Privacy & Cookies Notice
Last updated: 5 August 2025
Important: This notice explains how Nubo Software Ltd. ("Nubo", "we", "our") collects, uses, shares, and protects personal data when you interact with nubo.co, nubosoftware.com, the Nubo AI Agents SaaS platform, and any endpoint or server agents that report to it. It also describes how we use cookies and similar tracking technologies and how you can control them. This notice is for transparency only and is not legal advice.
1. Who we are
Nubo Software Ltd. is an Israeli-registered company (Reg. No. 514643097) with its principal place of business at 8 Ariel Sharon St., Building A, 3rd Floor, Or Yehuda, Israel. We act as:
| Context | GDPR role* |
|---|---|
| Website analytics, marketing, sales CRM | Controller |
| SaaS console & agent telemetry processed on behalf of customers | Processor |
*Roles are defined in Regulation (EU) 2016/679 ("GDPR") and the UK GDPR.
We have appointed a Data Protection Officer (DPO). Contact details are in § 12. Where legally required, we will appoint EU/UK Representatives and publish their details on our Legal Center once confirmed.
2. Scope of this notice
This notice applies to:
- Visitors to nubo.co and nubosoftware.com
- Prospects using live demos, trials, or downloading installers
- End-users whose data is processed by Nubo AI Agents acting for business customers
It does not cover customer-generated content that customers themselves upload or configure inside the platform.
3. What data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, business email, job title, password hash | You / employer |
| Device & usage data | IP address, browser type, referrer URL, agent heartbeat logs | Automatically |
| Telemetry from AI Agents | Screen-context labels, file metadata, behavioural signals (full screenshots only if a customer enables that option) | Endpoint agents |
| Marketing interactions | Demo requests, white-paper downloads, cookies | You / website |
We do not intentionally collect special-category data or children's data.
4. Why and how we use personal data
| Purpose | Typical activities | GDPR legal basis* |
|---|---|---|
| Provide, secure & maintain the SaaS | Authenticate users, deliver features, prevent fraud | Contract – Art. 6 (1)(b) |
| Improve & debug services, train/validate AI models | Error logs, performance metrics, bias testing | Legitimate interests – Art. 6 (1)(f) |
| Send direct marketing emails | Product updates, event invites | Consent (or soft opt-in where allowed) |
| Comply with legal requests & bookkeeping | Court orders, tax law, sanctions screening | Legal obligation – Art. 6 (1)(c) |
*Articles refer to the GDPR's lawful bases for processing personal data.
4.1 Automated decision-making & AI
The Analyst Agent may algorithmically rate behaviour as risky. Human security analysts review all high-risk flags before action is taken. You may request human intervention or contest any outcome.
5. Cookies & similar technologies
| Type | Purpose | Typical lifespan |
|---|---|---|
| Essential | Site security, load balancing, session authentication | Session |
| Analytics | Understand page flows, feature adoption (first-party only) | ≤ 13 months |
| Marketing | Show targeted ads on third-party networks (enabled only with consent) | ≤ 6 months |
A banner appears on your first visit in regions where consent is required. You can change settings anytime via the Cookie Preference Center link in the footer or through supported browser signals such as Global Privacy Control (GPC).
6. Sharing & international transfers
- We use carefully-vetted sub-processors (e.g., major cloud providers in the EU or US) listed at /legal/compliance/subprocessors.
- International transfers outside the EEA/UK rely on Standard Contractual Clauses (EU 2021/914) and the UK International Data-Transfer Addendum, or an adequacy decision.
- We do not sell personal data.
7. Security
Controls include TLS 1.3 in transit, AES-256 at rest, least-privilege IAM, continuous vulnerability scanning, and annual penetration testing. A detailed overview is available in our Security White-Paper.
8. Data retention
| Data set | Default retention |
|---|---|
| Website analytics | 24 months rolling window |
| SaaS logs & agent telemetry | Customer-configurable (default 365 days) |
| Marketing contact lists | Until opt-out or 24 months of inactivity |
9. Your rights
| Region | Core rights (summary) |
|---|---|
| EEA & UK | Access, rectification, erasure, restriction, portability, objection, lodge complaint |
| California (CPRA) | Know, delete, correct, opt-out of sale/share, limit sensitive PI |
| Colorado, Virginia, Connecticut, Utah | Comparable rights; request via webform |
Submit requests via privacy@nubosoftware.com or postal mail (see § 12). We will verify identity and respond within 30 days (45 days for CPRA).
10. Children's data
Our services are not directed to children under 16. We do not knowingly process children's personal data.
11. Changes to this notice
We may update this notice to reflect legal or operational changes. Material changes will be announced in-product or by email 30 days in advance. Previous versions are archived at /legal/archives.
12. Contact us
- Email (privacy): privacy@nubosoftware.com
- Data Protection Officer (EMEA): dpo@nubosoftware.com
- Postal: Nubo Software Ltd., 8 Ariel Sharon St., Bldg A, 3rd Floor, Or Yehuda, Israel
- EU/UK Representatives: Details will be published once appointed, as required by Article 27 GDPR/UK GDPR.
© 2025 Nubo Software Ltd. "Security AI Agents" and "Nubo AI Agents" are trademarks of Nubo Software Ltd. All rights reserved.