Nested Knowledge is committed to ensuring protection of all personal information that we hold. We recognise our obligations in updating and expanding this program to meet the requirements of GDPR.

Nested Knowledge is located in the United States of America and provides services to users in countries across the world, except countries sanctioned by the U.S.

• Personal data - name, email, phone number, location data.
• Sensitive personal data - race, health status, religion, political affiliation
• Controller - Determines how data is processed.
• Processor - Processes data on behalf of another entitied.
• Subprocessor - Processes data on behalf of another processor

Nested Knowledge performs or maintains the following activities or policies to ensure GDPR compliance:Policies and Procedures

• Data Retention and Erasure - our policies meet the “data minimisation” and “storage limitation” principles and that personal information is stored, archived and destroyed in accordance with our obligations. We have procedures in place to meet the new “Right to Erasure” obligation.
• Data Breaches - our Incident Response policies ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained all employees.
• Privacy Notice/Policy - we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
  • Our Privacy Policy was published online on January 3rd, 2022
• Obtaining Consent - we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.
• Direct Marketing - we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
• Cookies - our cookies and user data tracking have been brought into compliance with the GDPR.
• Use of photos - we have developed a Photo Policy describing our use of photos.

We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.

See our Privacy Policy, which will be maintained by Termly.io. We will use the service provided by Termly.io to stay updated with privacy regulation changes.

Individual’s have a right to access any personal information that Nested Knowledge processes about them and to request information about:

• what personal data we hold about them
• the purposes of the processing
• the categories of personal data concerned
• the recipients to whom the personal data has/will be disclosed
• how long we intend to store your personal data for
• if we did not collect the data directly from them, information about the source
• the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
• the right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
• the right to lodge a complaint or seek judicial remedy and who to contact in such instances.

Nested Knowledge provides easy-to-access information via our Privacy Policy. We can be reached for further inquiry through our Data Protection Officer.

As described in our Third Party Policy, we will notify user of significant changes to how their data is processed, such as the addition of a new subproccesor, at least 7 days in advance.

Nested Knowledge is obligated to report information on data breaches and mitigations to the required government agencies as well as reporting information of data breaches to the affected parties.

AWS is used for cloud hosting of the Nested Knowledge platform, including its servers, services, and databases. All user accounts and data generated on the NK application are stored in databases in AWS, behind a firewall (VPC). This data, including personal information, is not shared with AWS in a structured or meaningful way, instead only being processed by NK application code within the VPC.

Auth0 provides authentication of users for the NK application. As such, Auth0 holds:

• User email and password or social login account identifiers
• Login history

No further data is shared with Auth0.

HubSpot Inc. is used to notify users via email of new software releases that will interrupt their workflow. Users can opt out of emails at any time. We also use HubSpot to handle inbound sales inquiries, onboarding communication, and technical support requests.

HubSpot stores the full name and email addresses of users. Users can have their personal or organizational data deleted at any time. All user data is deleted from HubSpot if an account is deleted.

HubSpot may employ additional third-party sub-processors, which are listed in Annex 3 of their Data Protection Agreement.

Nested Knowledge's Data Protection Officer (see below) is responsible for promoting awareness of the GDPR across the organization, assessing our GDPR compliance, identifying any gap areas and implementing the new policies, procedures and measures.

Nested Knowledge understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR; we have involved our employees in our preparation plans.

See the Data Protection Officer section of our Information Security policy.

For any GDPR-related issues, contact the CEO or other contacts listed under Key Contacts.

Nested Knowledge began an internal audit in September 2023

Return to Policies