Data privacy
Data privacy information for Nios users
This document outlines how data is handled within the Nios software platform. It is intended to provide clarity for users on data usage, storage, and privacy protections.
1. Purpose of data use
Data entered into the Nios software is used solely to deliver analysis and insights to the client organization that provided the data. This may include, for example, estimating nature-related impacts and risks across value chains.
Client data is not used to train AI models, is not shared with any third parties, and is not used for any purposes beyond the immediate scope of the software's functionality.
2. Infrastructure and GDPR compliance
Client data is stored securely on European-based cloud infrastructure using enterprise-grade providers, including Vercel (hosted on AWS) and Google Cloud.
All data processing is fully aligned with the EU General Data Protection Regulation (GDPR). Region-specific data residency controls are enforced, and data is processed exclusively within the EU. Clients retain the right to request deletion of their data at any time.
3. Use of AI features
Some features in the Nios tool make use of large language models (LLMs), for example to support users in structuring product data or generating input assumptions. These features are powered by providers such as Anthropic and OpenAI, both of whom offer contractual data privacy protections.
Inputs sent through these features are not used for model training, and data is processed exclusively within the EU.
4. Security and access control
Nios follows common security best practices, including:
Encryption: All data is encrypted in transit (HTTPS/SSL) and at rest.
Access control: Only authorized Nios employees have access to client data. Access is managed through fine-grained, role-based permissions (via Clerk).
Audit trail: All access and system activity is logged for accountability.
Data isolation: Each client's data is logically separated to prevent cross-access.
Monitoring: The infrastructure is continuously monitored for potential security threats, and automated security scans are part of our development workflow.
If you have further questions or specific security requirements, we are happy to provide additional information.