Last updated: 4/12/2026
NexusOS is an integrated operational workspace designed to connect documents, projects, teams and costs into a single intelligent environment.
It helps organisations reduce fragmentation, improve coordination and move faster from idea to execution.
This Privacy Policy describes how personal data is collected and processed in relation to NexusOS (the "Service"), our integrated operational workspace software.
The data controller is:
Cosmic Brokkoli UAB
J. Savickio g. 4-7, LT-01108 Vilnius
Email: info@cosmicbrokkoli.com
("Cosmic Brokkoli", "we", "us", or "our").
This Privacy Policy applies to users and organisations using NexusOS and explains:
what personal data we collect
how and why we process it
the legal basis for processing
how long we retain it
your rights under the GDPR
We may collect and process the following categories of personal data.
3.1 Data Provided by the User or Organisation
Account and profile information (e.g. name, email address, role, organisation name).
Workspace content you or your organisation uploads or creates in NexusOS (e.g. documents, project records, team information, cost or financial data you choose to enter).
Communications you send to us (e.g. support requests).
3.2 Usage Data
Interaction data (features used, clicks, session activity).
Device and technical information (device type, browser, OS, app or client version).
Log data (IP address, timestamps, diagnostics).
3.3 Payment Data (if applicable)
Transaction-related data (e.g. subscription or billing status).
Payment details are processed by third-party payment providers and are not stored directly by us.
We process personal data for the following purposes.
Where required, we will request your explicit consent (Art. 6(1)(a) GDPR).
| Purpose | Legal basis |
|---|---|
| Account and organisation management | Contract (Art. 6(1)(b) GDPR) |
| Provision of NexusOS features | Contract (Art. 6(1)(b)) |
| Customer support | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
We may share personal data with service providers (e.g. cloud hosting, analytics, infrastructure providers), payment processors (where applicable), and public authorities where required by law.
All third parties are contractually bound to process data in compliance with GDPR.
If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) and transfers to countries with adequacy decisions.
We retain personal data only for as long as necessary: for the duration of the account or contract, to provide the Service, and as required by law (e.g. accounting or tax obligations).
Users and organisations may request deletion of accounts and associated personal data where contractually and technically possible.
Deletion can be requested through the Service or by contacting: info@cosmicbrokkoli.com.
Upon a valid request, personal data will be erased without undue delay, except for data that must be retained to comply with legal obligations (e.g. financial or tax records).
Such retained data will be limited to what is strictly necessary, stored securely, and used only for compliance purposes.
We implement appropriate technical and organisational measures to protect personal data, including encryption (in transit and at rest where applicable), access control and authentication mechanisms, and monitoring/logging systems.
Under the GDPR, you have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (where applicable).
To exercise your rights, contact: info@cosmicbrokkoli.com.
You have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, your place of work, or the place of the alleged infringement.
NexusOS is a business-oriented service and is not intended for individuals under the age of 16 (or applicable local age). We do not knowingly collect data from children without appropriate consent.
We may update this Privacy Policy from time to time. Changes will be published on this page and, where appropriate, communicated within the Service.
For any questions regarding this Privacy Policy or data protection:
Cosmic Brokkoli UAB
Email: info@cosmicbrokkoli.com