Privacy Policy

How we describe identity data handling, tenant isolation, and public privacy commitments for the current NexinID platform.

Legal

Privacy Policy

How we describe identity data handling, tenant isolation, and public privacy commitments for the current NexinID platform.

1. Tenant Data Isolation

NexinID currently documents logical tenant isolation inside a shared deployed instance. Identity, tenancy, application, authorization, licensing, device, and audit data are handled within tenant and organization context boundaries, and authorization decisions are evaluated against the active membership and tenant context rather than by mixing tenant state together.

2. Information We Collect

To provide protocol-grade identity infrastructure, we collect and process the following categories of data:

  • Administrator Account Data: Usernames, email addresses, and billing contacts required to manage the tenant.
  • End-User Identity State: Profile attributes and credentials provisioned directly by tenant administrators or end-users during authentication flows.
  • Device Activation Data: Device identifiers, activation state, lease counters, and related signals used during device activation and offline-lease workflows.
  • Operational Audit Logs: Timestamped records of sign-in, tenant administration, application management, and other privileged operations.
3. Hosting and Storage Posture

The current NexinID platform is documented as one deployable host with one relational database per deployed instance. Current deployed-environment database targets are PostgreSQL and SQL Server, with SQLite reserved for development and isolated testing guidance. Detailed security and production-readiness posture is maintained in the platform documentation linked from the public Trust page.

4. Subprocessors and Third-Party Access

NexinID may use infrastructure, communications, and support providers where needed to operate the service. We do not describe a provider-specific residency or encryption program on this page unless it is part of the current published product posture. We do not sell tenant identity data to third parties.

5. Data Controller, Inquiries, and Data Subject Rights

The data controller for tenant and administrative account data is NexinIT (Private) Limited (Registration in progress (Pakistan)), established in the Islamic Republic of Pakistan.

For questions regarding this policy, or to exercise your rights regarding access, rectification, or deletion of administrative account data, please contact our privacy compliance team at [email protected]. To report a security vulnerability, see our security disclosure policy.