Legal
Privacy Policy
Last updated: June 16, 2026. This Privacy Policy explains how Nexloy handles account, deployment, and operational information.
1. What this policy covers
This Privacy Policy explains how Nexloy may collect, use, store, and protect information when you create an account or use Nexloy to deploy and manage apps.
Nexloy is commonly self-hosted. The organization or operator running your Nexloy instance is responsible for how the service is configured, hosted, monitored, and administered.
2. Information we process
Account information may include your name, email address, role, authentication status, MFA status, project access, and administrative activity.
Operational information may include project configuration, repository metadata, deployment history, logs, environment variable metadata, resource bindings, certificate metadata, managed server metadata, and audit events.
Sensitive information may include encrypted secrets, access tokens, certificate material, password reset tokens, and other values needed to operate deployments.
3. How information is used
Information is used to authenticate users, authorize access, run deployments, manage projects and infrastructure, show logs and status, provide security controls, troubleshoot issues, and maintain the workspace.
Nexloy does not need to sell personal information to operate the service.
4. Authentication and security
Nexloy may use passwords, MFA, OAuth providers, session tokens, reset tokens, and sensitive-access checks to protect accounts and high-risk actions.
Administrators should enforce least-privilege roles, rotate secrets, review connected providers, and limit access to production infrastructure.
5. Cookies and local storage
Nexloy may use cookies, browser storage, or similar technologies to keep users signed in, preserve preferences, protect authentication flows, and support application functionality.
Your browser or organization may provide controls for clearing or restricting these technologies, but doing so may affect sign-in or product behavior.
6. Third-party providers
Nexloy may connect to providers such as GitHub, GitLab, Bitbucket, Google, email services, registries, cloud platforms, and monitoring tools when configured by the operator or user.
Those providers process information under their own privacy policies and account settings.
7. Data retention
Data is retained for as long as needed to operate the workspace, provide auditability, troubleshoot deployments, meet security requirements, or comply with legal obligations.
Workspace operators should define retention periods for logs, audit events, inactive accounts, deployment artifacts, and sensitive records.
8. Data protection
Nexloy is designed to support security controls such as authentication, role-based access, MFA, encrypted sensitive values, audit trails, and restricted reveal flows.
No system is perfectly secure. Operators should secure hosting infrastructure, databases, backups, environment variables, network access, and connected third-party credentials.
9. Your choices
Depending on your organization and applicable law, you may request access, correction, deletion, export, or restriction of personal information associated with your account.
For self-hosted deployments, direct requests to the workspace owner or operator responsible for your Nexloy instance.
10. Contact
Questions about this Privacy Policy can be sent to nexloydev [at] gmail [dot] com.