Version 3.0 — Effective 18 March 2026
The data controller responsible for the processing of your personal data under this policy is:
Next Sight d.o.o.
Brnciceva ulica 13, 1231 Ljubljana - Crnuce, Slovenia
Registration number: 9680390000
VAT ID: SI42908159
Email: info@next-sight.com
This Privacy Policy explains how Nexus ("the Platform"), operated by Next Sight d.o.o. ("we", "us", "our"), collects, uses, stores, and protects personal data when you access the Platform, including account registration, subscription management, investigation case workflows, OSINT tool usage, chat interactions, file uploads, and support requests.
This policy applies to all users of the Platform, including visitors to our public-facing pages. It does not apply to third-party websites or services linked from the Platform.
We may process the following categories of personal data:
Where applicable data protection law requires a legal basis for processing, we rely on the following:
Nexus primarily stores application data in the European Economic Area. Our primary database is deployed in AWS eu-north-1 (Stockholm, Sweden). We also use additional cloud services within the Europe geography for certain processing and customer-tenant related operations, including identity management and application monitoring.
File storage (case documents and note attachments) is hosted within the same AWS eu-north-1 region.
Some third-party service providers used by the Platform may process data in locations outside the EEA. See "International Transfers" below.
We use the following categories of service providers to operate the Platform. A detailed list of specific providers is available on request.
| Category | Region | Purpose |
|---|---|---|
| Database and hosting | EU (Stockholm, Sweden) | Primary data storage, authentication relay, file storage |
| Identity and authentication | Europe | User authentication, identity management, token issuance |
| Payment processing | EEA / International | Subscription billing, checkout, payment method handling |
| AI and language model | EEA / International | AI-assisted chat, investigation planning, content analysis |
| Application monitoring | North Europe | Error tracking, performance monitoring, distributed tracing |
| Investigation and enrichment services | Various | Web search, content retrieval, domain intelligence, data enrichment, and other investigative capabilities |
| Contact and support | EEA / International | Contact form hosting on public pages |
While our primary database and identity infrastructure are located within the EEA, certain third-party service providers may process data outside the EU/EEA. This may include providers of AI services, web search, data enrichment, payment processing, content retrieval, and contact form services.
Where personal data is processed by third-party service providers or transferred outside the EU/EEA, we apply appropriate safeguards as required by applicable data protection law, which may include Standard Contractual Clauses, adequacy decisions, or other recognized transfer mechanisms.
All external OSINT and intelligence API requests are routed through our corporate infrastructure so that third-party providers cannot identify or track individual Platform users.
We retain personal data only as long as necessary to provide the Platform, support account operations, and meet legal and billing obligations.
You can request complete account deletion through available account settings. Upon deletion, all user-linked data is permanently removed from active Platform systems, including all case files, messages, findings, entity graphs, uploaded documents, error logs, and the authentication record. This process is irreversible.
We implement technical and organizational measures to protect your data, including:
No system is completely secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.
The Platform uses the following browser storage mechanisms:
We do not use third-party advertising cookies or cross-site tracking technologies. We do not use third-party behavioral analytics services.
Depending on your jurisdiction, you may have rights regarding your personal data, including:
To submit a privacy request, contact us at info@next-sight.com. We will respond within the timeframe required by applicable law.
The Platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will take steps to delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will provide notice of material changes consistent with the notice provisions in our Terms of Service (minimum 30 days for material changes). The "Last Updated" date at the top of this page indicates when the policy was last revised.