Legal
Privacy Policy
Last updated: July 12, 2026
This policy explains how NEXTJENSECURITY LIMITED ("we", "us"), operating the Parapet service, handles personal data. We aim to comply with the UK GDPR, EU GDPR and the California Consumer Privacy Act (CCPA).
1. Data controller
The data controller is NEXTJENSECURITY LIMITED, 8 Raleigh Walk, Brigantine Place, Cardiff, CF10 4LN, United Kingdom. For any privacy request, contact us at support@nextjensec.shop or +44 7424494632.
2. Data we collect
- Account data: name, email address and password credentials handled by our authentication provider.
- Subscription and billing data: plan, billing status and the last four digits and card brand provided by our payment processor. We do not store full card numbers.
- Content you submit: situations you describe, brand materials, logos and facts you upload to generate communications output.
- Support data: messages you send through our contact and scenario-inquiry forms.
- Technical data: IP address, device and browser type, and usage events needed to run and secure the service.
3. How we collect it
- Directly from you when you sign up, subscribe, submit a form or use the studio.
- Automatically through cookies and similar technologies when you use the site (see our Cookie Policy).
- From our processors, such as our payment provider and hosting provider, in the course of delivering the service.
4. Why we use it and our legal basis
- To provide the service and generate your requested output — performance of a contract.
- To process subscriptions and payments — performance of a contract and legal obligation.
- To respond to support and inquiry requests — legitimate interests and, where applicable, steps prior to a contract.
- To secure, maintain and improve the service — legitimate interests.
- To send service and, where you consent, occasional product updates — consent or legitimate interests.
5. Payment provider boundary
Payments are processed by Stripe. Card details are entered on Stripe-hosted checkout and are never received or stored on our servers. Stripe acts as an independent controller for payment data under its own privacy terms. We receive only limited confirmation and metadata (such as subscription status and masked card details).
6. Order, account and support data
We retain the records needed to operate your subscription, provide support and meet our legal and accounting obligations. Content you submit to generate output is processed to produce that output and is cleared from active cache by default after 30 days, as described in our Content License.
7. Cookies and analytics
We use strictly necessary cookies to run the site and, where enabled, privacy-conscious analytics to understand usage. You can control non-essential cookies as described in our Cookie Policy.
8. Third-party processors
We share data only with processors that help us run the service, including our hosting and deployment provider, our payment processor (Stripe), our authentication and database provider, and the AI model providers that generate output. Each is bound by contractual data-protection terms and processes data only on our instructions.
9. International transfers
Some processors operate outside the UK and EEA. Where data is transferred internationally, we rely on appropriate safeguards such as UK and EU standard contractual clauses or an adequacy decision.
10. Retention
We keep personal data only as long as necessary for the purposes above: account and billing records for the life of your subscription plus the period required by law; submitted content cleared from cache by default after 30 days; support messages for up to 24 months.
11. Security
We use encryption in transit, access controls and reputable infrastructure providers. Secret keys and credentials are stored server-side and are never exposed to the browser. No method of transmission is perfectly secure, but we work to protect your data.
12. Your rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to processing, and withdraw consent at any time. California residents may request disclosure or deletion and are not discriminated against for exercising their rights. To exercise any right, email support@nextjensec.shop.
13. Children and minors
The service is intended for adult communications professionals. It is not for anyone under 13, and users aged 13–17 must have verifiable guardian consent. We do not knowingly collect data from children under 13.
14. Complaints and contact
If you have a concern, contact us first at support@nextjensec.shop. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office).
15. Changes
We may update this policy and will revise the “last updated” date above. Material changes will be communicated where required.