← Back
O
Optimal Nexus

Privacy Policy

Last updated: 22 April 2026

1. Who we are

Optimal Nexus Ltd ("we", "us", "our") operates the ONX platform. We are the data controller for personal data collected through our website and platform. For questions about this policy, contact us at compliance@optimalnexus.com.

2. Data we collect

Account data

Name, email address, company name, and billing information collected when you sign up.

Usage data

Log data, feature interactions, and session information to operate and improve the Service.

B2B contact data

Business contact information (names, job titles, company email addresses, LinkedIn profiles) sourced from publicly available information and third-party enrichment providers. This data relates to individuals in their professional capacity and is processed solely for B2B prospecting.

3. How we use your data

  • Providing the Service — account management, billing, and feature delivery.
  • Legitimate interests — improving the platform, preventing fraud, and ensuring security.
  • Legal obligation — compliance with UK GDPR, PECR, and other applicable laws.
  • Consent — marketing communications, where you have opted in.

4. B2B data and GDPR

Contact enrichment data is processed under the lawful basis of legitimate interests for B2B marketing purposes, consistent with Recital 47 of the GDPR. We apply strict data minimisation: only professional contact details relevant to a business context are stored, and all contact records expire automatically (default 12 months).

We maintain a suppression list. Any contact who opts out of communication is immediately suppressed and will not appear in future discovery results.

5. Data retention

  • Account data — retained while your account is active, then 30 days after deletion request.
  • B2B contact records — 12 months from discovery date, then automatically deleted.
  • Billing records — 7 years (legal requirement).
  • Audit logs — 24 months.

6. Who we share data with

We do not sell personal data. We share data only with:

  • Supabase — database and authentication infrastructure (EU region).
  • Stripe — payment processing.
  • Vercel — hosting and edge delivery.
  • n8n — workflow automation for discovery pipelines.
  • Sentry — error monitoring (anonymised where possible).

All processors are GDPR-compliant and operate under Data Processing Agreements.

7. International transfers

Some of our processors operate outside the UK/EEA. Where data is transferred, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

8. Your rights

Under UK GDPR and EU GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — restrict how we use your data in certain circumstances.

To exercise any right, email compliance@optimalnexus.com or use the Data & Privacy controls in your account settings. We respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Cookies

We use essential session cookies required for authentication. We do not use third-party advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or an in-app notice at least 14 days before taking effect.

11. Contact

Data protection enquiries: compliance@optimalnexus.com

© 2026 Optimal Nexus Ltd · Terms of Service · Privacy Policy