nios

Data Processing Addendum

Last updated: 14.01.2026

This Data Processing Addendum forms Annex 1 of the General Terms & Conditions.

A.1 Customer Data

For the purposes of this Agreement, Customer Data (also referred to as "Customer Inputs") means any non-public business data submitted by the Customer into the Nios Software Service or otherwise provided to Nios in connection with the Service. Examples include supplier details, product or material information, bills of materials, and other value chain data. For clarity, Personal Data is processed in accordance with Nios' Privacy Policy and is distinct from Customer Data described in this section.

Customer Data will be treated as confidential and used solely to deliver the Service, such as estimating nature-related impacts and risks across value chains. Customer Data will not be:

  • Used to train AI models.
  • Disclosed to third parties for their own purposes.
  • Used for purposes beyond the scope of the Service.

Nios relies on third-party providers to host and operate the Service (as listed in Product Terms), and the Customer consents to such use by entering into the Agreement.

The Customer remains responsible for the accuracy of Customer Data provided.

A.2 Confidential Information

"Confidential Information" means any non-public information shared by either Party in connection with the Service. Confidential Information does not include information that:

  • Is or becomes public through no fault of the receiving Party.
  • Was lawfully obtained from a third party without breach of confidentiality.
  • Was already known to the receiving Party before disclosure.
  • Is independently developed without use of the other Party's Confidential Information; or
  • Must be disclosed by law or legal process.

A.3 Infrastructure and Security

Customer Data is stored securely on enterprise-grade cloud infrastructure. Nios uses reputable service providers, and the current list of subprocessors is maintained in the Product Terms and may be updated from time to time.

Nios applies common security practices, including:

  • Encryption in transit (HTTPS/SSL) and at rest
  • Role-based employee access control
  • Audit logs of access and activity
  • Logical isolation between Customers
  • Automated monitoring and security scanning

Customers may request deletion of their Customer Data at any time.

A.4 AI Features

Some features use third-party AI models to support workflow automation. Nios follows an EU-first approach and uses EU-based processing whenever available, sharing only the minimum data required to provide the feature. Where international transfers occur, processing is carried out in accordance with GDPR Chapter V (e.g., adequacy decisions or Standard Contractual Clauses). For clarity, AI model features are used in connection with Customer Data and are not intended to process Personal Data.

A.5 Termination, Downgrade, Data Export & Deletion

Nios retains Customer Data for the duration of the Agreement and in accordance with the retention rules described in the Product Terms. Upon termination, downgrade, or account deletion, Customer Data will be handled as follows:

  • Customer Data is stored for as long as the Customer maintains an active account or subscription. The Customer may export Customer Data at any time during the term.
  • Upon account deletion, Customer Data is erased without undue delay, subject to standard backups and legal obligations.
  • For inactive accounts or downgrades, retention and deletion timelines follow the rules set out in the Product Terms.

Either party may terminate the Agreement for an uncured material breach after thirty (30) days' notice. The Customer Data handling rules apply upon any termination or change in subscription status.

A.6 Product Improvement

Nios may observe and analyze how Customers use the Service to improve and further develop its products.