Transparency
We publish the current versions of our documents, with version control and history. We describe only what we actually do: we do not claim SOC 2, ISO 27001, PCI DSS, HIPAA or equivalent certifications.
Documents
Security Overview
A public, honest description of NEXEFII platform security controls: authentication, per-organization isolation, session security, headers and transport.
Terms of Service
B2B agreement governing access to and use of the NEXEFII platform and its modules. Covers account obligations, acceptable use, data ownership, billing, subscription term, limited warranties, liability, and dispute resolution.
Privacy Policy
Describes what personal data NEXEFII collects, how it is used, with whom it is shared, and what rights data subjects may exercise.
Cookie Policy
Honestly explains that the NEXEFII public website uses only strictly necessary cookies (session, authentication, security and consent preference). No analytics, advertising or third-party tracking cookies are used.
Acceptable Use Policy
Practical and enforceable rules on what is permitted and prohibited when using the NEXEFII platform, including NEXE Store, Master Control, and Smartbot, along with the consequences of violations and how to report abuse.
Data Processing Addendum (DPA)
Contractual addendum governing NEXEFII's processing of personal data as processor on behalf of the Customer (controller). Covers roles, purpose, processor obligations, subprocessors, data subject rights, incident notification, international transfers, audits, and data deletion.
Subprocessor List
Explains what a subprocessor is, the categories of third parties NEXEFII may engage, and how the official list is maintained and communicated. The authoritative subprocessor list is NEXEFII's Subprocessor List, pending DPO confirmation.
Data Retention and Deletion Policy
Describes NEXEFII's data retention and minimization principles, how deletion works on request or termination, and how acceptance evidence is preserved for accountability.
Responsible Disclosure Policy
Defines how security researchers can report vulnerabilities to NEXEFII responsibly, the good-faith safe-harbor commitment, what is not permitted, and how reports are handled.
Incident Response Overview
Presents, at a high level, how NEXEFII approaches security incident response — from detection to post-incident review — and the commitment to notify affected customers per without undue delay after confirmation of the incident and applicable law.
Business Continuity & Disaster Recovery Overview
Describes, at a high level, NEXEFII's approach to business continuity and disaster recovery, honestly noting that this is a maturing program and not a guarantee. Recovery objectives are the availability targets contracted in the Commercial Agreement, where applicable.
Support and SLA Policy
Describes the channels and scope of NEXEFII technical support, severity levels, service targets pending formal confirmation, and what is excluded from availability obligations.
Maintenance and Release Policy
Describes how NEXEFII delivers platform updates, scheduled maintenance windows, emergency maintenance handling, change communication, backward compatibility intentions and the deprecation approach.
AI and Smartbot Data Use Notice
Honestly explains what the Smartbot assistant is, what data is processed when you use it, its limits (imperfect answers, need for human oversight) and how provider and model details are governed.
Accessibility Statement
Describes NEXEFII's commitment to digital accessibility, adopting WCAG 2.1 level AA as an aspirational goal (not certified conformance), acknowledges known limitations and offers a feedback channel.
Contacts
Security, privacy and legal contact addresses are being confirmed and appear as pending markers inside the relevant documents.