Back to Home

Data Protection Policy

Open Onexa™ — Nexa Labs Inc. — Effective Date: February 12, 2026 — Last Updated: February 12, 2026

1. Data Protection Principles

We process data in accordance with: lawfulness, fairness, transparency, purpose limitation, data minimization, storage limitation, integrity and confidentiality.

2. Categories of Data

We classify data into:

  1. Account Data
  2. Institutional Data
  3. Research Input Data
  4. AI Output Data
  5. System Metadata
  6. Support Communications

Each category follows defined access controls.

3. Lawful Basis for Processing

Where applicable (e.g., GDPR jurisdictions), processing is based on contractual necessity, legitimate interest, legal compliance, and consent.

4. Data Minimization

We collect only what is necessary to provide functionality, maintain security, and improve performance.

5. Encryption & Security

We implement:

  • TLS encryption in transit
  • AES-256 encryption at rest (where supported)
  • Role-based access control
  • Multi-factor authentication (where enabled)
  • Continuous monitoring

6. Data Retention

We retain data for duration of active account, as required by law, and according to institutional agreements. Users may request deletion, subject to legal retention requirements.

7. Data Subject Rights (GDPR-Aligned)

Where applicable, users may: access personal data, rectify inaccuracies, request erasure, restrict processing, object to processing, and request portability.

Requests: legal@openonexa.com

8. Cross-Border Transfers

Data may be processed in jurisdictions outside the user's country. We implement safeguards consistent with applicable law.

9. Data Breach Response

In the event of a confirmed breach, we will investigate promptly, notify affected users where required, and comply with regulatory reporting obligations.

10. Subprocessors

We may use infrastructure providers. We conduct due diligence before engaging subprocessors.

11. Children's Data

Open Onexa is not intended for minors.

12. Responsible AI Governance

Open Onexa implements model evaluation protocols, bias monitoring, and output transparency controls. AI outputs are probabilistic and require scientific validation.

13. Data Processing Agreements (DPA)

Institutional partners may request formal Data Processing Agreements, Confidentiality Addendums, and Research Governance Agreements.

14. Contact

legal@openonexa.com
Nexa Labs Inc.
London, United Kingdom