GDPR & Data Protection

Data controller and processor

When you use Nabix to process your documents, you act as the data controller — you decide what documents are uploaded and for what purpose. FightFolio acts as a data processor, processing personal data contained in those documents solely to deliver the service you requested. We do not process your documents for any other purpose.

Legal basis for processing

We process your account data on the basis of contract — it is necessary to provide the service you signed up for. We process your documents on the basis of legitimate interests (delivering the results you submitted a job for) and, where applicable, your explicit instructions as the data controller.

Data Processing Agreement

Customers who require a Data Processing Agreement (DPA) for GDPR compliance can request one by emailing support@nabix.app. The DPA includes a list of current sub-processors and the technical and organisational measures (TOMs) we have in place.

Sub-processors

We use a limited set of sub-processors to deliver the service — including cloud infrastructure, authentication, object storage, and AI processing providers. All sub-processors are bound by data protection obligations equivalent to those in these policies. An up-to-date sub-processor list is available on request.

International data transfers

Some of our sub-processors are based outside the EU/EEA. Where personal data is transferred internationally, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an equivalent level of protection.

Retention and deletion

Uploaded documents and job results are deleted automatically after a short fixed period once your results are ready (typically 7 days). You can permanently delete any job and its associated files at any time from your dashboard. Account data is retained while your account is active and deleted promptly upon a verified account-deletion request.

Data subject rights

If personal data belonging to your employees, clients, or other individuals is contained in documents you upload, you are responsible for handling their data subject rights requests as the data controller. We will assist you in fulfilling those requests where technically possible.

As a Nabix account holder, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your account and associated data
• Receive a portable copy of your data
• Restrict or object to processing in certain circumstances

To exercise any of these rights, contact us at support@nabix.app. We will respond within 30 days. You may also lodge a complaint with your local supervisory authority.

Security measures

We implement technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and regular security reviews. We will notify affected users and relevant authorities of any personal data breach in accordance with applicable law.

Contact

Data protection enquiries can be directed to support@nabix.app.