Your Privacy Rights & Data Protection
Quick Actions
Table of Contents
Company Information
Nixa
460 Rue St Gabriel, 3rd floor
Montréal, QC H2Y 2Z9
Canada
Data Protection Manager:
David Kristensen, CTO
David Kristensen, CTO
Email: head@nixa.ca
Last Updated: June 8, 2026
1. Information We Collect
Personal Information You Provide
We collect personal information that you voluntarily provide to us when:
- Creating an account or registering for our services
- Using our platform and entering data
- Contacting us for support or inquiries
- Subscribing to our newsletters or marketing communications
- Participating in surveys, contests, or promotional activities
This information may include:
| Category | Examples | Purpose |
|---|---|---|
| Identity Information | Name, email address, phone number | Account creation and communication |
| Professional Information | Job title, company name, industry | Service customization and support |
| Business Data | Documents, records, workflow data | Platform functionality and data processing |
| Communication Data | Support messages, feedback, survey responses | Customer support and service improvement |
Information Automatically Collected
We automatically collect certain information when you use our services:
- Usage Data: Pages visited, features used, time spent on platform
- Device Information: Browser type, operating system, IP address
- Log Data: Access times, error logs, performance metrics
- Cookies: Session cookies, preference cookies (see Section 6)
2. How We Use Your Information
We use your personal information for the following purposes, based on legitimate business interests and your consent where required:
Service Provision
- Providing and maintaining our platform services
- Processing your data and business workflows
- Authenticating users and managing accounts
- Enabling collaboration features
Customer Support
- Responding to your inquiries and support requests
- Troubleshooting technical issues
- Providing training and onboarding assistance
Service Improvement
- Analyzing usage patterns to improve our services
- Developing new features and functionality
- Conducting research and analytics
- Performance monitoring and optimization
Security & Compliance
- Detecting and preventing fraud and abuse
- Ensuring platform security and integrity
- Complying with legal obligations
- Protecting our rights and those of our users
Other Integrations (Personal Data)
This section focuses on personal data processed when you enable optional integrations. We transmit only what is necessary to provide the requested features.
Google Calendar
Scopes Requested
- https://www.googleapis.com/auth/calendar.readonly
- https://www.googleapis.com/auth/calendar.events
- https://www.googleapis.com/auth/userinfo.email
- openid
We request read access to display your calendars and write access only when you choose to create, update, or delete synced Google Calendar events from Nixa.
Personal Data Processed (Read‑Only)
Calendar metadata and event details needed to run the integration: calendar ID, summary/title, color, primary flag; and for events: ID, title/summary, description, start/end, all-day status, status, location, attendees (names/emails), organizer/creator emails, meeting links, HTML link, created/updated timestamps, recurrence data, and visibility. Selected calendar IDs, sync status, and imported event records may be stored in your personal calendar entity to support sync, search, recurring-event management, and notifications.
Use of Personal Data
- Display and organize your calendars and events inside Nixa.
- Create, update, RSVP to, and delete Google-synced events when you ask Nixa to do so.
- Maintain change notifications and repair sync issues between Google Calendar and Nixa.
Storage and Security
- OAuth tokens (access/refresh) are encrypted at rest (AES-256-GCM).
- Selected calendar IDs, calendar metadata, sync state, and imported event records may be retained in your personal calendar entity to power the integration.
- Operational sync logs and webhook identifiers may be retained for reliability and troubleshooting.
Data Sharing
We do not sell or share Google Calendar data with third parties. Data is transmitted to Google only to provide this integration and the write actions you request. We do not use Google user data for advertising or marketing.
Retention and Deletion
- Tokens and selected calendar settings are retained while the integration is active.
- Disconnecting removes stored tokens and stops future sync. Previously imported event records may remain in your Nixa calendar until you edit or delete them.
- Operational logs may be retained for up to 12 months for security and troubleshooting, then deleted.
Controls and Revocation
- In‑app: Settings → Integrations → Google Calendar → Disconnect.
- Google Account: Revoke access in your Google Account permissions (Third‑party access).
International Transfers for this Integration
Customer production workspace data is hosted in Canada by default. Connecting Google Calendar necessarily involves transmitting relevant calendar data to and from Google systems, which may process data outside Canada.
Google Meet
- Personal data processed: meeting link/URI, participant display names, and counts; user email (for DWD impersonation); OAuth tokens (if per-user).
- Use: create meetings you request and display live status. No modification of personal content.
- Storage: tokens/credentials stored encrypted; operational logs retained for reliability.
- Controls: disconnect in app or revoke access in your Google Account.
Email Delivery (Mailgun/SMTP)
- Personal data processed: recipient email, name (if provided), delivery events (opened, clicked, bounced, unsubscribed).
- Use: send account and service emails; honor unsubscribes and suppressions.
- Storage: event logs and suppression lists retained to prevent unwanted emails.
- Controls: unsubscribe links in marketing emails; contact us for removal.
AI Features (OpenAI)
- Personal data processed: prompts, instructions, files, metadata, outputs, transcripts, embeddings, and content you provide to AI features.
- Use: generate responses, summaries, classifications, automations, transcriptions, embeddings, and insights you request.
- Model training: Customer Data, prompts, and outputs are not used by Nixa to train foundation models, and Nixa does not authorize third-party AI providers to train foundation models on that content unless you expressly opt in.
- Storage: Nixa may retain AI conversation context, prompts, outputs, transcripts, embeddings, agent run records, tool results, and metadata to provide continuity, auditability, retrieval, security, support, and product functionality. OpenAI/provider-side retention depends on the applicable provider terms, endpoint, configuration, and deletion controls.
