

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or a prominent notice on the platform at least 14 days before taking effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights, please contact: