NEXORA Systems
Privacy Policy and AML
This document explains how we process personal data and apply anti-money laundering (AML) rules when you use nexora-cloud.net, the client area, and NEXORA Systems IT services.
Last updated: 17 May 2026
1. General provisions
1.1. This Privacy Policy (the “Policy”) describes how personal data is processed when you use https://nexora-cloud.net/ and related NEXORA Systems services (the “Service”, “we”, “us”).
1.2. By using the Service, submitting a request, registering an account, or paying for services, you confirm that you have read this Policy. If you do not agree, please do not use the Service.
1.3. We process personal data lawfully, fairly, transparently, and only to the extent necessary for the stated purposes.
2. Data controller and contacts
2.1. The data controller for the Service is NEXORA Systems.
2.2. For privacy requests, exercising your rights, or withdrawing consent, contact us via:
- website: https://nexora-cloud.net/contacts.php
- Telegram: https://t.me/nexorasyst
- email (if provided in your contract or invoice): the support address stated in your service documents.
2.3. We aim to respond within a reasonable time, typically within 30 calendar days unless applicable law requires otherwise.
3. Data we process
3.1. Depending on how you interact with the Service, we may process:
- identity data: name, login, company name, account type;
- contact data: Telegram username, email, recovery email, address (if provided in profile);
- account data: notification settings, linked Telegram chat ID, two-factor authentication status;
- financial data: transaction amounts, top-up and charge history, payment status, blockchain transaction hashes, crypto payment parameters (network, address, crypto amount);
- service data: Remote Desktop, VPN, website, CRM, email and other orders; request descriptions and statuses;
- technical data: IP address, user-agent, request timestamps, cookies, session data, security logs;
- communications: contact form messages, support requests, Telegram notifications content.
3.2. We do not request special categories of personal data (such as health or biometric data) unless explicitly required for a specific service and agreed with you separately.
3.3. You provide data voluntarily; however, without certain mandatory data we cannot register an account, accept payment, or deliver the service.
4. Sources of data
- directly from you — registration, profile, requests, payments, support;
- automatically — when visiting the website or client area (technical logs, cookies, sessions);
- from payment and blockchain networks — when confirming crypto payments (transaction hash, amount, time);
- from integrations — e.g. Telegram when linking your account and delivering notifications.
5. Purposes and legal bases
5.1. We process personal data to:
- register, authenticate, and administer accounts;
- enter into and perform IT service contracts, invoicing, and payment accounting;
- provision and support infrastructure (remote desktops, VPN, websites, CRM, backups, GPU environments, etc.);
- handle website requests and project communication;
- send service notifications (service status, security, billing), including via Telegram if enabled;
- ensure Service security and prevent fraud or abuse;
- maintain accounting and operational records;
- improve the Service and analyze traffic (aggregated or anonymized where possible).
5.2. Legal bases may include contract performance, your consent, legitimate interests (e.g. security), and legal obligations.
6. Cookies and similar technologies
6.1. The website uses cookies and browser local storage to:
- maintain authenticated sessions in the client area;
- store your interface language (nexora_lang cookie);
- store theme preference (light/dark) where applicable;
- support security and proper form operation.
6.2. You may restrict or delete cookies in your browser. Disabling essential cookies may prevent login.
6.3. If third-party analytics (e.g. Google Analytics) is enabled, we will update this Policy and request consent where required.
7. Sharing with third parties
7.1. We do not sell personal data. Sharing occurs only when necessary to operate the Service:
- hosting providers and data centers — website, databases, and infrastructure;
- payment and blockchain networks — crypto payment processing (transaction data is public on the relevant network);
- Telegram — notifications and two-factor authentication when you link your account;
- contractors and partners — under confidentiality obligations and only as needed.
7.2. For international transfers, we take reasonable measures to ensure an adequate level of protection under applicable law.
8. Retention periods
- account data — for the life of the account and up to 3 years after closure unless law requires longer retention;
- financial records — as required by tax and accounting law (typically at least 3–5 years);
- website requests — until processed and for the project communication period;
- technical logs — usually up to 12 months unless needed for security incident investigation;
- session cookies — until the session ends or the cookie expires.
8.1. After retention periods expire, data is deleted or anonymized unless law requires otherwise.
9. Security measures
9.1. We apply organizational and technical safeguards, including:
- role-based access control (user / admin);
- HTTPS/TLS for data in transit;
- backups of critical data;
- security monitoring and incident response;
- need-to-know access for staff and contractors.
