Privacy

Privacy Policy

This policy explains how NSS handles personal data in website use, sales conversations, software delivery, QA work, support, and project administration.

Read FAQ

Who this policy applies to

This policy applies to visitors, prospective clients, client representatives, supplier contacts, and people whose data is shared with NSS during a software project. It does not replace a signed data processing agreement, statement of work, or client-specific security schedule.

Controller role

For website inquiries, sales administration, supplier administration, and NSS business records, NSS normally acts as an independent controller.

Processor role

When NSS handles personal data inside a client's product, database, test environment, ticket system, analytics export, or production incident workflow on the client's instructions, NSS normally acts as a processor.

Client responsibility

Clients are responsible for having a lawful basis to provide project data to NSS and for limiting shared data to what is needed for the agreed work.

Personal data we may handle

The exact data depends on the relationship and project scope. NSS applies data minimization and asks clients not to send production personal data unless it is necessary and agreed.

Business contact data

Name, work email address, telephone number, organization, job role, billing details, communication history, meeting notes, and inquiry content.

Project delivery data

Product requirements, tickets, repository metadata, access logs, QA evidence, screenshots, error reports, sample records, acceptance notes, and deployment communication.

Technical website data

IP address, browser and device information, requested URLs, timestamps, security logs, language preference, and basic server diagnostics needed to operate and protect the website.

Special categories

NSS does not request special-category data. If such data appears in client systems, NSS will handle it only as required for the agreed task and under the client's documented instructions.

Purposes and legal bases

NSS processes personal data only for defined business and delivery purposes. The legal basis depends on the context.

Responding to inquiries

Contact and inquiry data is used to answer messages, assess fit, prepare proposals, and plan discovery. The basis is legitimate interest or steps before entering into a contract.

Delivering software services

Project data is used to design, build, test, review, document, deploy, and support software. The basis is contract performance or legitimate interest, and processor processing follows client instructions.

Security and operations

Technical logs and access records are used to protect systems, investigate incidents, prevent misuse, and maintain service integrity. The basis is legitimate interest and, where applicable, legal obligation.

Legal and financial administration

Invoices, contracts, tax records, and compliance records are retained where required by law or needed to establish, exercise, or defend legal claims.

Processors, tooling, and international transfers

NSS may use professional tools for hosting, email, repositories, issue tracking, CI, future analytics, document storage, and security. Tooling is selected for reliability, access control, and business suitability.

Subprocessors

Where NSS acts as a processor, subprocessors are used only when reasonably needed for delivery and subject to appropriate contractual safeguards.

Client tools

If a client provides GitHub, Jira, Slack, Google Workspace, Microsoft 365, Vercel, cloud accounts, or similar systems, the client's terms, security controls, and data configuration also apply.

Transfers

If data is transferred outside the EEA, NSS relies on appropriate safeguards such as adequacy decisions, standard contractual clauses, or the transfer mechanism provided by the relevant platform.

Security and confidentiality

NSS treats security as part of delivery. Measures are chosen according to project risk, client requirements, and the sensitivity of the data involved.

Access control

Access is limited to people and systems that need it for the agreed work. Accounts should use strong authentication, and client access is removed when it is no longer needed.

Secrets and production data

Secrets must not be committed to repositories. Production data should be masked, minimized, or replaced with test data unless there is a documented operational need.

Incident handling

If NSS becomes aware of a personal data incident affecting client-controlled data, NSS will notify the client without undue delay and support reasonable investigation and mitigation steps.

Retention and deletion

NSS keeps personal data only as long as needed for the relevant purpose, contract, legal requirement, security need, or dispute limitation period.

Inquiries

Unsuccessful inquiries may be kept for a limited period to manage follow-up, avoid repeated context gathering, and maintain business records.

Project records

Project documentation, acceptance records, invoices, and contractual correspondence may be retained for business continuity, warranty, tax, and legal defense purposes.

Client-controlled data

Client environments, exports, credentials, and project files are returned, deleted, or access-revoked according to the contract, data processing agreement, or written client instruction.

Your GDPR rights

Depending on the role of NSS and applicable law, you may have rights of access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent where processing is based on consent.

How to request

Requests can be sent to contact@nordbyte.software. NSS may need to verify identity and may redirect requests to the client where NSS acts as processor.

Response handling

NSS will review requests within the legally required timeframe and will explain if a request cannot be fully completed because of legal duties, security reasons, or client-controller responsibility.

Supervisory authority

You may contact the relevant data protection authority if you believe your data protection rights have not been respected.

No sale of personal data

NSS does not sell personal data and does not use project data for unrelated advertising. Client confidential information is not used in public case studies without permission.

Marketing

NSS may contact business contacts about relevant services where allowed by law. You can object to further marketing contact at any time.

Portfolio references

Client names, logos, screenshots, metrics, and implementation details are used publicly only with appropriate permission or where already lawfully public.

Ready to clarify the next step?

Tell us what needs to be built, fixed, or made reliable.

Share the product context, current constraint, timeline, and outcome you want. NSS will respond with a practical next step.

See the process