Privacy Policy

1. Who We Are

Adverant Limited (“Adverant”, “we”, “us”) is incorporated in Dublin, Ireland and operates the NexusROS AI Revenue Operating System (“Service”). Adverant is the data controller for personal data processed through the Service.

Data Protection Officer: privacy@adverant.com

2. Data We Collect

2.1 Account Data

Name, email address, company name, job title, billing information, and authentication credentials you provide when creating an account or subscribing to a plan.

2.2 CRM & Business Data

Contacts, companies, deals, activities, pipelines, campaigns, and other business records you create or import into NexusROS. This includes data synchronised through our 100+ enterprise connectors (e.g., Salesforce, HubSpot, Google Workspace, Slack, LinkedIn, Mailchimp, Stripe, and others). Each connector processes only the data categories necessary for the integration you configure.

2.3 AI-Generated Insights

NexusROS uses AI agents to generate lead scores, intent signals, prospect dossiers, deal simulations, revenue forecasts, and behavioural profiles. These outputs are derived from data you provide and are stored within your workspace.

2.4 Psychological & Behavioural Profiles

Where you enable profiling features, NexusROS may generate DISC, Big Five, and persuasion-alignment profiles for contacts. These profiles are inferred from communication patterns and publicly available information—never from sensitive personal data categories (Article 9 GDPR). You may disable profiling at any time in your workspace settings.

2.5 Usage & Technical Data

IP address, browser type, device information, pages visited, feature usage, and performance metrics. We also collect server logs and error reports to maintain service reliability.

2.6 Cookies & Tracking Technologies

See Section 8 (Cookies) below for details on the cookies we use and how to manage your preferences.

3. Purposes & Lawful Basis (GDPR Article 6)

4. Data Retention

• Account data: retained for the duration of your subscription plus 90 days after termination to allow reactivation.
• CRM & business data: retained for the duration of your subscription. Deleted within 30 days of account closure upon request.
• AI-generated insights and profiles: retained for the duration of your subscription. Automatically purged within 30 days of account closure.
• Usage logs: retained for up to 12 months for security and analytics, then aggregated or deleted.
• Billing records: retained for 7 years as required by Irish tax law.

5. Third-Party Sharing

We do not sell your personal data. We share data only with:

• Sub-processors: cloud hosting providers, payment processors, and email delivery services that process data on our behalf under Data Processing Agreements.
• Connectors you enable: when you connect third-party services (e.g., Salesforce, HubSpot, Slack), data flows bidirectionally as configured by you. Each connector operates under the third party’s own privacy policy.
• AI model providers: prompts are sent to AI model providers to generate insights. We contractually prohibit these providers from training on your data.
• Legal requirements: where required by law, court order, or regulatory obligation.

6. International Data Transfers

Your data may be processed in the European Economic Area and, where necessary, in jurisdictions outside the EEA. Where we transfer data outside the EEA, we rely on European Commission adequacy decisions or Standard Contractual Clauses (SCCs) to ensure an adequate level of protection.

7. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you (Art. 15).
• Rectification of inaccurate or incomplete data (Art. 16).
• Erasure (“right to be forgotten”) of your data (Art. 17).
• Restriction of processing in certain circumstances (Art. 18).
• Data portability — receive your data in a structured, machine-readable format (Art. 20).
• Object to processing based on legitimate interest, including profiling (Art. 21).
• Withdraw consent at any time where processing is based on consent (Art. 7(3)).
• Not be subject to solely automated decision-making that produces legal or significant effects (Art. 22). NexusROS AI outputs are decision-support tools; final decisions remain with human users.

To exercise any of these rights, contact us at privacy@adverant.com. We will respond within 30 days.

8. Cookies

We use the following categories of cookies:

• Essential cookies: required for the site to function (authentication, security tokens, session management). These cannot be disabled.
• Analytics cookies: help us understand how visitors use the site (e.g., page views, traffic sources). Set only with your consent.

You can manage your cookie preferences at any time using the cookie consent banner displayed on your first visit, or by clearing your browser cookies.

9. Data Security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS 1.3) and at rest (AES-256), network segmentation, role-based access control, regular penetration testing, and audit logging. Connector credentials are stored encrypted and never serialised to external version-control systems.

10. Children’s Privacy

NexusROS is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before they take effect. The “Effective Date” at the top of this page indicates the latest revision.

12. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Irish Data Protection Commission: