GDPR Compliance Statement

Last updated: March 10, 2026

1. Overview

nu-agent is committed to compliance with the European Union General Data Protection Regulation (GDPR). This page provides an overview of our roles as data controller and processor, the technical and organizational measures we implement, and the rights of data subjects.

2. Controller and Processor

In the context of the SaaS services we provide to our customers, nu-agent typically acts as a “processor” and our customers remain the “controllers” with respect to their employees and end users.

For limited personal data we collect directly in the context of our website and marketing activities, nu-agent may act as a controller. These situations are further explained in our Privacy Policy.

3. Purposes and Legal Bases

Our processing activities are based on purposes such as providing and improving the service, security, error tracking, customer support and compliance with legal obligations. The legal bases include performance of a contract, legitimate interests, consent and legal obligations.

4. Technical and Organizational Measures

  • Modern encryption methods for data in transit and at rest
  • Strict access controls and authorization mechanisms
  • Logging, monitoring and audit trails
  • Regular security testing and improvements
  • Security and privacy training for employees

5. Sub-processors

nu-agent may engage certain third-party service providers (for example for hosting, infrastructure, analytics and support tools). Contracts with these providers include appropriate data processing clauses in accordance with Article 28 GDPR.

6. International Data Transfers

Personal data may be transferred to countries outside the European Economic Area (EEA). In such cases, adequate protection is ensured by mechanisms such as European Commission adequacy decisions, Standard Contractual Clauses (SCCs) or similar safeguards.

7. Data Subject Rights

Under the GDPR, data subjects have the following rights:

  • Right of access (information about processing activities)
  • Rights to rectification and erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object and right not to be subject to automated decision-making

To exercise your rights, you may first need to contact the controller (for example your employer or the customer that provides you access to the service). If you need to contact nu-agent directly, you can reach us at hello@nu-agent.com.

8. Data Breach Notifications

In the event of a personal data breach, we have procedures in place to notify controllers and, where required, the competent supervisory authorities within the timeframes set out in the GDPR and applicable laws.

9. Further Information and Contact

If you need more detailed information about nu-agent's GDPR compliance or wish to request a Data Processing Agreement (DPA), please contact us at hello@nu-agent.com.