This Privacy Policy (“Policy”) describes how Sumbios AB (“Sumbios”, “Nexus”, “we”, “us”, or “our”) collects, uses, and protects your personal data when you access or use the Nexus platform, browser extension, APIs, and related services (the “Service”).

We are committed to protecting your privacy and handling your data responsibly, in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

By using Nexus, you agree to the terms of this Privacy Policy.

1. What Data We Collect

We may collect the following categories of data:

• Account Data: name, email address, password, organization, role, subscription details.
• Usage Data: device identifiers, IP address, browser type, user-agent, login timestamps, product interactions.
• Integration Data: when you connect third-party services (LinkedIn, Gmail, Outlook, Calendar, Slack, CRMs, Notion, etc.), we access only the data necessary to provide features (e.g. connection graph, message metadata, calendar events).
• Network & Enrichment Data: LinkedIn public profile information (connections, skills, education, work history, posts), as available through your authorized session or publicly available sources.
• Mission Data: data you input into projects, pipelines, searches, notes, or uploaded files.
• Communication Data: email metadata, meeting summaries, transcripts, documents, tags, and contextual links stored within the Service.
• Payment Data: billing details, payment method, invoices (processed securely by third-party providers such as Stripe or GoCardless).

We do not knowingly collect sensitive data (such as government IDs, financial account numbers, or health data).

2. How We Use Your Data

We process your data to:

• Provide and operate the Service (account creation, onboarding, authentication).
• Map and enrich your professional network.
• Enable missions, search, lead extraction, and insights.