Legal
Last updated: February 2026
NexusFleet ("we", "our", or "us") is an AI operations and automation platform operated by NexusFleet, a company registered in Malta. We are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Maltese data protection legislation.
This Privacy Policy explains how we collect, use, store, and share your personal data when you access our website at nexusfleet.net, use our platform services, or otherwise interact with us. By using our services, you acknowledge that you have read and understood this policy.
For the purposes of the GDPR, NexusFleet is the data controller responsible for your personal data.
We collect and process the following categories of personal data, depending on how you interact with our services:
| Category | Data Collected |
|---|---|
| Identity Data | Full name, company name, job title |
| Contact Data | Email address, telephone number, postal/billing address |
| Payment Data | Payment card details and billing information (processed securely via Stripe; we do not store full card numbers on our servers) |
| Account Data | Username, password (hashed), account preferences, subscription tier |
| Usage Data | Platform interaction logs, feature usage patterns, API call records, agent execution metadata, session duration |
| Technical Data | IP address, browser type and version, operating system, device identifiers, time zone, referral source |
| Cookie & Storage Data | Authentication tokens, user preferences, and session identifiers stored via cookies and browser localStorage |
| Communication Data | Content of messages sent through our contact forms, support tickets, and email correspondence |
We process your personal data only where we have a lawful basis to do so under the GDPR. The legal bases upon which we rely are:
Your personal data is used for the following purposes:
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:
While we take every reasonable precaution to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standard of data protection.
We share your personal data with the following categories of third-party processors, each bound by data processing agreements that ensure GDPR compliance:
Stripe (Stripe Payments Europe, Ltd.)
Purpose: Payment processing, subscription billing, and fraud prevention. Stripe processes your payment card details, billing address, and transaction data. Stripe is certified as a PCI Level 1 Service Provider and acts as an independent data controller for fraud prevention purposes.
Privacy policy: stripe.com/privacy
Brevo (Sendinblue GmbH)
Purpose: Transactional email delivery (SMTP) for account notifications, password resets, billing receipts, and service alerts. Brevo processes your email address, name, and the content of transactional messages on our behalf.
Privacy policy: brevo.com/legal/privacypolicy
We do not sell, rent, or trade your personal data with third parties for their marketing purposes. Data may also be disclosed to legal and regulatory authorities where required by law or to protect our legitimate interests.
NexusFleet uses cookies and browser localStorage to provide core functionality, maintain your authenticated session, and enhance your experience on our platform.
| Technology | Purpose | Duration |
|---|---|---|
| Authentication Token | Stored in localStorage to maintain your login session across page loads and browser tabs | Until logout or token expiry |
| Session Cookies | Essential cookies required for platform functionality, security, and routing | Session (cleared on browser close) |
| Preference Storage | localStorage entries to persist your interface preferences, theme settings, and dashboard configuration | Persistent until cleared |
We do not use third-party advertising or tracking cookies. All cookies and localStorage entries used by NexusFleet are strictly necessary for the operation of our platform or the provision of features you have explicitly requested. As these fall under the "strictly necessary" exemption, explicit consent is not required under the ePrivacy Directive. However, you may clear localStorage and cookies at any time through your browser settings. Please note that doing so may require you to re-authenticate.
As a data subject, you are entitled to the following rights under the GDPR. You may exercise any of these rights by contacting us at privacy@nexusfleet.net.
You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to request a copy of that data along with supplementary information about how it is used.
You have the right to request the correction of inaccurate personal data and, taking into account the purposes of the processing, to have incomplete data completed.
You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.
You have the right to request restriction of processing where you contest the accuracy of the data, the processing is unlawful, or we no longer need the data but you require it for legal claims.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller without hindrance.
You have the right to object to processing based on legitimate interests or direct marketing at any time. We will cease processing unless we demonstrate compelling legitimate grounds.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
You have the right to lodge a complaint with a supervisory authority. In Malta, this is the Office of the Information and Data Protection Commissioner (IDPC).
We will respond to all legitimate requests within 30 days. In exceptional circumstances, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:
When personal data is no longer required, it is securely deleted or irreversibly anonymised in accordance with our data disposal procedures.
Your personal data is primarily processed and stored within the European Economic Area (EEA). Where a transfer of data outside the EEA is necessary (for example, where a third-party processor operates infrastructure in a non-EEA jurisdiction), we ensure that appropriate safeguards are in place, including:
You may request further details about the specific safeguards applied to international transfers of your data by contacting us.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our data protection team:
If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC), the supervisory authority in Malta, or with the supervisory authority in your EU Member State of habitual residence or place of work.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:
We encourage you to review this page periodically to stay informed about how we protect your data. Your continued use of NexusFleet after any changes to this Privacy Policy constitutes your acceptance of those changes, except where further consent is required by law.