Legal

Privacy policy

How we collect, use and protect personal data when you use Nexus ReGen and our marketing site. Plain English first — the legal detail is here when you need it.

This policy explains how Nexus ReGen Limited (“Nexus ReGen”, “we”, “us”, “our”) handles personal data. It applies to anyone who uses our platform, visits this website, or contacts us. We are the data controller for the personal data described here.

Who we are

Nexus ReGen Limited is a company registered in England & Wales (company no. 15320555), with its registered office at 5 Hazelgrove Road, Haywards Heath, RH16 3PH. For any privacy or data-protection question, email [email protected] — this reaches the person responsible for data protection at Nexus ReGen.

What we collect

We collect a deliberately small amount of personal data, in three buckets:

  • Information you give us. Your name, work email, company, role and similar contact details — when you create an account, request a demo, fill in a form, download a guide, or contact us.
  • Information needed to run the platform. The project data, materials information and documents you and your colleagues upload and work with inside Nexus ReGen. This may include the personal data of people named in those records (for example, a site contact).
  • Information collected automatically. Basic technical and usage data — IP address, device and browser type, pages viewed and features used — to keep the service secure and make it better. On the platform this is product telemetry; on this website, only the analytics you consent to (see cookies).

We do not deliberately collect special-category (“sensitive”) personal data, and ask that you don’t upload it unless agreed with us in advance.

How we use it

We use personal data only for the purposes below, and only where we have a lawful basis to do so under UK GDPR:

  • To provide the platform — run your workspace, process your project data on your instructions, and keep it secure. Basis: performance of our contract with your organisation.
  • To support and communicate with you — respond to enquiries, send service, security and account notices. Basis: contract and our legitimate interest in running the service.
  • To improve the platform — using aggregated, anonymised usage patterns. Basis: legitimate interest.
  • To market relevant products — occasional updates to business contacts, which you can stop at any time. Basis: consent or legitimate interest, depending on the channel.
  • To meet legal and regulatory obligations and to establish, exercise or defend legal claims. Basis: legal obligation and legitimate interest.

AI features

Some parts of the platform use AI to help you work — for example summarising documents or surfacing insights. We run these features on Google Cloud Vertex AI under an enterprise agreement. That matters for one specific reason:

  • Your data is not shared with the AI provider for their own purposes.
  • Your data is not used to train Google’s — or anyone else’s — foundation models.
  • Inputs and outputs are processed solely to return the result to you, then handled under the same terms as the rest of your platform data.

What we don’t do

We don’t sell your data.We don’t share project data or uploaded documents between customers. We don’t use your project data to train AI models, and we don’t hand it to AI providers for their own use (see above). We don’t use third-party advertising trackers inside the platform.

Who we share it with

We share personal data only with service providers (“sub-processors”) who help us run Nexus ReGen, and only under contracts that require them to protect it and use it solely on our instructions. Our key sub-processors are:

  • Google Cloud — platform hosting and AI inference (Vertex AI).
  • Cloudflare — content delivery, edge security and asset storage.
  • PostHog — product and website analytics, and error monitoring.
  • Intercom — live chat and customer messaging.
  • Stripe and GoCardless — payment processing, where you pay us directly.
  • Google — website analytics (Google Analytics 4) and conversion measurement, only where you have consented to cookies.

We may also disclose data where required by law, or in connection with a merger, acquisition or sale of assets (in which case we’ll tell you). A current list of sub-processors is available on request from [email protected].

International transfers

Platform and project data is hosted in the United Kingdom. Some sub-processors (for example our customer-messaging tool) may process limited personal data outside the UK. Where that happens, we rely on appropriate safeguards — UK ‘adequacy’ regulations, the UK International Data Transfer Agreement, or the addendum to the EU Standard Contractual Clauses — so your data keeps an equivalent level of protection.

How long we keep it

We keep personal data only for as long as we need it for the purposes above, then delete or anonymise it. Account and project data is retained for the life of your organisation’s agreement and a limited period afterwards; some records (for example billing) are kept longer where the law requires. Platform retention is set out in our Data Retention Policy.

Data residency and security

Platform data is hosted in the United Kingdom. We apply encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access control, audit logging, and continuous vulnerability monitoring. Our security programme is described on our security page.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you, and receive a copy;
  • have inaccurate data corrected, and incomplete data completed;
  • have your data erased, or its processing restricted, in certain circumstances;
  • object to processing based on our legitimate interests, and to direct marketing at any time;
  • receive certain data in a portable format; and
  • withdraw consent at any time, where we rely on it.

To exercise any of these, email [email protected]. We’ll respond within one month. If we process your data on behalf of your employer, we may direct your request to them. You also have the right to complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk— though we’d appreciate the chance to put things right first.

Cookies

We use a small, deliberate set of cookies — essential ones to run the site, and analytics ones only with your consent. The detail, and how to change your choice, is in our cookie policy.

Children

Nexus ReGen is a business tool. We don’t direct our services at children and don’t knowingly collect data from anyone under 18.

Changes to this policy

We may update this policy from time to time. When we do, we’ll change the ‘updated’ date at the top, and for material changes we’ll give you reasonable notice through the platform or by email.

Contact

Nexus ReGen Limited, 5 Hazelgrove Road, Haywards Heath, RH16 3PH. For privacy questions, email [email protected].