Parapet

Legal

Privacy Policy

Last updated: July 12, 2026

This policy explains how NEXTJENSECURITY LIMITED ("we", "us"), operating the Parapet service, handles personal data. We aim to comply with the UK GDPR, EU GDPR and the California Consumer Privacy Act (CCPA).

1. Data controller

The data controller is NEXTJENSECURITY LIMITED, 8 Raleigh Walk, Brigantine Place, Cardiff, CF10 4LN, United Kingdom. For any privacy request, contact us at support@nextjensec.shop or +44 7424494632.

2. Data we collect

3. How we collect it

4. Why we use it and our legal basis

5. Payment provider boundary

Payments are processed by Stripe. Card details are entered on Stripe-hosted checkout and are never received or stored on our servers. Stripe acts as an independent controller for payment data under its own privacy terms. We receive only limited confirmation and metadata (such as subscription status and masked card details).

6. Order, account and support data

We retain the records needed to operate your subscription, provide support and meet our legal and accounting obligations. Content you submit to generate output is processed to produce that output and is cleared from active cache by default after 30 days, as described in our Content License.

7. Cookies and analytics

We use strictly necessary cookies to run the site and, where enabled, privacy-conscious analytics to understand usage. You can control non-essential cookies as described in our Cookie Policy.

8. Third-party processors

We share data only with processors that help us run the service, including our hosting and deployment provider, our payment processor (Stripe), our authentication and database provider, and the AI model providers that generate output. Each is bound by contractual data-protection terms and processes data only on our instructions.

9. International transfers

Some processors operate outside the UK and EEA. Where data is transferred internationally, we rely on appropriate safeguards such as UK and EU standard contractual clauses or an adequacy decision.

10. Retention

We keep personal data only as long as necessary for the purposes above: account and billing records for the life of your subscription plus the period required by law; submitted content cleared from cache by default after 30 days; support messages for up to 24 months.

11. Security

We use encryption in transit, access controls and reputable infrastructure providers. Secret keys and credentials are stored server-side and are never exposed to the browser. No method of transmission is perfectly secure, but we work to protect your data.

12. Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to processing, and withdraw consent at any time. California residents may request disclosure or deletion and are not discriminated against for exercising their rights. To exercise any right, email support@nextjensec.shop.

13. Children and minors

The service is intended for adult communications professionals. It is not for anyone under 13, and users aged 13–17 must have verifiable guardian consent. We do not knowingly collect data from children under 13.

14. Complaints and contact

If you have a concern, contact us first at support@nextjensec.shop. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office).

15. Changes

We may update this policy and will revise the “last updated” date above. Material changes will be communicated where required.