Recomnext Privacy Notice
Last updated: 26 May 2026
This Privacy Notice explains how Nugnics AI Limited, operating under the brand name "Recomnext" ("we", "us", "our"), collects, uses, shares, and protects personal data when you visit our websites, create an account, integrate our SDKs, subscribe to our service, contact us, apply for a job with us, or otherwise interact with us.
It is written to satisfy our obligations under (i) the UK General Data Protection Regulation and the Data Protection Act 2018 ("UK GDPR"), (ii) the EU General Data Protection Regulation 2016/679 ("GDPR"), (iii) the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and (iv) other applicable data-protection laws.
1. Scope of this Notice
1.1 What this Notice covers. This Notice covers personal data that Recomnext processes as a Controller under the UK GDPR / GDPR — that is, where Recomnext decides why and how the data is processed.
Examples include:
- visitors to our websites at https://recomnext.com and related domains;
- developers and administrators who hold a Recomnext account;
- billing, legal, and procurement contacts at customer organisations;
- people who write to us through support, sales, or general inquiry channels;
- subscribers to our marketing communications;
- candidates who apply for jobs with us.
1.2 What this Notice does NOT cover. This Notice does not cover personal data of end-users of our customers (i.e., shoppers, readers, app users whose behavioural data flows through the Recomnext Service when our customers integrate our SDK). For that data, Recomnext acts as a Processor on behalf of our customer, who is the Controller. Processing of that data is governed by the Recomnext Data Processing Addendum (https://recomnext.com/dpa) and by the privacy notice published by the relevant customer.
If you are an end-user of a website or app that uses Recomnext for recommendations, and you have questions about how your data is being used, please contact the operator of that website or app — they are the Controller of your data, not us.
2. Who We Are
Controller: Nugnics AI Limited 71-75 Shelton Street, Covent Garden London, United Kingdom, WC2H 9JQ Company No.: 16866341
General contact: support@recomnext.com Privacy and data-protection contact: legal@recomnext.com
EU and UK Representative (if applicable under Article 27 GDPR): [Name, address, and contact details of EU/UK representative, if appointed]
Data Protection Officer (DPO): [If appointed: name and contact. If not appointed: state "We have not appointed a statutory DPO; data-protection matters are handled by our privacy contact above."]
3. Personal Data We Collect
We collect different categories of personal data depending on how you interact with us.
3.1 Information you provide directly
| Category | Examples | Where collected |
|---|---|---|
| Identity & contact | Name, work email, phone, job title, employer, country | Account sign-up, sales inquiries, contact forms |
| Account credentials | Username, password (hashed), MFA tokens | Account sign-up and login |
| Billing & financial | Billing address, VAT/tax ID, payment-method last-4 and token, invoice history | Subscription checkout, billing portal |
| Service configuration | Workspace name, integration settings, team-member email addresses | Dashboard configuration |
| Support communications | Support tickets, chat transcripts, screenshots, screen recordings you share, call notes | Support email, in-app chat, scheduled calls |
| Marketing preferences | Subscription status, communication preferences, interests | Marketing forms, preference centre |
| Job applications | CV/résumé, cover letter, education and employment history, references, work-authorisation status | Careers page, recruitment platforms |
3.2 Information collected automatically
| Category | Examples | Where collected |
|---|---|---|
| Device & technical | IP address, browser type and version, operating system, device identifiers, language, time zone, referrer URL | Website visits, dashboard usage |
| Usage data | Pages viewed, features used, dashboard actions, time on page, search queries | Website, dashboard, documentation site |
| SDK telemetry | SDK package name, version, runtime environment, error traces, API-key fingerprint, license-acceptance flag value | SDK initialization pings from your applications |
| Cookies & similar | Session cookies, authentication cookies, analytics cookies, preference cookies (see Section 11) | Website, dashboard |
3.3 Information from third parties
| Source | Examples |
|---|---|
| Identity providers (e.g., Google, Microsoft, GitHub SSO) | Name, email, profile photo, identity-provider user ID |
| Payment processors (e.g., Stripe) | Payment status, transaction ID, partial card details |
| Sales intelligence and enrichment (e.g., LinkedIn, Clearbit) | Company information, role, public professional details |
| Background-check providers (for hiring only, with consent) | Employment verification, identity verification |
| Public sources | Company website, government registries, press releases |
3.4 Sensitive personal data. We do not normally collect special-category data (Article 9 UK GDPR / GDPR). Where job applicants voluntarily disclose health, disability, or other sensitive information (for example, to request reasonable accommodation), we process it only for that purpose and with appropriate safeguards.