9.2. No internet transmission or storage method is 100% secure. We maintain protection appropriate to the nature of the data processed.
10. Your rights
10.1. Depending on applicable law (including GDPR for EU/EEA residents), you may have the right to:
- confirm processing and obtain a copy of your data;
- rectify inaccurate data via your profile or support;
- erasure where there is no lawful basis to continue processing;
- restrict processing or object in certain cases;
- withdraw consent where processing is consent-based;
- data portability where applicable;
- lodge a complaint with a supervisory authority.
10.2. To exercise your rights, contact us using section 2. We may request identity verification to prevent unauthorized access.
11. Children’s data
11.1. The Service is intended for users aged 18+ (or the age of legal capacity in your jurisdiction). We do not knowingly collect children’s personal data. If you believe a child has provided data to us, please notify us and we will take steps to delete it.
12. Automated decision-making
12.1. We do not make decisions with significant legal effects solely through automated processing without human involvement. Automated checks may be used for security (e.g. suspicious logins or payments).
13. Changes to this Policy
13.1. We may update this Policy. The current version is always available on this page with the update date.
13.2. For material changes, we may notify you via the website, client area, email, or Telegram. Continued use after publication means acceptance of the updated Policy where permitted by law.
14. Final provisions (privacy)
14.1. The personal data sections are governed by the law specified in your client contract or, if none, the law of the operator’s country of registration/main activity, subject to mandatory data protection rules in your country of residence.
14.2. If any provision is invalid, the remaining provisions remain in effect.
15. AML Policy: general
15.1. NEXORA Systems follows principles of anti-money laundering, counter-terrorist financing, and prevention of other illicit financial activity (collectively, “AML”).
15.2. This section sets rules for using the Service, topping up balance, paying for services, and interacting with clients. The goal is to reduce the risk of misuse of infrastructure and payment tools.
15.3. By registering, topping up, or paying for services, you confirm that you act on your own behalf (or are authorized to represent an organization) and that funds have a lawful origin.
16. Customer identification and verification
16.1. We may request additional information to identify the client and confirm the lawfulness of operations, including:
- proof of identity or authority to represent a company;
- company details and beneficial owners (for corporate accounts);
- source of funds and purpose of payment;
- documents relating to a specific transaction or service.
16.2. Until verification is complete, we may restrict certain features: top-ups, withdrawals, service activation, or infrastructure access.
16.3. Refusal to provide requested information where there are reasonable suspicions may be grounds to refuse service or terminate the contract.
17. Prohibited operations and restrictions
17.1. You must not use the Service for:
- money laundering, concealing illicit proceeds, or evading lawful obligations;
- terrorist financing, fraud, unauthorized access, malware distribution, or other unlawful activity;
- circumventing sanctions where applicable to you or the transaction;
- structuring payments to conceal their nature or source;
- using third-party payment means without the owner’s permission;
- hosting content or services that violate third-party rights or applicable law.
17.2. We do not accept payments or support operations where there are reasonable grounds to believe they relate to prohibited activity.
17.3. Crypto top-ups are confirmed via blockchain data; you must send funds only to the address and network shown in the payment interface, in the stated amount and within the allowed time.
18. Transaction monitoring and response measures
18.1. We review Service operations (top-ups, charges, service orders, status changes) to detect unusual or risky activity.
18.2. If suspicious activity is identified, we may:
- suspend or reject a payment;
- freeze balance or access to services pending review;
- request additional documents and explanations;
- cancel an operation and return funds to the source where technically possible and appropriate;
- terminate account service if a violation is confirmed.
18.3. Decisions are made using internal risk assessment procedures. Where possible, we notify the client of review status via the client area, email, or Telegram.
19. AML data retention and policy updates
19.1. Data related to reviews and operations (including payment history, identification results, and compliance correspondence) is retained for periods required for accounting, protection of rights, and compliance with applicable law.
19.2. We may update the AML section as the Service, legislation, or internal procedures evolve. The current version is published on this page.
19.3. For AML and compliance questions, contact us using the details in section 2.
20. Final provisions
20.1. By using https://nexora-cloud.net/, you confirm that you have read this document, including the privacy policy and AML policy.
20.2. Continued use after publication of changes means acceptance of the updated version where permitted by applicable law.