Global Privacy Policy

Last Updated: 23.12.25

Table of content

toc item

Introduction

BlueNexus Tech Pty Ltd (“we”, “us”, “our”) provides privacy-first infrastructure and technology services (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when individuals interact with:

  • the https://bluenexus.ai/
  • the Platform
  • applications or services built by developers using the Platform
  • customer support interactions
  • other products or services offered by us 

(collectively, the Services)

We are committed to handling personal information responsibly and transparently, and in compliance with applicable privacy laws, including the Australian Privacy Act, GDPR/UK GDPR, U.S. state privacy laws, and other global privacy regulations.

This Policy is designed to be accessible, clear, and suitable for all users.

For enterprise customers or developers who require detailed compliance information, our Enterprise Privacy & Compliance Framework provides expanded regulatory detail.

Clarification on “We”, “Us”, and Platform Access

References in this Policy to “we”, “us”, “our”, or “BlueNexus” refer to BlueNexus as a legal entity and its personnel (including employees, contractors, and administrators). They do not refer to automated processing performed by the Platform or its systems where such processing occurs without human access to decrypted data.

While the Platform may technically encrypt, decrypt, or otherwise process data as required to provide the Services (including within secure compute or confidential processing environments), BlueNexus personnel do not have access to decrypted user content or encryption keys except where such access is explicitly provided by the user or customer for support, debugging, compliance, or lawful purposes.

1. What Personal Information We Collect

We collect the minimum personal information necessary to provide and secure the Services. The types of information we collect include:

1.1 Account & Identity Information

When you create an account or authenticate, we may collect:

  • Email address
  • Authentication or login credentials
  • Public encryption keys
  • Basic profile or account metadata
  • Optional recovery details

1.2 Technical & Operational Data

Automatically collected through your use of the Platform, including:

  • Device and browser information
  • IP address
  • Usage logs and routing metadata
  • Security and performance data
  • Error, diagnostic, and fraud-prevention signals

We do not access or log:

  • decrypted data processed inside confidential compute environments
  • model prompts, outputs, or content processed inside isolated secure environments (if applicable to the Platform architecture)

1.3 Developer-Submitted Data

If you use an application built by a developer on the Platform, that developer may route data through the Platform. This may include:

  • user-generated content
  • files or structured/unstructured data
  • application outputs
  • sensor, device, or health-related data

Developers remain responsible for obtaining any required consents and providing their own privacy notices.

1.4 Website Analytics

We use privacy-preserving analytics tools without:

  • cross-site tracking
  • advertising cookies
  • fingerprinting
  • selling or sharing analytics data

2. How We Use Personal Information

We use personal information for the following purposes:

  • Creating and managing accounts
  • Providing and improving the Services
  • Operating confidential compute and routing processes
  • Processing developer-submitted instructions
  • Maintaining security, fraud detection, and abuse prevention
  • Providing customer support
  • Managing billing and transactions
  • Complying with law and regulatory obligations

We do not:

  • sell or share personal information for advertising purposes unless the individual or customer has provided explicit consent
  • train AI models on personal information unless the individual or customer has provided explicit consent

3. Summary of Legal Bases for Processing

  • access decrypted content stored or processed inside secure compute environments

Depending on your location, we may rely on one or more of the following legal bases:

  • Performance of a contract (account access, support)
  • Legitimate interests (security, fraud detection, service improvement)
  • Consent (optional communications or features)
  • Legal obligation (tax, compliance, regulatory requirements)

Developers are responsible for determining and documenting the lawful basis for any data they route through the Platform.

4. When We Share Personal Information

We share only what is necessary to operate the Services. This includes sharing with:

  • secure cloud hosting and infrastructure providers
  • confidential compute or enclave partners
  • authentication and security providers
  • payment processors
  • support and monitoring tools
  • subcontractors approved under data protection agreements

We do not share decrypted sensitive content, as such content may be technically inaccessible.

A full list of subprocessors is available on our website, and a detailed summary is provided in our Enterprise Privacy & Compliance Framework.

5. International Data Transfers

We operate globally. Personal information may be stored or processed in:

  • Australia
  • The United States
  • The European Union / United Kingdom
  • Other regions selected by users or developers

When required by law, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum
  • Encryption and confidential compute
  • Other technical and organisational measures

If we are required to appoint an EU or UK representative under GDPR Article 27, we will update this Policy accordingly.

6. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy.

Typical retention periods include:

  • Account data - kept until account closure, then deleted within a reasonable timeframe
  • Operational logs - up to 90 days
  • Billing and financial records - as required by law (e.g., 7 years)
  • Support communications - up to 24 months

Developers determine retention schedules for data they route or store.

7. Security

We employ industry-standard safeguards including:

  • encryption in transit and at rest
  • confidential compute / hardware-backed secure environments
  • access controls and authentication safeguards
  • continuous monitoring and intrusion detection
  • secure development lifecycle practices

While no online service is completely secure, we take reasonable steps to protect personal information from unauthorised access, misuse, or disclosure.

8. Children’s Privacy

The Services are not intended for children under the minimum age defined by local laws (e.g., 13 in the U.S., 16 in the EU). We do not knowingly collect personal information from children without appropriate consent. Developers building child-directed applications are responsible for ensuring compliance with laws such as COPPA or GDPR-K.

9. Your Rights

Depending on your location, you may have rights to:

  • access personal information
  • request correction or deletion
  • object to processing
  • restrict or limit processing
  • port your data
  • withdraw consent
  • opt out of certain uses (e.g., U.S. state law rights)

Sovereign or User-Controlled Accounts: You may be able to exercise rights directly within your account settings.

Developer-Managed Accounts: If your data was collected through a developer application, please contact that developer directly. We assist developers in fulfilling user requests.

10. HIPAA Disclaimer

Although developers may route health-related data through the Platform, the Platform is designed to support HIPAA-compliant deployments.

Blue Nexus does not act as a HIPAA Business Associate unless a separate Business Associate Agreement (BAA) is expressly agreed in writing between the parties.

Nothing in this Framework constitutes specific HIPAA compliance advice, and the applicability of HIPAA (including whether a BAA is required) must be assessed on a case-by-case basis.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the https://bluenexus.ai/ or via email where required.

12. Contact Us

If you have questions, concerns, or requests, you can contact us at:

BlueNexus Tech Pty Ltd
81–83 Campbell StreetSurry Hills, NSW 2010Australia
Email: legal@bluenexus.ai
Website: https://bluenexus.ai/

Talk to us
Our Blog
Trust & Security

© BlueNexus 2026

The connective layer for personal AI

Legal & Terms