Legal

Privacy Policy

This Privacy Policy describes how Nolixan handles information for teams that connect production AI agents to real tools with scoped credentials, policy gates, approvals, and audit trails.

Effective date: June 2, 2026

1. Scope of This Privacy Policy

This Privacy Policy explains how Nolixan collects, uses, protects, and retains information when organizations use Nolixan to govern production AI agents. Nolixan provides a control plane between agents and the apps, APIs, MCP servers, databases, webhooks, private tools, and business systems those agents are authorized to use.

This policy applies to the Nolixan website, hosted application, APIs, MCP gateway, SDKs, tool registry, OAuth and API-key broker, policy engine, approval workflows, execution runtime, audit traces, private connectors, and support interactions. Third-party systems connected through Nolixan, such as Slack, Google Workspace, GitHub, Salesforce, HubSpot, Notion, Jira, Stripe, Postgres, internal APIs, and other providers, remain governed by their own terms and privacy practices.

2. Information We Collect

We collect information that customers provide directly, information generated through use of the platform, and limited information received from connected services that a customer authorizes.

  • Account and workspace information, including name, business email address, organization name, role, team membership, workspace ID, environment ID, billing tier, authentication identifiers, password reset metadata, and account security settings.
  • SSO, OAuth, and identity-provider payloads from services customers authorize, including Google Workspace and other configured providers. These payloads may include verified email address, provider account ID, display name, avatar URL, organization claims, token issuance metadata, OAuth scopes, refresh state, and authorization grant status.
  • Credential and secret metadata needed to broker access safely, including provider name, tool name, permission scope, token status, expiration time, refresh outcome, credential owner, and encrypted credential references. Nolixan is designed so credentials are not stored in prompts and are injected only at call time for authorized requests.
  • Agent, SDK, MCP, and API usage data, including agent token ID, allowed tools, MCP initialize requests, tools.list requests, tools.call invocations, JSON-Schema validation results, REST and SDK request metadata, cURL/API usage metadata, and framework context supplied by customers, such as OpenAI Assistants, LangChain, CrewAI, Claude, custom agents, or MCP clients.
  • Tool invocation and execution data, including actor, workspace, environment, provider, tool name, operation type, risk classification, policy decision, approval status, arguments hash, execution timing, idempotency key, response status, error messages, and delivery status for webhooks or events.
  • Approval workflow data, including approver identity, approval or denial decision, timestamp, approval URL metadata, Slack or web approval channel metadata, and resumable execution state.
  • Connector and integration configuration, including tool manifests, JSON Schema definitions, provider IDs, org-scoped private connector settings, generic HTTP connector metadata, webhook endpoints, verified signature status, and idempotent delivery records.
  • Repository or engineering-system metadata only when customers connect tools such as GitHub, Jira, CI systems, or internal engineering APIs. Depending on the customer configuration, this may include issue identifiers, pull request metadata, branch names, commit identifiers, file paths, ticket summaries, or read-replica query metadata used by an authorized agent workflow.
  • Operational logs and security telemetry, including login attempts, session refresh events, JWT or session assertion checks, API request metadata, rate-limit events, policy evaluation logs, administrative changes, incident diagnostics, and platform reliability metrics.
  • Support and communications data, including messages sent to Nolixan, issue reports, security inquiries, feature requests, demo requests, and account administration correspondence.

3. How We Use Information

Nolixan uses collected information to operate, secure, improve, and support the platform and to deliver the services requested by customers.

  • Authenticate users, administer workspaces, enforce organization roles and teams, and verify agent, user, workspace, and environment context before a tool is exposed or invoked.
  • Broker OAuth grants, API keys, and scoped credentials so authorized agents can access tools without placing secrets in prompts, model context, scripts, or unmanaged logs.
  • Resolve tools through the tool registry, validate tool schemas, expose governed tools through MCP, and provide SDK and API responses that include execution status.
  • Evaluate policy rules before execution, including allow, deny, and require-approval decisions for reads, writes, destructive operations, payments, CRM updates, database actions, private API calls, and other customer-defined workflows.
  • Route risky actions through human-in-the-loop approvals and resume, deny, or stop execution based on the customer organization's configured policy.
  • Generate an append-only audit log of tool invocations and customer-visible histories showing actor, tool, credential reference, policy decision, arguments hash, and outcome.
  • Detect configuration drift, over-scoped credentials, unexpected tool exposure, risky write access, missing approval gates, unusual execution patterns, and session or token anomalies.
  • Operate, debug, secure, rate-limit, and improve the service, including multi-tenant execution, idempotent delivery, abuse prevention, customer support, billing administration, legal compliance, and incident response.