- Controls: do not submit sensitive or regulated data to AI features unless your subscription and written agreement permit it; request deletion or access through the privacy contact.
Maps & Geocoding (Google)
- Personal data processed: addresses or place queries you type; device IP (by Google) for service delivery.
- Use: autocomplete and converting addresses to coordinates.
- Storage: cached geocoding results; no persistent storage of your raw queries beyond logs.
- Controls: do not enable address features if you prefer not to use Maps/Geocoding.
3. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:
Service Providers
We may share data with trusted third-party service providers and subprocessors who help us operate, secure, support, and improve Nixa. These providers are bound by confidentiality, security, and data protection obligations and are only authorized to use your information as necessary to provide services to us.
Material Subprocessors
Our current material subprocessors and provider categories include:
- Canadian infrastructure hosting, database, cache, storage, backup, monitoring, and security providers for core production services. Customer production workspace data is hosted in Canada by default; Europe hosting is available when expressly selected.
- OpenAI and its affiliates for managed AI model, embedding, transcription, realtime transcription, image, and related AI processing.
- Google and its affiliates for optional Google Calendar, Google Meet, Google OAuth, Maps, geocoding, and Google Workspace integrations enabled by you.
- Mailgun, SMTP, or other email delivery providers for service, account, transactional, and customer-enabled communications.
- Stripe or other payment processors when paid billing, checkout, invoicing, or payment-card processing is enabled.
- Customer-configured third-party integration providers, APIs, data sources, identity providers, MCP-connected tools, or external services enabled by you or your users.
We may provide additional provider names, functions, regions, and material-change notices through the Services, account documentation, a data processing addendum, or on request.
Legal Requirements
We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.
4. Data Storage and Security
Security Measures
We implement industry-standard security measures to protect your personal information:
- Encryption: Data is encrypted in transit and at rest using AES-256 encryption
- OAuth Tokens: Integration tokens (e.g., Google) are encrypted at rest (AES‑256‑GCM)
- Access Controls: Strict access controls and authentication mechanisms
- Regular Audits: Security audits and vulnerability assessments
- Staff Training: Regular privacy and security training for our team
- Infrastructure: Secure cloud infrastructure with Canadian data centers
Data Backup and Recovery
We maintain backups to support business continuity and disaster recovery. Backups are protected with technical and organizational safeguards, and backup location may vary depending on the provider, configuration, and applicable data processing terms.
Security Incidents
If we confirm a breach of security involving personal information processed by Nixa, we will investigate, contain, mitigate, and remediate the incident, notify affected customers without undue delay and within the timeframe required by applicable law or contract, and provide reasonable cooperation for regulatory or customer notification assessments.
5. Your Privacy Rights
Under Quebec's Law 25 and other applicable privacy laws, you have the following rights regarding your personal information:
Right to Access
You have the right to request access to the personal information we hold about you, including the purposes for processing and the categories of data.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal information.
Right to Erasure
You have the right to request deletion of your personal information, subject to certain legal obligations and legitimate business interests.
Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
Right to Object
You have the right to object to the processing of your personal information for direct marketing purposes or based on legitimate interests.
How to Exercise Your Rights
To exercise any of these rights, please contact our Data Protection Manager:
David Kristensen, CTO
Email: head@nixa.ca
Phone: Available through our contact page
We will respond to your request within 30 days as required by Quebec Law 25.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platform. Cookies are small text files stored on your device that help us provide and improve our services.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Necessary for site functionality | Session |
| Performance Cookies | Usage analysis and improvements | 1 year |
| Preference Cookies | Remember your settings | 6 months |
You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our platform.
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law.
Account Data
We retain your account information for the duration of your active subscription plus 90 days after account closure, unless you request immediate deletion.
Business Data
Your business data (documents, records, workflows) is retained according to your subscription terms and can be deleted upon request or account closure.
AI Prompts, Outputs, and Agent Runs
Prompts, outputs, AI conversation messages, agent run records, tool results, transcripts, embeddings, and related metadata may be retained while your account or workspace remains active and as needed for product functionality, auditability, security, support, legal compliance, backup, dispute preservation, or abuse prevention.
Support Communications
Support tickets and communications are retained for 3 years for quality assurance and training purposes.
Legal Requirements
Some information may be retained longer to comply with legal obligations, resolve disputes, or enforce our agreements.
8. International Data Transfers
International Privacy Safeguards
Nixa is based in Quebec, Canada and supports customers that may have Canadian, Quebec, European, or other privacy obligations. Where required, we use contractual safeguards, data processing terms, transfer assessments, subprocessor obligations, and regional hosting options appropriate to the services and providers involved.
Safeguards in Place
9. Contact Information
If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
Data Protection Manager
David Kristensen, CTO
Email: head@nixa.ca
Company Address
Nixa
460 Rue St Gabriel, 3rd floor
Montréal, QC H2Y 2Z9
Canada
General Contact
For general inquiries: Contact Form
For support: Available through our platform
10. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you by email if the changes are material
- Post the updated policy on our website
- Provide a summary of key changes where appropriate
We encourage you to review this privacy policy periodically to stay informed about how we protect your personal information.
Your Privacy is Protected
We are committed to protecting your personal data and supporting Quebec Law 25 requirements. Customer production workspace data is hosted in Canada by default, with Europe options where expressly selected. Integrations, AI features, email delivery, maps, support, security, backups, and provider system data may involve subprocessors and cross-border processing under contractual and privacy safeguards.