Privacy Policy
Last updated: May 2026
NexPhase (“we”, “us”) provides a reliability and maintenance management platform to industrial operators. This page summarises how we handle data. For a copy of our full privacy notice, contact contact@nexphase.biz.
What we collect
Account information (name, email, organisation), customer-uploaded documents and equipment data, and standard server logs (IP, user-agent, request times) for security and reliability.
How we use it
Data is used solely to provide the service to your organisation: extracting maintenance tasks, running analyses, and producing reports. Customer data is isolated per tenant and is not used to train third-party models.
Sub-processors
We use vetted infrastructure and AI providers to operate the platform. Current sub-processors include Replit Deployments running on Google Cloud Platform (GCE) for hosting and storage, and selected large language model providers (currently OpenAI, Anthropic, and DeepSeek) for analysis features. All AI providers are configured to not retain or train on customer data. A current list of sub-processors is available on request.
Hosting & data residency
The platform is hosted on Google Cloud Platform (GCE). Customer data — including uploaded documents, extracted content, and account records — is stored in Google Cloud managed services with encryption at rest. The current production region and details of regional alternatives are available on request via contact@nexphase.biz.
Retention & deletion
Customer data is retained for the life of the subscription. On termination, data is deleted within 30 days unless a longer retention period is required by contract or law.
International users (GDPR & equivalents)
NexPhase is operated from Australia. If you access the service from the European Economic Area, the United Kingdom, or another jurisdiction with equivalent data-protection laws, you have rights of access, correction, deletion, and portability over personal data we hold about you, and you may object to or restrict certain processing. Requests can be made to contact@nexphase.biz and will be actioned within 30 days. Where required, a Data Processing Addendum can be entered into on request.
Security
All traffic is encrypted in transit (TLS 1.2+ with HSTS enforced). Data is stored in access-controlled managed services with encryption at rest. Authentication is per-organisation with session tokens; administrative actions are logged. Security issues can be reported to contact@nexphase.biz or via /.well-known/security.txt.
Compliance status
NexPhase is not currently certified to SOC 2, ISO 27001, or equivalent third-party audit standards. We operate to the security and privacy practices described on this page and in our security.txt. Customers requiring a formal security questionnaire response, vendor assessment, or Data Processing Addendum can request one at contact@nexphase.biz.
Contact
Questions, data access, or deletion requests: contact@nexphase.biz.