Privacy, Security & Governance
Last updated: February 2026
Security & Compliance Framework
NexBies is engineered on a high-density security foundation that aligns with global governance standards to protect organizational metadata.
ISO 27001 Platform Foundation
Hosted on Google Cloud Platform (GCP), NexBies inherits world-class security certifications including ISO 27001, SOC 2, and HIPAA-ready infrastructure.
Zero-Trust Multi-Tenant Isolation
Strict Firestore Security Rules ensure that data is siloed at the infrastructure layer. Tenants exist in absolute isolation with zero cross-talk between organizational databases.
Audit Audit Non-Repudiation
Every data mutation is captured in an immutable ledger with From → To granularity, including user identity, timestamps, and origin IP addresses.
Bot & AI Defense (App Check)
We utilize Firebase App Check with reCAPTCHA Enterprise to ensure that only authorized human interaction and official application code can interact with our API.
1. Overview & Beta Status
NexBies ("we," "us," or "our") is a multi-tenant SaaS foundation owned and operated by **Hope Max**. NexBies is currently in **Version 1.0 (Beta)** and is committed to audit transparency regarding data storage and user tracking.
2. Infrastructure Isolation
Our platform is hosted by **Google Firebase (GCP)**. All data is siloed within private tenant spaces. We do not sell or trade your data. All communication is encrypted in transit via TLS 1.3 and at rest using AES-256.
3. Audit Data Inventory
To provide absolute transparency, the following tables define exactly what data is stored based on your privacy selection.
Scenario A: Essential Only
| Data Point | Storage Location | Purpose |
|---|---|---|
| nexbies-cookie-consent | Local Storage | Records your privacy preference. |
| firebase:authUser:... | Local Storage | Secure session token for authenticated access. |
| Member Record | Cloud (Firestore) | Your identity in the organization directory. |
| Audit Logs | Cloud (Firestore) | Audit ledger of system mutations. |
Scenario B: Accept All (Incremental)
| Data Point | Storage Location | Purpose |
|---|---|---|
| _ga, _ga_* | Browser Cookies | Google Analytics unique client identifier (2yr retention). |
| _gid | Browser Cookies | Google Analytics session identifier (24hr retention). |
| Conversion Events | Network Request | Tracking signup success for marketing attribution. |
4. Data Collection & Use
We collect information that you provide directly (e.g., identity attributes, residential addresses). This data is used solely for organization management. We strictly enforce a **Data Minimization** policy, collecting only what is required for functional directory governance.
5. Data Loss Responsibility
Stewardship Protocol
NexBies provides tools for directory management but does not take responsibility for data loss. While we provide a 30-day Recycle Bin, Organization Administrators are responsible for independent data backups. We recommend regular audit exports via our CSV tools.
6. Contact & Legal
For legal inquiries, security disclosures, or Beta feedback, please contact us at **support@nexbies.com**. NexBies is operated by Hope Max, a registered Nonprofit Organization (ABN: 32 326 397 838).