Legal
Privacy Policy
Last updated: 29 April 2026
The short version
- We're AI Research Ltd, a Cyprus company that runs nexumfleet.com and operates the Nexum Fleet brand.
- If you use our contact form or email us, we collect your name, company, email, and whatever you write to us. That's it.
- If you just visit the site, we collect basic analytics: country, browser, pages viewed. We don't track you across other sites and we don't sell anything to advertisers.
- We use the information to reply to you and to understand how the site is used. We never sell it.
- You can ask us at any time what we hold about you, or to delete it. Email
legal@nexumfleet.com. - You can complain about us to the Cyprus Data Protection Commissioner if we get this wrong.
Everything below is the detailed version.
Who we are
AI Research Ltd, trading as Nexum Fleet.
Registered in the Republic of Cyprus.
Company number: HE346957.
Registered office: 5 Andrea Patsalidi Street, Office 303, Egkomi, 2408, Nicosia, CYPRUS.
For GDPR, UK GDPR, and Cyprus data protection law, AI Research Ltd is the controller of personal data collected through the site. "We", "us", and "our" mean AI Research Ltd throughout this page.
This page covers the website only. It doesn't cover:
- Third-party sites we link to (they have their own policies)
- Data we process as part of an actual commercial relationship with a customer (that's governed by a separate Data Processing Agreement)
- Data from fleet drivers, which goes through our telematics service provider (TSP) customers and never through us
What we collect
When you contact us
If you use the contact form or email us, we collect:
- Your name
- Your company
- Your role or title (if you add it, not required)
- Your email
- What you wrote to us
If you send us anything else (a technical brief, a question, a scoping document), we'll hold that too, because you sent it.
When you just visit
Our hosting provider and analytics tool automatically log:
- Your IP address (sometimes anonymized by the tool before it reaches us)
- Your browser type and version
- Your device type and operating system
- Which pages you visited and how long you stayed
- Where you came from (the referring site, if any)
- Your approximate location, country or region, not precise
What we don't collect
We don't collect anything in the special categories under GDPR (race, ethnicity, political views, religion, health, biometrics, sexual orientation, criminal record). We don't ask for them and we don't want them.
We don't knowingly collect data from anyone under 16. If you are, please don't use the contact form. If we discover we've received data from someone under 16, we'll delete it.
What we do with it
| Why | What we use |
|---|---|
| Replying to you | Name, company, email, message content |
| Having commercial conversations with you (sales, integration partnerships) | Contact details, role, company |
| Sending you something you asked for (a brief, a spec) | Name, email |
| Understanding how the site is used, so we can make it better | Analytics data |
| Stopping the site being abused or attacked | IP address, technical data |
| Following the law when we have to | Whatever the law specifically requires |
We don't sell personal information. We don't share it for third-party marketing. And we don't use it to make automated decisions that affect you legally.
The legal basis
Under GDPR and UK GDPR, we need a lawful basis for each thing we do with your data. Ours:
- Legitimate interests - Replying to people who contact us, running analytics, protecting the site. Our interest is running our business. We've weighed this against your rights and we don't think it overrides them.
- Consent - For non-essential cookies, where consent is required. You can withdraw it any time through your cookie preferences.
- Performance of a contract - If we're in pre-contractual talks at your request or we've signed an agreement with you.
- Legal obligation - When the law tells us to.
Who we share it with
We share personal information only with the providers we need to run the site, and only to the extent necessary. Every one of them acts as a data processor on our instructions, under a data processing agreement.
| Category | Who | What they do |
|---|---|---|
| Hosting | Cloudflare | Serves the site to you |
| Analytics | Google Analytics + Google Tag Manager | Aggregated, anonymized usage data |
| Consent management | Cookiebot (Usercentrics A/S) | Records your cookie consent choice |
| Contact form | Formspree | Receives your submission and forwards it to us by email |
| Gmail | Delivers email to and from us | |
| Professional advisers | Lawyers, accountants, auditors | Help us run the business, under duty of confidence |
| Government or regulators | Tax, data protection, law enforcement | If the law compels us |
| Acquirers | In a merger, acquisition, or asset sale | With the usual contractual protections |
Sending data outside the EEA
We're based in Cyprus (EU). Some of our providers are in the US or UK. When we send personal data outside the European Economic Area, we rely on one of these:
- Adequacy decisions - For countries the European Commission has ruled provide adequate protection, including the UK and (for certified providers) the US under the EU-US Data Privacy Framework.
