Privacy Policy
1. Introduction
Nanorix Inc. ("Nanorix," "we," "us," or "our") operates the nanorix.io website and the Nanorix API service. This Privacy Policy explains how we collect, use, and protect information when you use our services.
2. What We Collect
Account Data: When you sign up, we collect your email address and declared jurisdiction. If you subscribe to a paid tier, Stripe collects your payment information — we never store credit card numbers.
Usage Data: We collect capsule metadata (capsule IDs, timestamps, data classification labels, CDP hashes), API usage counts, and request logs for rate limiting and billing.
Website Analytics: nanorix.io does not use cookies. We may use privacy-respecting analytics (no personal data tracking) to understand page performance.
3. What We Do NOT Collect or Store
Customer data sent into capsules is never stored. Data you process through Nanorix exists only in volatile memory within a sealed ephemeral environment. It never touches persistent disk. It is destroyed through a multi-step cryptographic destruction sequence, and a Cryptographic Destruction Proof (CDP) is generated as evidence. After destruction, no customer data remains on our infrastructure.
We do not store: capsule contents, command outputs, input data, or any data processed within ephemeral capsules. The only persistent artifacts are CDPs (proofs of destruction) and capsule metadata.
4. How Data Is Used
We use collected information for: account management and authentication, service delivery (creating capsules, generating CDPs), billing and payment processing, rate limiting and abuse prevention, and service improvement.
5. Data Storage and Infrastructure
Account data and CDPs are stored in PostgreSQL (hosted by Neon). Compute infrastructure runs on Google Cloud Platform. Data region depends on your declared jurisdiction:
- US customers: us-central1
- EU customers: europe-west1
6. Third-Party Processors
- Google Cloud Platform — compute infrastructure
- Neon — PostgreSQL database hosting
- Stripe — payment processing and subscription billing
7. Data Retention
Account data: Retained while your account is active. Deleted upon request.
CDPs (destruction proofs): Retained indefinitely as proof artifacts. CDPs contain no customer data — only cryptographic hashes, signatures, and metadata.
Capsule content: Retained for zero seconds. Destroyed by design, proven by CDP.
8. Your Rights
You have the right to: access your account data, correct inaccurate information, request deletion of your account data, and receive a copy of your data in a portable format. To exercise these rights, contact hello@nanorix.io.
9. GDPR-Specific Provisions
For capsule content, Nanorix acts as a data processor. You (the customer) are the data controller. Processing is governed by our Data Processing Agreement (DPA), available at nanorix.io/dpa. Our legal basis for processing account data is contractual necessity (performance of the service agreement).
10. CCPA-Specific Provisions
Nanorix does not sell personal data. We do not share personal information for cross-context behavioral advertising. California residents may request disclosure of data collected and request deletion by contacting hello@nanorix.io.
11. Cookies
nanorix.io does not use cookies.
12. Security
We protect data using: 6-layer capsule isolation (six layers of Linux kernel isolation with cryptographic attestation), SHA-256 API key hashing (we never store plaintext keys), TLS encryption in transit, and access controls on all infrastructure.
13. Changes to This Policy
We may update this policy with 30 days' notice via email to registered accounts. Continued use of the service after changes constitutes acceptance.
14. Contact
For privacy questions or data requests: hello@nanorix.io
Nanorix Inc.
Patent Pending