Privacy Policy

This Policy applies to all personal information processed through the Nixo website, the Unifort identity and authentication layer, Pulse productivity intelligence, the Aura Chatbot ingestion systems, and any applications, newsletters, or support channels operated by Nixo. It sets out the principles and practices that guide our handling of information throughout the customer life cycle.

Nixo operates as a single global Data Controller. Our infrastructure presently relies on Azure and AWS across designated regions, with planned expansion into Nixo operated data centers as our footprint grows.

Nixo collects personal information provided by users during account creation, onboarding, configuration, and use of the platform. This includes basic identifiers, contact information, workspace and domain details, and any profile data submitted as part of tenancy creation.

When users authenticate through Unifort, Nixo processes the information required to provide secure access, including hashed credentials, authentication events, IP and network metadata, and a non-reversible device trust signature.

Users who install and operate the Pulse Desktop Client generate a separate category of information which Nixo processes for the purpose of delivering insights and security functions. This may include application activity, system telemetry, performance indicators, environmental metadata, operational timestamps, and raw screenshots that reflect the state of the user's screen at the moment of capture. Screenshots may occasionally contain sensitive content if it is visible at that time, such as an open webcam feed or personal material displayed on screen.

Our website and platform interfaces collect information through cookies, tracking pixels, analytics tools, and diagnostic systems. Nixo uses essential, analytics, and functional cookies, together with services such as Google Analytics, Microsoft Clarity, Google Tag Manager, Azure Insights, Sentry, and Grafana to understand traffic patterns, improve performance, and identify issues. These tools collect behavioural and technical data but do not receive screenshots or Pulse telemetry.

Nixo also collects information when individuals subscribe to our newsletters. These records are stored in a separate Nixo managed database consistent with this Policy.

Nixo processes personal information to authenticate users, operate the platform, generate insights, maintain account integrity, secure the environment, and provide the functionality customers expect from the Nixo suite.

Information processed by Pulse is used to deliver dashboards, behavioural analytics, productivity reports, and organisational intelligence. Information passed through Unifort is used to provide identity verification, access control, fraud detection, and multi-factor authentication. Website and analytic data are used to improve user experience, understand engagement patterns, monitor system performance, and enhance reliability.

Certain data is processed to train or refine machine learning models that support Aura and the intelligence features of Pulse. This includes pseudonymized behavioural patterns, operational signals, and trend-based datasets. Only customers who opt in have their data used for long term model development.

Nixo processes information on the basis of consent, contractual necessity, legitimate interest, or compliance with applicable law depending on the context and nature of the processing.

Nixo may process pseudonymized metadata in regions outside the area where a user originally resides. Databases storing identifiable information remain within designated primary regions, presently Australia and India. Only the data required for operational continuity, analytics, diagnostics, or lawful business purposes may be transferred or accessed by systems or teams located in other jurisdictions.

Individuals may request access to their personal information, request correction of inaccurate information, request deletion, object to certain types of processing, or withdraw consent for processing activities that rely on it. These rights may be exercised by contacting Nixo through the channels provided in this Policy.

Nixo may introduce a privacy action interface which allows users to initiate deletion or objection workflows directly through the platform.

Some rights, such as data portability or review of automated decision making, are not provided during the current stage of the product lifecycle.

The Nixo platform is not intended for individuals under the age of 18. Minors should not use Nixo services, and Nixo does not knowingly collect their information.

Nixo uses external services to support analytics, communications, diagnostics, and payment operations. These services receive operational metadata but do not receive screenshot content or Pulse telemetry. Examples include Google Analytics, Microsoft Clarity, Azure Insights, Sentry, Grafana, Twilio, Stripe, and Razorpay.

These processors act under contracts that require them to protect information and process it only as instructed by Nixo.

Nixo employs security measures consistent with industry practices, including but not limited to encryption of data at rest using AES standard encryption, TLS encryption for data in transit, credential hashing using bcrypt, structured access control, audit logging, and encryption key rotation.

Although Nixo takes reasonable steps to protect information, no system is entirely immune to risk, particularly during preview or beta phases. Users are encouraged to adopt safe practices and follow internal organisational policies when using Nixo services.

Personal information is retained only for as long as necessary to support the purpose for which it was collected. Pulse related data remains in the primary environment for thirty days and may be retained in cold storage for an additional thirty days for screenshot content. Derived analytics and pseudonymized insights may be retained for longer periods as they no longer identify individuals.

When an account is deleted, personal information is removed promptly except where retention is required by law or where derived data is no longer linked to an identifiable user. Customers who choose to contribute data to improve Nixo's machine learning models grant longer term retention rights for their pseudonymized contributions.

Nixo may update this Privacy Policy as technology, regulatory requirements, and operational practices evolve. Updated versions will be posted on the Nixo website with an amended effective date. Continued use of the services constitutes acceptance of any revised Policy.