Nexalix Labs (“we”, “us”) operates the marketing website at nexalix.io and develops infrastructure products under the Nexalix brand (currently Nexalix Guard). This policy explains what we collect, why, and what control you have. Each product may have its own product-level addendum — links from the product page where applicable.
1. Who we are
Nexalix Labs is an early-stage independent company building anti-fraud and identity primitives for the Telegram + TON ecosystem. Sole proprietorship as of 2026-05-10; entity registration in progress. Founder & data controller: Vladislav Rahmanov.
2. What we collect
On the marketing site (nexalix.io):
- Standard server access logs (IP address, user agent, referrer, timestamp). Retained 30 days.
- Aggregated, cookie-less page-view counters (when analytics is enabled — opt-out friendly, no cross-site tracking).
- Email and message body when you contact us via
hello@nexalix.ioor other listed addresses. - Voluntarily submitted form data (waitlist, pilot interest) — only what you type in.
For our products (Guard etc.), see the product-specific privacy addendum.
3. Why we collect it
- Operate the site — serve pages, prevent abuse, debug errors.
- Reply to you — when you write in.
- Measure aggregate interest — what pages help, where to invest documentation effort.
We do not sell data. We do not run ad-targeting pixels. We do not enrich your data from third parties.
4. Legal basis
Under the GDPR our processing rests on (a) legitimate interest in operating a secure, functional website, and (b) consent when you submit a form or send us a message. For non-EU jurisdictions, equivalent grounds (legitimate business interest, contract preparation) apply.
5. Sharing & processors
We use a small, audited set of vendors:
- Hosting — Timeweb (RU), our nginx origin server.
- Email — Google Workspace (US/EU) for inbound and outbound messages.
- Source & CI — GitHub (US) for source code and Actions runners.
We do not transfer personal data to other parties unless required by binding legal request, and we will challenge any request that is overbroad or improperly served.
6. Retention
- Server access logs — 30 days, then purged.
- Email correspondence — kept while the conversation is relevant or as required for legal/accounting reasons (max 5 years).
- Waitlist / pilot signups — kept until you ask us to remove you, or program ends + 6 months.
7. Your rights
Wherever you live, you can ask us to:
- Access the data we hold about you.
- Correct inaccuracies.
- Delete your data (subject to lawful retention requirements).
- Object to or restrict processing.
- Port your data in a machine-readable format.
- Withdraw consent at any time, without affecting prior lawful processing.
To exercise any right, email legal@nexalix.io. We respond within 30 days.
8. Security
- TLS 1.2+ for all traffic in transit; HSTS enforced.
- Encryption at rest for any personal data we hold.
- Least-privilege access controls, audit logs, and 2FA on all admin tooling.
- No third-party JavaScript on marketing pages.
No system is perfectly secure. If you discover a vulnerability, please disclose responsibly to security@nexalix.io. Our disclosure policy is documented at our GitHub.
9. Cookies
The marketing site does not set tracking cookies. Strictly necessary cookies may be used for security and form handling. The Guard pilot dashboard, when launched, will use a session cookie required for authentication — disclosed in its own product-level notice.
10. Children
Our products and site are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.
11. Changes
We may update this policy as we add products and processors. Material changes are timestamped above and announced on the blog. The git history of this page is public — you can review every revision.
12. Contact
Privacy questions: legal@nexalix.io.
General contact: hello@nexalix.io.
Security disclosure: security@nexalix.io.