Privacy Policy

Privacy Policy

Effective Date: April 1, 2026

OpenNix LLC (“Company”) is committed to protecting the personal data of users of SecureBaseline Cloud products and related services.

1. Data Collected

Account Data

Email address
Username

Managed Host Data

Server IP addresses
Hostnames
Operating system information
Compliance scan results (CIS, STIG)
Vulnerability scan results (CVE)

Technical Data

User action audit logs
Session metadata (IP address, User-Agent)

2. Data Storage

All data is stored in the infrastructure chosen by the User:

Yandex Cloud - Managed PostgreSQL in ru-central1 region
Azure - on the User’s virtual machine (AIO) or Azure Database for PostgreSQL
AWS - Amazon RDS PostgreSQL
Data is not transmitted to the Company’s servers

3. Data Usage

Data is used exclusively for:

Providing Software functionality
Generating compliance and vulnerability reports
System action auditing
Technical support (at User’s request)

4. LLM Integration

When using AI Assistant features:

Requests are sent to the LLM provider selected by the User (YandexGPT, Azure OpenAI, OpenAI)
SSH keys, passwords, or secrets are never included in requests
The User configures the LLM provider independently and is responsible for data transmitted

5. Third-Party Disclosure

The Company does not disclose personal data to third parties, except as required by applicable law.

6. Data Protection

Encryption in transit (TLS 1.2+)
Credential encryption at rest (AES-256-GCM)
JWT-based authentication
Refresh tokens stored in httpOnly cookies

7. User Rights

Users may:

Request information about stored data
Request deletion of their data
Withdraw consent for data processing

8. Data Retention

Data is retained for the duration of the license. After cessation of use, data is deleted within 90 days unless otherwise required by law.

9. Contact Information

For data processing inquiries: Email: support@opennix.org Website: https://opennix.org