This Privacy Policy explains how NxtOne Ltd (“NxtOne”, “we”, “us”, “our”) collects, uses, stores, and protects your information when you use our platform, website, and related services. We are committed to protecting your privacy and handling your data with transparency.
NxtOne is an operational intelligence platform that captures runtime execution semantics from software applications. This policy covers all data processed through our services, including our website (nxtone.ai), the NxtOne platform, agents, APIs, and related tools.
Data Controller: NxtOne Ltd, registered in England and Wales. Our registered address is in London, United Kingdom.
Legal Basis for Processing: We process personal data under the following legal bases as defined by GDPR Article 6(1): contractual necessity for providing our services, legitimate interest for improving our platform and communicating with users, consent for marketing communications and optional cookies, and legal obligation for compliance with applicable laws.
When you create an account or contact us, we collect your name, email address, company name, job title, and billing information. This data is necessary to provide our services and manage your account.
We automatically collect information about how you interact with our platform, including pages viewed, features used, investigation queries, session duration, and browser/device type. This helps us improve the product.
The NxtOne agent captures semantic execution relationships from your application runtime. This is the core of our service and is covered in detail in Section 4 below.
Important: NxtOne captures execution semantics — method call relationships, service interactions, and timing data. We never capture source code, variable values, business data, PII, credentials, or request/response payloads. See Section 4 for full details.
We use collected data for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the service | Account info, execution data | Contract |
| AI root cause analysis | Execution data only | Contract |
| Billing & invoicing | Account info, usage metrics | Contract |
| Product improvement | Aggregated usage data | Legitimate interest |
| Security monitoring | Access logs, IP addresses | Legitimate interest |
| Marketing emails | Email address | Consent |
| Legal compliance | As required | Legal obligation |
We never use customer execution data to train, fine-tune, or improve AI models. Your execution data is used exclusively to provide the NxtOne service to your organization. This is a contractual commitment.
The NxtOne agent operates at the bytecode/runtime level and captures the following semantic information:
The NxtOne agent is explicitly designed to never capture, transmit, or store:
All data passes through a PII sanitization layer before storage. This filter identifies and strips potential personal data patterns (email addresses, IP addresses, phone numbers, names) from any metadata that may inadvertently contain such information.
All data is stored on Amazon Web Services (AWS) infrastructure in the eu-west-2 (London) region by default. Enterprise customers can request specific regional data residency.
We implement the following security measures:
For full details on our security posture, see our Security & Compliance page.
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
All third-party service providers are bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant handling of personal data.
Our website uses the following categories of cookies:
| Category | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session |
| Functional | Preferences, language, theme settings | 1 year |
| Analytics | Usage patterns, feature adoption (anonymized) | 90 days |
We do not use advertising cookies or tracking pixels. You can manage cookie preferences in your browser settings. Essential cookies cannot be disabled as they are required for the service to function.
Under GDPR, the UK Data Protection Act 2018, and other applicable legislation, you have the following rights:
To exercise any of these rights, contact us at privacy@nxtone.ai. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
Account data is retained for the duration of your active subscription plus 30 days after cancellation to allow for data export.
Execution data is retained according to your plan’s retention policy (default: 90 days). Enterprise customers can configure custom retention periods.
Usage analytics are retained in anonymized, aggregated form and are not linked to individual users after 12 months.
Upon account deletion, all your data — including execution graphs, investigation history, and account information — is permanently and irreversibly deleted from our systems, including backups, within 30 days. We provide written confirmation upon request.
Your data is stored in the EU (AWS eu-west-2, London) and is not transferred outside the European Economic Area (EEA) or the United Kingdom unless you explicitly configure a different data residency region.
Where transfers to third-party processors outside the EEA are necessary (e.g., Stripe’s US-based services), we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) as approved by the European Commission.
NxtOne is a business-to-business platform designed for software engineering teams. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email and by posting a prominent notice on our platform at least 30 days before changes take effect.
Continued use of the service after the effective date constitutes acceptance of the updated policy.
For any privacy-related questions, concerns, or requests: