Privacy Policy

Effective date: 14 April 2026 — Version 1.0

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit the website https://nexwright.com, when you contact us, and when you use any product or service we supply under the trade names “NexWright” or “J2G”.

We take your privacy seriously. We collect only the data we need, keep it only as long as we have to, do not sell or rent it, and do not share it with third parties except as described below or as required by law.

1. Controller

The data controller responsible for the processing of your personal data is:

Legal name: ФОП Березняк Віталій Вячеславович (Individual Entrepreneur Berezniak Vitalii Viacheslavovych)
РНОКПП: 3279403914
Registered address: УКРАЇНА, 61098, Харківська область, м. Харків, Холодногірський район, вул. Полтавський Шлях, буд. 188, кв. 146 (Latin: 61098, Kharkivska oblast, m. Kharkiv, Kholodnohirskyi raion, vul. Poltavskyi Shliakh 188, apt. 146, Ukraine)
KVED (activity code): 62.01 — Computer programming
Trade names: NexWright, J2G
Contact (general): vitalii.berezniak@gmail.com
Contact (J2G support and privacy matters): support@nexwright.com

All references in this Policy to “we”, “us”, and “our” mean this controller.

2. Scope

This Policy covers personal data processed in connection with:

your use of the Website https://nexwright.com (and of the internal staging site https://nexwright.com/ when used by staff or invited testers);
email and other correspondence you send to us;
the negotiation and performance of service agreements;
the purchase, activation, and use of the J2G desktop application (see also the dedicated J2G Privacy Notice).

This Policy does not cover third-party websites that you may reach via links on our Website. Please read their privacy notices separately.

3. What Personal Data We Collect

3.1. When you visit the Website

Server access logs. When your browser requests a page, our HTTP server records the IP address (truncated to /24 for IPv4 and /56 for IPv6 at log-rotation time), the timestamp, the requested URL, the HTTP status code, the response size, the referring URL, and the user-agent string. Logs are used for security, abuse prevention, and capacity planning, and are retained for up to 90 days before automatic deletion.
Strictly necessary cookies. A session cookie may be set to remember your consent state or to maintain a secure connection. No advertising, profiling, or cross-site-tracking cookie is set by the Website.

3.2. When you contact us

Name, email address, message content, attachments, and any data you voluntarily include (company, job title, project context, phone number if you provide one). Used to answer your request and, where it leads to a commercial engagement, to prepare and perform a contract.

3.3. When we invoice or contract with you

Business / personal identifying data needed to issue a legally compliant invoice and to fulfil our tax obligations: full name or legal-entity name, address, VAT or equivalent tax identifier, bank payment reference, invoiced amount, invoice date.
Payment metadata returned by the payment channel used (for example, a bank SWIFT/IBAN reference for a wire transfer). We do not receive or store full payment-card numbers. Card payments, when used, are processed by a third-party payment service provider — see section 7.

3.4. When you activate or use J2G

For a full description of telemetry and license-activation data, see the J2G Privacy Notice. In summary, J2G activation reports: the license key, a hash of a machine fingerprint (hardware-id-derived, non-reversible to the underlying identifiers), the application version, the operating system family (Windows / macOS / Linux) and major version, and the activation and last-seen timestamps. No file content, pipeline content, source code, or repository metadata is transmitted.

3.5. What we do not collect

We do not run advertising, profiling, or cross-site-tracking technologies.
We do not use Google Analytics, Meta Pixel, or equivalent third-party web analytics on the public Website.
We do not sell, rent, or trade personal data.
We do not profile you or make solely automated decisions that produce legal or similarly significant effects on you.

4. Legal Basis

We process personal data on one or more of the following legal bases, as recognised by the Law of Ukraine “On Protection of Personal Data” (No. 2297-VI of 01.06.2010, as amended, “UA DP Law”), and — where EU visitors are concerned — under the corresponding provisions of Regulation (EU) 2016/679 (the “GDPR”):

Processing activity	Legal basis (UA DP Law / GDPR)
Responding to your email / inquiry	Contract pre-steps / Art. 6(1)(b) GDPR
Fulfilling a service agreement	Contract performance / Art. 6(1)(b) GDPR
Issuing invoices and keeping accounting records	Legal obligation / Art. 6(1)(c) GDPR (Ukrainian tax law)
Server access logs, abuse prevention, security	Legitimate interest / Art. 6(1)(f) GDPR
J2G license activation and enforcement	Contract performance / Art. 6(1)(b) GDPR
Cookie consent state (strictly necessary)	Legitimate interest / equivalent to “strictly necessary” under ePrivacy

Where we rely on your consent (for example, any future opt-in to a newsletter or to non-essential cookies), you may withdraw that consent at any time — see section 9.

5. How Long We Keep It

Data category	Retention
Server access logs	Up to 90 days, then automatic deletion
Contact-form / inbound email correspondence (no contract concluded)	Up to 24 months, then deletion
Customer records tied to an invoice (contract concluded)	Period required by Ukrainian tax law (currently 1 095 days / 3 years from the reporting period; longer if a tax audit is open)
J2G license activation records	Until licence termination + 3 years (to handle warranty, renewal, and anti-fraud)
Support tickets	3 years from closure, then anonymised or deleted
Backup copies	Rolling 35 days, then overwritten

Where a longer retention is required by law (for example, to defend a legal claim or to comply with a pending investigation), we will keep the data for the minimum period necessary and isolate it from active processing.

6. How We Secure Your Data

We apply organisational and technical measures appropriate to the risk:

TLS 1.2+ for all inbound connections to the Website.
Encrypted storage on the servers (LUKS / dm-crypt).
Role-based access control; access granted on a least-privilege, need-to-know basis; all administrative actions logged.
Regular software updates and security patching.
Offsite, encrypted backups.
Incident-response procedure with notification of the regulator and affected persons where required by law.

No security measure can guarantee absolute protection. You are responsible for keeping your own devices, credentials, and license keys safe.

7. Who We Share It With

We do not sell or rent personal data. We share it only with:

Hosting provider(s) — compute and storage for the Website and internal services. Acts as a processor on our instructions.
Email provider — for mail delivery related to the trade activity.
Payment service provider — when a card or online-payment channel is used, the provider (e.g. the acquiring bank’s 3-D-Secure gateway) receives what is necessary to execute the transaction. We receive only the payment-result metadata.
Professional advisors — accountants and legal counsel, bound by professional confidentiality.
Competent authorities — when we are required to disclose under Ukrainian law, a valid court order, or a legitimate request from a competent authority.
A successor entity — in the event of a reorganisation, merger, sale of business, or transfer of the trade activity, in which case continuity of this Policy will be ensured and you will be informed.

Each sharing is limited to what is necessary for the stated purpose.

8. International Transfers

Servers used for the Website and for J2G license activation may be located in Ukraine and / or in other countries whose level of data protection is recognised by Ukrainian and / or EU authorities as adequate, or for which we have put in place a recognised transfer mechanism (for example, the Standard Contractual Clauses approved by the European Commission).

On request we will tell you in which country a specific processing takes place and what safeguards apply.

9. Your Rights

Subject to the conditions and exceptions set out in the applicable law, you have the right to:

Access — obtain confirmation of whether we hold personal data about you and a copy of it.
Rectification — have inaccurate or incomplete data corrected.
Erasure (“right to be forgotten”) — have data deleted where we no longer have a lawful reason to hold it.
Restriction — ask us to pause processing while a dispute is resolved.
Portability — receive a copy of data you gave us in a structured, commonly used, machine-readable format, where technically feasible.
Objection — object to processing based on a legitimate interest, on grounds relating to your particular situation.
Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Lodge a complaint with the supervisory authority.

To exercise any of these rights, contact us at support@nexwright.com with sufficient information to identify the data you refer to. We will respond within one month, or explain why an extension is needed.

Supervisory authorities

In Ukraine: the Commissioner of the Verkhovna Rada for Human Rights (Уповноважений Верховної Ради України з прав людини — the Ombudsperson), who supervises compliance with the UA DP Law.
In the EU / EEA: the national data-protection authority of the country where you live, work, or where the alleged infringement took place.

10. Children

The Website and our services are directed at business users. We do not knowingly collect personal data from children under 14 (under Ukrainian law) or under 16 (under GDPR in the EU). If you believe a child has provided us with personal data, contact us and we will delete it without delay.

11. Changes to this Policy

We may update this Policy from time to time. The current version is always published at this page with an effective date. Material changes will be announced on the Website at least 14 days before they take effect. Archival versions are available on request.

12. Contact

Data-protection matters:

Email: support@nexwright.com (subject line: PRIVACY)
Postal address: see Imprint

We do not currently have a formal Data Protection Officer. The controller (see section 1) handles privacy requests personally.