Privacy Policy

1. Controller

Nuclei EOOD, 157 Shesti Septemvri Blvd., fl. 1, office 5, 4000 Plovdiv, BG, is the controller for this website and inquiry handling.

Contact: hello@nucleiinc.com.

2. Personal data we process

When you use an inquiry form, we process the data you submit: name, email address, company, role, request type, project stage, engagement type, budget, timeline, source or referral, and brief.

For app review requests, we also process the app URL, selected review package, access state, review areas, deadline or timeline, source or referral, and brief.

We also process technical metadata needed to receive, secure, and route the request: submission time, selected locale, IP address, request headers, rate-limit keys, and anti-spam signals such as the hidden honeypot field.

3. Purposes and legal bases

We use personal data to assess fit, reply to inquiries, prepare or perform requested services, operate the website and API, prevent spam and abuse, keep basic business records, and handle legal claims or obligations.

• Article 6(1)(b) GDPR: steps before entering into a contract and performance of requested services.
• Article 6(1)(f) GDPR: legitimate interests in operating a secure website, triaging inquiries, preventing abuse, and managing business communications.
• Article 6(1)(c) GDPR: compliance with legal obligations where record keeping or disclosure is required by law.

4. Hosting, delivery, and processors

The website is hosted and served through Cloudflare infrastructure, including Workers and static assets. Cloudflare may process request metadata and logs needed to deliver and protect the site.

Inquiry delivery may be configured to use a Slack incoming webhook and/or Resend email delivery. When configured, those services receive the submitted inquiry data plus routing metadata such as submission time, locale, and IP address.

These providers may process data outside the EEA depending on service routing and account configuration. Where that happens, transfers are handled under the relevant processor terms, including applicable standard contractual clauses or other lawful transfer safeguards.

5. Cookies and analytics

No analytics tools or non-essential cookies were found on this website at the time of this notice.

Cloudflare and the browser may still use technical request data needed to serve pages, secure the service, and maintain network reliability.

6. Retention

Inquiry data is kept for as long as needed to handle the request and reasonable follow-up. If the inquiry becomes a client engagement, relevant records may be kept for contract, accounting, tax, legal, or dispute purposes.

Data that is no longer needed is deleted, anonymized, or reduced where practical, unless legal retention duties or legitimate legal-defense needs require longer retention.

7. Confidentiality and secrets

Do not send passwords, tokens, private keys, recovery codes, production secrets, or unnecessary sensitive data through the form. The form and API reject common secret-like text, but you remain responsible for removing secrets before submission.

If secure access is needed for a review or engagement, it is arranged after triage through an appropriate channel.

8. Your rights

Under the GDPR, you may have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing based on legitimate interests. To exercise these rights, contact hello@nucleiinc.com.

You also have the right to lodge a complaint with a competent data protection supervisory authority.

9. Contact

For privacy requests or questions, contact Nuclei EOOD at hello@nucleiinc.com.