Privacy Policy

The data controller is NexoCyber Networks S.L. (hereinafter, 'SkyDefended'), a company registered in Spain. Contact: legal@nexocyber-networks.com. For data protection enquiries you may also reach our DPO at the same address with the subject line 'DPO Request'.

Account data

When you create an account we collect your name, corporate email address, and a hashed password. We never store plaintext passwords.

Usage data

We collect anonymised telemetry about feature usage (pages visited, actions performed) to improve the product. This data is never linked to an identifiable individual without your consent.

Technical data

IP address (truncated after 24 hours), browser type, and device type are collected automatically for security and fraud prevention purposes.

We process your data on the following legal bases under GDPR Article 6: (a) Contract performance — to provide the services you have subscribed to; (b) Legitimate interest — to secure our systems and prevent fraud; (c) Legal obligation — to comply with applicable EU and Spanish law; (d) Consent — for optional communications such as product updates and newsletters, which you may withdraw at any time.

Account data is retained for the duration of your subscription plus 3 years to comply with Spanish commercial law (Código de Comercio Art. 30). Anonymised usage analytics are retained for 24 months. You may request deletion of your personal data at any time by contacting us, subject to legal retention obligations.

Under GDPR you have the right to: access your personal data; rectify inaccurate data; request erasure ('right to be forgotten'); restrict or object to processing; receive your data in a portable format; withdraw consent at any time without affecting prior processing. To exercise any of these rights, contact legal@nexocyber-networks.com. If you believe your rights have been violated you may lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es.

Your data is processed within the European Economic Area (EEA). We do not transfer personal data to third countries without adequate safeguards. Where sub-processors operate outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

We use a limited number of sub-processors, all bound by data processing agreements: infrastructure hosting (EU-based), email delivery for transactional messages, and error monitoring. We do not sell or share your data with advertisers or data brokers.

We may update this policy to reflect changes in our practices or applicable law. Material changes will be notified via email at least 30 days before taking effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.