4. Connected Systems, Tool Calls, and Customer Content

Customers control which agents, tools, identity providers, business systems, databases, APIs, MCP servers, webhooks, and private connectors are connected to Nolixan. Nolixan processes connected-system data as instructed by the customer, as required to provide governed execution, or as necessary to maintain security, reliability, and legal compliance.

Customers are responsible for ensuring that their agents, integrations, credentials, tools, repositories, databases, internal APIs, and environments are within their administrative control and may lawfully be connected to Nolixan.

5. Data Retention and Deletion

We retain account, workspace, credential metadata, audit log, approval, operational, and billing records for as long as needed to provide the service, satisfy legitimate business purposes, comply with legal obligations, resolve disputes, and enforce agreements. Audit logs are append-only and retained for as long as the account is active; defined retention periods may be agreed separately in an enterprise agreement.

Customers may request deletion of account data, connected-system metadata, tool configuration, private connector metadata, and eligible audit data by contacting us. Some records may be retained for a limited period when required for security, fraud prevention, tax, legal, backup, regulatory, or compliance reasons.

6. Data Security, Isolation, and Credential Protection

Nolixan applies administrative, technical, and organizational safeguards designed to protect customer information. These safeguards include encryption in transit, AES-256-GCM encryption at rest for stored credentials, OAuth tokens, and API keys, tenant-scoped execution, environment-scoped data boundaries, least-privilege access controls, append-only audit logging, rate limiting, idempotent execution, and secure software development practices.

Tokens, API keys, OAuth refresh tokens, secrets, session identifiers, and credential-like values are masked, redacted, encrypted, or stored using protected handling protocols where technically feasible. Nolixan is designed to broker credentials and inject them at call time rather than exposing them in model prompts, agent context, or unmanaged scripts.

Nolixan separates tenant environments so one tenant cannot intentionally read or act on another tenant's data. Enterprise deployments may support VPC or on-premises configurations so secrets and operational data remain within the customer's selected boundary, subject to the applicable agreement and deployment architecture.

No system is perfectly secure. Customers should use strong SSO policies, rotate credentials, review OAuth scopes, maintain least-privilege tool permissions, configure approval policies, review audit history, and avoid connecting systems or submitting data that are not necessary for governed agent execution.

7. Subprocessors and Third-Party Services

We use the following subprocessors to provide the service. These providers are permitted to process information only as needed to provide services to Nolixan and are subject to confidentiality and security obligations.

  • Google Firebase — authentication.
  • Stripe — billing and payment processing.
  • Mailgun — transactional email, such as team invitations.
  • Amazon Web Services (AWS) — cloud hosting and infrastructure.
  • Sentry — error monitoring, used only when enabled.

When a customer connects a third-party identity provider, SaaS application, source control provider, database, MCP server, webhook, internal API, or private connector, Nolixan receives only the information authorized by the customer or required by the integration, policy, approval, execution, and audit workflow.

8. Compliance, Legal Requests, and Enterprise Controls

We may disclose information when required by law, subpoena, court order, regulatory request, or to protect the rights, safety, and security of Nolixan, our customers, or the public. Enterprise customers may have additional data protection, retention, regional hosting, or audit terms in a separate written agreement.

9. Your Choices

Authorized administrators may update account information, manage team access, and disconnect integrations. Users may contact Nolixan to request access, correction, export, or deletion of personal information, subject to authentication and applicable law.

10. Contact

Questions about this Privacy Policy, data processing, or security practices may be sent to privacy@nolixan.dev. Security reports may be sent to security@nolixan.dev.

This policy is intended to describe Nolixan's platform practices for commercial customers. It is not a substitute for a negotiated data processing agreement or enterprise security addendum.