PRIVACY POLICY

1) WHO WE ARE

Legal entity: Naksill LLC
Registered address: 8 The Green STE B, Dover, Delaware 19901, United States of America
Jurisdiction: State of Delaware, United States (LLC)
Privacy contact: privacy@naksill.com

DPO: We do not appoint a Data Protection Officer (DPO) at this time.

2) SCOPE

This Privacy Policy applies to:

• our website and related pages/forms (Contact, Request a Demo),
• self-serve signup and account administration,
• communications with us,
• security and operational logging related to providing the Services.

It does not cover third-party websites/services that may be linked from our site.

3) PERSONAL DATA WE COLLECT

A) Data you provide directly

• Contact / Demo requests: name, company name, email, phone (if provided), role/title (if provided), message content, and any attachments you send.
• Account / self-serve signup: name, email, password (stored hashed), company details (if provided), and other account settings you choose to enter.
• Support and communications: information you include in emails or messages to us.

B) Data we collect automatically

• Website and device data: IP address, approximate location (derived from IP), device/browser information, referral/landing page, pages viewed, timestamps, and basic diagnostic data.
• Security and service logs: events needed to secure and operate the Services (e.g., authentication events, suspicious activity indicators, abuse signals, and system diagnostics).

C) Data processed in the course of providing the Services

Depending on how you use Naksill, we may process limited data associated with your protected web properties to detect and mitigate automated abuse (for example: request metadata, headers, IP address, user agent, timestamps, and signals relevant to bot/abuse detection). The exact data depends on your configuration and product usage.

4) HOW WE USE PERSONAL DATA

We use personal data to:

• provide and operate the Services (including account creation, authentication, and administration),
• respond to inquiries and demo requests,
• communicate about product updates, security notices, and operational messages,
• prevent fraud, abuse, and unauthorized access; investigate and respond to security incidents,
• maintain, troubleshoot, and improve our website and Services,
• comply with legal obligations and enforce our agreements.

5) LEGAL BASES- EEA/UK USERS

Where GDPR applies, we rely on:

• Contract (to provide the Services you request),
• Legitimate interests (security, fraud prevention, service improvement, and business operations),
• Consent (only where required; e.g., certain cookies if you implement a consent banner),
• Legal obligation (compliance with applicable laws).

6) SHARING AND DISCLOSURES

We do not sell personal data.

We share personal data only as needed:

• with infrastructure/hosting providers used to run our systems (see Subprocessors section below),
• with our email provider for business communications,
• with professional advisors (legal/accounting) where necessary,
• with law enforcement/regulators when required by law,
• in connection with a corporate transaction (e.g., merger, acquisition) where permitted by law.

7) SUBPROCESSORS

We use third-party vendors to help deliver our Services. Based on our current setup, these include:

• Hetzner (infrastructure/hosting)
• Contabo (infrastructure/hosting)
• PrivateEmail (email provider)

We publish and maintain a dedicated Subprocessors page listing vendors and their purpose.

8) INTERNATIONAL DATA TRANSFERS

We are a U.S. company and may process data in the United States and other countries where we or our service providers operate.

For transfers from the EEA/UK/Switzerland to countries that may not provide an equivalent level of protection, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) (and supplementary measures where appropriate).

9) DATA RETENTION

We retain personal data only as long as necessary for the purposes described above, unless a longer period is required by law.

Security events and logs (Service retention):

• Free plan: 7 days
• Low tiers: 30 days
• Default: 90 days (detailed logs)
• Enterprise tiers: 180 days
• Aggregated metrics: up to 24 months

Contact/Demo communications: typically retained as long as needed to handle your request and maintain a reasonable business record, unless you ask us to delete it (where applicable).

10) SECURITY

We use reasonable administrative, technical, and organizational measures designed to protect personal data (e.g., access controls, encryption in transit where applicable, least-privilege practices, monitoring). No method of transmission or storage is 100% secure, but we work to protect your information.

11) YOUR RIGHTS AND CHOICES

Depending on your location, you may have rights such as:

• access to personal data,
• correction,
• deletion,
• restriction or objection to processing,
• portability,
• withdrawing consent (where processing is based on consent),
• lodging a complaint with a supervisory authority (EEA/UK).

To exercise rights, contact us at privacy@naksill.com. We may need to verify your identity before responding.

12) COOKIES AND SIMILAR TECHNOLOGIES

We may use cookies and similar technologies for:

• essential site functionality,
• security,
• analytics/performance measurement.

We will align cookie usage and provide a Cookie Policy and cookie preference controls where required by law.

13) CHILDREN

Our website and Services are not directed to children and we do not knowingly collect personal data from children.

14) CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Material changes may be communicated through the Services or by email where appropriate.

15) CONTACT

For privacy questions or requests, contact: privacy@naksill.com
Naksill LLC, 8 The Green STE B, Dover, Delaware 19901, United States of America