- Standard Contractual Clauses - The European Commission's 2021 model clauses, with supplementary measures where needed after Schrems II, for transfers where no adequacy decision covers us.
- Your explicit consent - If neither of the above is available.
You can ask for a copy of the safeguards we rely on. Email legal@nexumfleet.com.
Cookies
What we use
Strictly necessary cookies - for the site to function and be secure. We use these without consent because the law allows that for essentials.
Analytics cookies - Google Analytics 4 and Google Tag Manager. These help us understand how visitors find and use the site so we can make it better. Where you can be identified by an analytics cookie, it's by a randomly generated identifier, not by your name, email, or anything you've given us. We've configured Google Analytics to anonymize IP addresses and not to share data with Google for advertising.
We don't use advertising, marketing, retargeting, or session-replay cookies.
What the analytics cookies record
| What | Why |
|---|---|
| Pages you visit and how long you stay | Understanding what's useful and what isn't |
| The site that referred you to us | Knowing where our visitors come from |
| Country and city-level location | Understanding our audience geography |
| Device, browser, and operating system | Making sure the site works for the devices people actually use |
| Clicks on key links: contact, CTAs, downloads | Knowing whether the site is doing its job |
Your choices
When you first visit the site, our consent banner asks whether you accept analytics cookies. You can:
- Accept - analytics cookies load and we receive the data above.
- Customise - you can decide what we receive beyond strictly necessary cookies.
Your browser settings also let you refuse cookies, accept only some, or be asked each time. Blocking strictly necessary cookies may affect how the site works.
Third parties
Cookiebot is provided by Usercentrics A/S (Denmark). Their privacy practices are at usercentrics.com/privacy-policy.
Google Analytics and Google Tag Manager are provided by Google LLC (US) and Google Ireland Limited (Ireland). Both companies process some data outside the EEA. See Sending data outside the EEA above for the safeguards we rely on. Their own privacy practices are at policies.google.com/privacy.
How long we keep things
| What | How long |
|---|---|
| Your contact form submission or emails | Until you ask us to delete them, or up to 3 years after our last contact if nothing commercial develops |
| Data from an active commercial relationship | The duration of the relationship, plus 7 years after it ends (tax, legal, and audit reasons) |
| Website analytics | Aggregated and anonymized; individual sessions no longer than 13 months |
| Anything the law requires us to retain | As long as the law requires |
When we no longer need personal data, we securely delete or anonymize it.
Your rights
Under GDPR, UK GDPR, and Cyprus law, you can ask us to:
- Tell you what we hold about you
- Correct anything inaccurate
- Delete what we hold about you (there are some legal exceptions)
- Limit how we use it
- Export it in a machine-readable format, or send it to someone else
- Stop processing it where we're relying on legitimate interests
- Withdraw consent where we're relying on it
- Not be subject to solely automated decisions - we don't make any anyway
- Complain to a supervisory authority
To use any of these rights, email privacy@nexumfleet.com. We'll reply within a
month.
If you want to complain about us
The supervisory authority for Cyprus is:
Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22 818 456
Email: commissioner@dataprotection.gov.cy
Web: dataprotection.gov.cy
If you're elsewhere in the EU or the UK, you can complain to your local authority instead.
Please do let us know if you have a complaint so that we can try to address it promptly.
Email legal@nexumfleet.com.
Security
We protect personal information with appropriate technical and organizational measures. That includes:
- TLS/HTTPS on all site traffic
- Access controls on systems holding personal data
- Two-factor authentication on admin accounts
- Regular security reviews
No system is perfect. If a breach happens that's likely to risk your rights, we'll notify the Cyprus Data Protection Commissioner within 72 hours of becoming aware of it. If the risk is high, we'll contact you directly.
California residents (CCPA)
If you're in California, you additionally have the right to:
- Know what personal information we collect, use, and disclose
- Have us delete it
- Correct it if it's wrong
- Opt out of "sale" or "sharing" - we don't sell or share as CCPA defines it
- Limit use of sensitive personal information - we don't collect any
- Not be discriminated against for exercising these rights
Email privacy@nexumfleet.com to use any of them. We may need to verify your
identity first.
If we change this
We'll update the "Last updated" date. For material changes we'll put a notice on the site or email you if we have your address. Continuing to use the site after changes take effect means you accept them.
How to reach us
Email: legal@nexumfleet.com
We aim to respond within 5 business days.
A separate privacy policy applies to the product when it starts processing fleet or driver data. This page covers the website only.