4. How We Use Your Personal Data
We process personal data for the purposes set out below. The legal basis under UK GDPR / GDPR appears in the right-hand column.
| Purpose | Categories of data | Legal basis (GDPR/UK GDPR) |
|---|---|---|
| Providing the Recomnext Service to account holders | Identity, account credentials, configuration | Performance of a contract (Art. 6(1)(b)) |
| Authenticating users and protecting accounts | Identity, device, credentials, cookies | Performance of contract; legitimate interest in security (Art. 6(1)(f)) |
| Billing, invoicing, and tax compliance | Billing, financial, identity | Performance of contract; legal obligation (Art. 6(1)(c)) |
| Responding to support and inquiries | Identity, support communications | Performance of contract; legitimate interest in serving inquiries |
| Improving the Service and developing new features | Usage, SDK telemetry, support feedback | Legitimate interest in improving our products (Art. 6(1)(f)) |
| Monitoring license compliance | SDK telemetry, account, usage | Legitimate interest in protecting our intellectual property (Art. 6(1)(f)); performance of contract |
| Sending service emails (security, billing, policy changes) | Identity, account | Performance of contract; legal obligation |
| Sending marketing communications | Identity, marketing preferences, usage | Consent (Art. 6(1)(a)) or legitimate interest in marketing to existing business customers (subject to opt-out) |
| Securing our systems and detecting fraud | Device, usage, SDK telemetry | Legitimate interest in security; legal obligation |
| Recruiting and assessing candidates | Job application data | Pre-contractual steps; consent for background checks |
| Complying with legal obligations | Any | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising, or defending legal claims | Any | Legitimate interest; legal obligation |
We do not use personal data for automated decision-making producing legal or similarly significant effects on individuals (Article 22 GDPR).
5. Who We Share Personal Data With
We share personal data with the following categories of recipients, in each case under appropriate contractual and security safeguards:
5.1 Group companies. Nugnics AI Limited is part of a corporate group that includes affiliated entities. Where group companies provide shared services (engineering, support, finance, legal), personal data may be shared between them under intra-group data-sharing arrangements. [A list of group entities is available on request.]
5.2 Service providers (sub-processors). We use third-party service providers to operate the Recomnext Service and our business — for example, cloud hosting, managed databases, email delivery, payment processing, customer support tooling, analytics, and observability. A current list of sub-processors used for the Recomnext Service is at https://recomnext.com/subprocessors.
5.3 Professional advisers. Lawyers, accountants, auditors, and consultants, where necessary for legal, financial, or compliance purposes.
5.4 Authorities. Courts, regulators, law-enforcement agencies, and other public authorities, where required by law, court order, or regulatory request — and where we are not legally prohibited from doing so, we will notify you before complying.
5.5 Business transactions. Counterparties and their advisers in connection with a corporate transaction such as a merger, acquisition, financing, restructuring, sale of assets, or bankruptcy. We will require recipients to honour the privacy commitments in this Notice.
5.6 With your consent. Any other recipient where you have given us your consent or otherwise directed us to share your data.
We do not sell personal data, and we do not "share" personal data for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.
6. International Transfers
Recomnext is headquartered in the United Kingdom and may transfer personal data to, and process it in, jurisdictions outside your country of residence, including the locations of our cloud providers (which may include the EEA, the United Kingdom, and the United States).
Where personal data is transferred from the EEA, the UK, or Switzerland to a country not recognised as providing an adequate level of protection, we rely on:
- the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, for UK transfers, the UK International Data Transfer Addendum (and the UK Addendum to the EU SCCs) issued under the UK GDPR;
- supplementary technical, organisational, and contractual measures where necessary;
- in limited cases, your explicit consent or other derogations under Article 49 UK GDPR / GDPR.
You may request a copy of the transfer mechanism applicable to your data by emailing legal@recomnext.com.
7. How Long We Keep Personal Data
We keep personal data only as long as necessary for the purposes for which it was collected, and to comply with our legal, tax, accounting, and dispute-resolution obligations. Indicative retention periods:
| Category | Retention |
|---|---|
| Account data | While the account is active, plus 12 months after closure for support and audit |
| Billing and tax records | At least 6 years under the UK Companies Act 2006 and HMRC/VAT/tax-law requirements; longer where required by other tax authorities |
| Support tickets and communications | 3 years from closure |
| Marketing-list data | Until you unsubscribe, or 2 years of inactivity, whichever is earlier |
| Website analytics | 14 months from collection |
| Job applications (unsuccessful) | 12 months from decision, longer with consent for future opportunities |
| Security logs | 12 months, longer for confirmed-incident records |
| SDK telemetry | 24 months |
| Backups | Rolling 180-day cycle |
After expiry of the retention period, we delete or anonymise the personal data, except where retention is required by applicable law.
