Nelyx — logoNelyx
Switch to French

Privacy Policy

Last updated: September 26, 2025

1) Data Controller

The Nelyx application is published by Triven Kadiata, Sole Proprietor, SIREN 889890141. Personal data contact: support@nelyx.fr.

2) Scope

This policy applies to personal data processing carried out via the Nelyx website, application, and APIs (authentication, HR management, support, billing).

3) Data we collect

  • Account data: first name, last name, email address, role(s), company.
  • Usage data: technical logs (timestamps, User-Agent), application events (audit logs), truncated IP addresses.
  • Payment data: subscription and billing metadata processed via Stripe (no card data stored).
  • Support data: content of support requests and emails.
  • Security & abuse prevention: hashed identifiers (email) and minimized technical signals, strictly for security purposes.
  • Cookies: see our Cookies Policy.

4) Purposes & legal bases (GDPR art. 6)

  • Service provision: account creation and HR management — contract performance.
  • Billing & subscriptions: invoicing and accounting — contract performance and legal obligation.
  • Customer support: assistance and communication — legitimate interest.
  • Security & fraud prevention: protection of the platform — legitimate interest.
  • Audience measurement (if enabled):consent.
  • Legal obligations: tax and accounting compliance — legal obligation.

5) Recipients & processors

We rely on trusted service providers for specific functions:

  • Hosting & infrastructure: Hetzner (frontend, backend and database hosting).
  • Payments: Stripe (subscriptions and invoices).
  • Transactional emails: Resend.
  • Cache / realtime / queues: Upstash (Redis).
  • OAuth providers: Google (if enabled).

The up-to-date list of processors and our Data Processing Agreement (DPA) are available here: /subprocessors and /dpa.

6) Transfers outside the EU

Some providers may be located outside the European Union (e.g., United States). In such cases, appropriate safeguards are implemented, including Standard Contractual Clauses (SCCs). You may request further information by contacting: support@nelyx.fr.

7) Retention periods

  • Account data: retained for the duration of the contractual relationship, then 24 months after account closure.
  • Billing data: retained for up to 10 years in accordance with accounting obligations.
  • Support data: retained for 24 months after the last interaction.
  • Technical logs: retained for up to 12 months unless a security incident occurs.
  • Security & abuse data: retained for the duration of the measure, and no longer than 36 months.
  • Cookies: see the Cookies Policy.

8) Security & abuse prevention

We implement reasonable technical and organizational measures such as encryption in transit (HTTPS), access controls, backups, and logging to ensure data security and prevent abuse.

9) Your rights

You have the right to access, rectify, erase, restrict, object to processing, and request data portability. To exercise your rights, contact us at: support@nelyx.fr.

If you believe your rights are not respected, you may lodge a complaint with your supervisory authority (in France: CNIL — cnil.fr).

10) Cookies

Cookies and consent settings are described in the Cookies Policy. Non-essential cookies are used only with your consent.

11) Underage users

The Service is intended for users aged 18 or older. We do not knowingly collect personal data relating to minors.

12) Changes to this policy

This policy may be updated to reflect legal, technical, or functional changes. In case of substantial updates, users will be informed via the website or email.

13) Contact

Personal data inquiries: support@nelyx.fr