← Back to home

Privacy Policy

Last updated: March 2026. TripleS Nexus ("Nexus", "we", "us") respects your privacy and is committed to protecting your personal data.

Data Controller

The data controller for TripleS Nexus is Abdullah Eisa Al-Meshaiei, founder and operator of TripleS Nexus, based in Kuwait City, Kuwait.

Data Protection Contact

Support: support@triplesnexus.com

Data Protection Officer (DPO): almeshaiei@triplesnexus.com

Location: Kuwait City, Kuwait

For any questions regarding the processing of your personal data, or to exercise your data protection rights, you may contact our Data Protection Officer at the email address above.

Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources.

Personal Data

When you create an account or use our Service, we collect:

  • Account Information: Name, email address, phone number, organization name, role, and profile picture
  • Billing Information: Billing address, payment method details (processed securely through Paddle), and transaction history
  • Content: Projects, tasks, documents, files, messages, comments, and any other content you upload or create within the Service
  • Employee Data: If you use our HR features, we collect employee information including names, contact details, employment history, and related data

Usage Data

We automatically collect information about how you use the Service:

  • Log data (IP address, browser type, device information, access times)
  • Feature usage and interaction data
  • Performance and error data
  • Navigation paths and clickstream data

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

  • Authenticate your identity and maintain your session
  • Remember your preferences and settings
  • Analyze usage patterns and improve our Service
  • Provide personalized content and features

How We Use Your Information

We use the information we collect to:

  • Provide and Maintain the Service: Process your requests, deliver features, and ensure the Service operates correctly
  • Authenticate and Authorize: Verify your identity, manage access controls, and enforce security policies
  • Process Payments: Handle subscription billing, process payments through Paddle, and manage your account
  • Communicate: Send service-related notifications, updates, security alerts, and respond to your inquiries
  • Improve and Develop: Analyze usage patterns, conduct research, and develop new features and functionality
  • Ensure Security: Detect, prevent, and address fraud, abuse, security threats, and violations of our Terms
  • Comply with Legal Obligations: Meet legal requirements, respond to legal process, and protect our rights

We do not sell your personal data to third parties. We do not use your organizational data to train AI models. The only data that flows to an AI provider is content you explicitly submit within the Creative Room feature (see Third-Party Services for details).

Data Storage and Security

We implement industry-standard security measures to protect your data:

Encryption

  • At Rest: All data stored in our databases is encrypted using AES-256 encryption
  • In Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
  • Backups: Regular encrypted backups are performed to ensure data availability and recovery

Access Controls

We implement strict access controls:

  • Role-based access control (RBAC) ensures users only access data they're authorized to see
  • Multi-factor authentication (MFA) is available and recommended for all accounts
  • Regular security audits and penetration testing
  • Employee access is logged and monitored

Compliance & Infrastructure

We comply with GDPR, CCPA, and other applicable data protection regulations. All data is processed on enterprise-grade, SOC 2 Type II and ISO 27001 certified cloud infrastructure with end-to-end encryption, redundant systems, and disaster recovery procedures in place.

Security Commitment

We take the security of your data seriously and implement comprehensive measures to protect it:

  • AES-256 Encryption: All data at rest is encrypted using AES-256, the industry gold standard for data encryption
  • TLS 1.3: All data in transit is protected with TLS 1.3, ensuring the highest level of transport security
  • Intrusion Detection & Logging: We employ intrusion detection systems and comprehensive audit logging to monitor and detect unauthorized access attempts in real time
  • Organization-Level Data Isolation: Each organization's data is completely isolated from other organizations, preventing any cross-tenant data access
  • Rate Limiting: API and application-level rate limiting is enforced to protect against abuse, brute force attacks, and denial-of-service attempts
  • Content Security Policy (CSP) Headers: We implement strict CSP headers to prevent cross-site scripting (XSS), clickjacking, and other code injection attacks

Our security practices are regularly reviewed and updated to address emerging threats and maintain the highest standards of data protection.

Third-Party Service Providers

We use carefully selected sub-processors to operate and improve our Service. Each provider is contractually bound to protect your data, is prohibited from using it for their own purposes, and is vetted for compliance certifications (SOC 2; ISO 27001 or equivalent) before engagement.

  • Authentication Provider: Manages secure user sign-in, session tokens, and identity verification. Receives your email address and authenticates your identity when you log in.
  • Database & Storage Provider: Hosts the encrypted database and file storage that powers the Service. All data is stored in encrypted form and is logically isolated per organization.
  • Application Hosting Provider: Delivers the web application and API. Does not have access to your stored data β€” serves only the application code and assets.
  • Paddle (Payment Processor & Merchant of Record): Processes all subscription payments and acts as the legal Merchant of Record for TripleS Nexus transactions. Paddle is responsible for calculating, collecting, and remitting all applicable taxes (VAT, GST, sales tax) globally. Paddle receives your billing name, email, billing address, and payment instrument details. We do not store or have access to your full card number. See Paddle's Privacy Policy for details.
  • Transactional Email Provider: Sends system emails (account verification, notifications, approval requests). Receives recipient email addresses and message content for delivery only.
  • AI Inference Provider (Forge feature only): The Forge creative workspace uses a third-party AI inference API to generate responses from the prompts and context you provide during a Forge session. This data is processed under a data processing agreement that prohibits the provider from using API inputs to train or improve their models. Your employee records, HR data, financial records, messages, and all other organizational data stored in NexusOS outside of the Forge workspace are never sent to any AI provider.

A full list of current sub-processors is available upon request. To request the sub-processor list or raise a concern about a specific provider, contact info@triplesnexus.com.

Data Breach Notification

We will notify affected users within 72 hours of becoming aware of a data breach via email and in-app notification. Our breach response process includes:

  • Immediate containment and assessment of the breach
  • Notification to affected users within 72 hours with details of what data was affected
  • Notification to relevant data protection authorities as required by law
  • A clear description of the measures taken and recommendations for affected users
  • Post-incident review and implementation of additional safeguards

If you suspect a security incident or data breach, please report it immediately to support@triplesnexus.com.

Your Rights

Depending on your location, you have certain rights regarding your personal data:

GDPR Rights (EU/EEA/UK)

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

CCPA Rights (California)

  • Right to Know: Request information about what personal data we collect, use, and disclose
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, please contact us at info@triplesnexus.com. We will respond to your request within 30 days (or as required by applicable law).

Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you and your organization
  • Comply with legal obligations and regulatory requirements
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

When you delete your account or cancel your subscription:

  • Your account will be deactivated immediately
  • Most personal data will be deleted within 30 days
  • Some data may be retained for up to 90 days for security and legal purposes
  • Backup copies may be retained for up to 1 year before permanent deletion

You can request immediate deletion of your data by contacting us. We will honor such requests unless we have a legal obligation to retain the data.

Children's Privacy

Our Service is not intended for individuals under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at info@triplesnexus.com, and we will take steps to delete such information promptly.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party providers
  • Compliance with applicable data protection laws

By using our Service, you consent to the transfer of your data to countries where we and our service providers operate, including the United States, European Union, and other jurisdictions.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

TripleS Nexus

Data Controller: Abdullah Eisa Al-Meshaiei

General: info@triplesnexus.com

Data Protection / Support: support@triplesnexus.com

DPO: almeshaiei@triplesnexus.com

Location: Kuwait City, Kuwait

We are committed to responding to your inquiries promptly and addressing any privacy concerns you may have.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last updated" date at the top of this page
  • For material changes, we will notify you via email or through an in-app notification
  • We will provide a summary of significant changes when possible

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may cancel your subscription and delete your account.