8. How We Protect Personal Data
We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures include encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls with multi-factor authentication, network segmentation, security monitoring, vulnerability and penetration testing, employee training, vendor due diligence, and a documented incident-response plan.
A more detailed description of measures applicable to Customer Personal Data is set out in Annex 3 of our Data Processing Addendum at https://recomnext.com/dpa.
No system is perfectly secure. If we become aware of a personal data breach that affects you, we will notify you and any required regulator without undue delay and in accordance with applicable law.
9. Your Rights
Depending on the law that applies to you, you have some or all of the following rights with respect to your personal data.
9.1 Rights available under UK GDPR / GDPR:
- Access — obtain confirmation that we process your personal data and a copy of it.
- Rectification — have inaccurate or incomplete personal data corrected.
- Erasure — request deletion of your personal data, subject to legal retention requirements.
- Restriction — request that we restrict processing in certain circumstances.
- Portability — receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller.
- Objection — object to processing based on our legitimate interests, including profiling, and to direct-marketing processing.
- Withdraw consent — where processing is based on your consent, withdraw that consent at any time (without affecting prior lawful processing).
- Complain — lodge a complaint with a supervisory authority (see Section 9.3).
9.2 Rights available under CCPA/CPRA (California residents):
- Right to know what personal information we have collected, the sources, purposes, and categories of recipients.
- Right to delete personal information, subject to legal exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising — although as noted, we do not sell or share personal information as defined under the CCPA/CPRA.
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising any of these rights.
- An authorised agent may submit a request on your behalf.
9.3 How to exercise your rights. Send a request to legal@recomnext.com with enough information for us to identify you and your request. We will respond within the time required by applicable law (one month under UK GDPR/GDPR; forty-five days under CCPA/CPRA, extendable as permitted). We may need to verify your identity before acting on the request.
9.4 Supervisory authorities. If you are in the UK, you may lodge a complaint with the Information Commissioner's Office (https://ico.org.uk). If you are in the EEA, you may lodge a complaint with your national data-protection authority. We would, however, appreciate the chance to address your concerns directly before you contact a regulator.
10. Children's Personal Data
The Recomnext Service is intended for businesses, not for individuals under the age of 18. We do not knowingly collect personal data of children. Under the UK GDPR / GDPR, processing of children's personal data is subject to additional restrictions; we do not process such data as a Controller. If you believe we may have collected personal data of a child, please contact legal@recomnext.com.
11. Cookies and Similar Technologies
Our websites and dashboard use cookies and similar technologies to operate, secure, and improve our services. The categories of cookies we use:
| Category | Purpose | Consent |
|---|---|---|
| Strictly necessary | Authentication, security, session continuity, load balancing | No consent required |
| Functional | Remember preferences (language, layout) | Consent in jurisdictions that require it |
| Analytics | Understand how visitors use our sites (e.g., aggregate page views) | Consent in jurisdictions that require it |
| Marketing | Measure marketing-campaign effectiveness | Consent (opt-in) |
You can manage cookie preferences through the cookie banner on our websites and through your browser settings. Blocking strictly-necessary cookies may break the Service.
A full, up-to-date list of cookies and their durations is available in the cookie-preferences centre at https://recomnext.com/cookies.
12. Marketing
We may send you marketing communications about Recomnext products, features, events, and content. We rely on your consent where required, and otherwise on our legitimate interest in marketing to existing business customers. You may opt out at any time by clicking the unsubscribe link in any marketing email, or by emailing legal@recomnext.com. Opting out of marketing does not stop service-related communications (billing, security, policy changes) that we are required to send.
13. Changes to This Notice
We may update this Notice from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will provide additional notice (for example, an email or in-product notification) where feasible. Your continued use of our services after a change takes effect indicates your acknowledgement of the updated Notice; where the change requires fresh consent under applicable law, we will obtain it.
A version history of this Notice is available at https://recomnext.com/privacy/history.
14. Contact Us
Questions about this Notice, your personal data, or your rights:
Email: legal@recomnext.com Post: Nugnics AI Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
We aim to respond to all inquiries promptly and within the time required by applicable law.
© 2026 Nugnics AI Limited. All rights reserved.