search

Data Protection & Data Footprint

Licensing and Billing Communication

Once per day, the product sends limited licensing data to our licensing server hosted at https://nuvens.infoarrow-up-right via a secure API call. The following information is transmitted:

  • License Number

  • Product Version

  • Count of Licenses in Use

circle-info

This data is used strictly for licensing validation and billing purposes.

Nuvens stores the following customer information for licensing and account management purposes:

  • License Number

  • Company Name

  • Contact Name

  • Contact Number

  • AWS Marketplace ID

  • Number of Licenses Purchased

  • Number of Licenses in Use

  • Last Bill Date

  • Version Installed

  • Date of Signup

IP-based Geolocation Lookup (Third-Party API)

For features that infer approximate geographic location based on an IP address (e.g., analytics, region-specific functionality, administrative insights), we use a third-party geolocation service (www. IP-API.com). – Then link this to the domain https://members.ip-api.com/privacy-policyarrow-up-right

What Is Collected and Sent

When a location lookup is required, the system sends the IP address to an external API endpoint (e.g., pro.ip-api.com/json/{ip}?key={apiKey}) to obtain non-precise location attributes. This call may return:

  • Country, region, city

  • Latitude and longitude (approximate)

  • Time zone

  • Network metadata such as ISP or ASN (optional based on plan)

The geolocation provider processes only the IP address in order to infer these attributes. No device identifiers, GPS data, or precise physical addresses are requested or transmitted.

Purpose of Use

This geographic context is used for:

  • Regional reporting and analytics

  • Customising content or operational behaviour based on location

  • Security or anomaly detection patterns

  • Compliance with region-specific policies

No exact physical location is determined, and this lookup does not use or request browser or device GPS/location services.

Data Protection and Handling

  • Only the IP address (required for the lookup) is sent to the third-party API.

  • The inferred location attributes are treated as derived information, not stored as raw personal data unless explicitly required for a documented business purpose.

  • IP geolocation is considered potentially personal data under GDPR/UK GDPR when combined with other identifiers; we minimise retention accordingly.

  • All calls to the geolocation provider are made over secure HTTPS.

  • The use of this service is governed by the provider’s terms of service and key management policies.

This service is optional and distinct from explicit user location permissions (such as browser or OS geolocation APIs).

PreviousExternal Access Security ControlsNextEvents: Logging, Monitoring and Alerting

Last updated