Privacy Policy

This page explains what personal data we collect on nlsys.io, why, where it goes, and what rights you have. It is written to match what this site actually does — nothing more.

Last updated: 9 July 2026 · Operated by OPS2.AI LTD, registered in the United Kingdom, Company No. 17081809, registered address 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. Contact: nlsys.io@proton.me.

1. Who we are

OPS2.AI LTD ("we", "us") is a company registered in the United Kingdom. We are the data controller for the personal data described on this page. We are registered with the UK Information Commissioner's Office as a data controller, registration reference ZC106468. For anything privacy-related, write to nlsys.io@proton.me.

2. What we collect, and why

Contact and access forms. When you submit a form on this site (free access, self-service, pilot, enterprise), we receive what you typed: your email, and — depending on the form — your name, company, and answers about your system. Submissions are received by our website host, Netlify (acting as our processor), and forwarded to our mailbox, where they are stored. We use it to reply to you and to provide what you asked for (legal basis: taking steps at your request prior to entering a contract, and performing that contract).

Your account and usage. When you sign in to the customer cabinet we process your email address, your sign-in and consent records, your personal stream key, and your credit ledger — credits added with plans and packs, and credits spent on traffic, compiles and reports. Our administrators can view these records in an internal dashboard. Legal bases: performing the contract with you; keeping accounting records required by law (kept up to 6 years in the UK); and our legitimate interest in securing the service and preventing misuse — including suspending access as described in the Terms. We do not sell this data and do not use it for third-party advertising.

Purchases and the billing portal. Payments and billing are handled by our payment provider (Paddle as merchant of record; Stripe or Lemon Squeezy where stated at checkout). Card details go to the payment provider directly and never touch our servers. The billing portal sign-in uses your email address and a one-time passcode sent by the provider; we do not create or store passwords. We see what the provider shows us: your name, email, purchases, invoices and subscription status (legal basis: performing the contract; keeping records required by law).

Product data. If you send signal streams or trajectory data to our products, that data is processed on servers located in Switzerland, for the sole purpose of providing the service you requested. Ownership of your data stays with you.

Technical data. Our hosting provider records standard server logs (IP address, request time, pages requested) for security and operations. Page fonts are loaded from Google Fonts, which means your browser sends a standard web request (including your IP address) to Google when the page loads.

Marketing. We do not send marketing emails. If that ever changes, it will be opt-in only.

3. Cookies and analytics

We use Cloudflare Web Analytics to count page views and referrers. It is cookieless: it sets no cookies, stores nothing on your device, uses no persistent identifiers and does no cross-site tracking — so no consent banner is required. The customer cabinet uses one strictly-necessary session cookie to keep you signed in. We run no advertising or marketing trackers.

3a. Payments and card data

Checkout and card processing happen entirely on our payment providers' PCI DSS–compliant infrastructure. We never see or store card numbers.

4. Where your data goes (international transfers)

We are a UK company; product data is processed on servers in Switzerland. Switzerland is covered by UK adequacy regulations, and the United Kingdom is recognised as adequate under Swiss law — so data can move between the two without additional transfer mechanisms. Both the UK and Switzerland also hold adequacy decisions from the European Union, so if you are in the EU/EEA, your data is likewise covered. Our processors: FormSubmit (form delivery), Stripe (payments and billing), our hosting provider (site and product infrastructure), and Google (font delivery) — each processes data under its own terms as our processor or an independent controller for their service.

5. How long we keep it

Form submissions and correspondence: for as long as needed to handle your request and our relationship, then deleted. Billing records: for as long as tax and company law require. Product data: for the duration of the service, unless you ask us to delete it sooner.

6. Your rights

Under UK GDPR (and equivalent Swiss and EU law) you can ask us for access to your personal data, correction, deletion, restriction of processing, portability, and you can object to processing based on legitimate interests. Write to nlsys.io@proton.me — we answer every message ourselves. You also have the right to complain to a supervisory authority: in the UK, the Information Commissioner's Office (ico.org.uk); in Switzerland, the FDPIC (edoeb.admin.ch); in the EU, your local data protection authority.

7. Changes

If this policy changes, the new version appears on this page with an updated date. Material changes affecting existing customers will also be sent to the email we hold for you.