Privacy Policy

Last updated: March 2026

NextGen Systems ("we", "us", or "our") operates ChillinnBOT, a cloud compliance evidence automation platform. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.

---

1. Information We Collect

We collect information you provide directly to us, including:

• Name and email address when you request pilot access or create an account
• Cloud account identifiers (AWS Account ID, Azure Subscription ID) you provide to run compliance scans
• Usage data including scan history and results generated within the platform

We do not collect, store, or access your cloud credentials, secret keys, or any data from within your cloud environment beyond what is returned by compliance control checks.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the ChillinnBOT platform
• Send you compliance scan results and evidence reports
• Communicate with you about your account, updates, and the pilot program
• Respond to your questions and support requests

3. Cloud Access & Read-Only Policy

ChillinnBOT operates on a strict read-only access model. When you connect your AWS or Azure account:

• We only read configuration data required to evaluate GxP compliance controls
• We never create, modify, or delete any resources in your cloud environment
• We never store your access keys, secret keys, or service principal credentials on our servers
• All credential handling is performed client-side or in-session only

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With your consent
• To comply with legal obligations
• To protect the rights and safety of ChillinnBOT, our users, or the public

5. Data Retention

We retain your account information and scan history for as long as your account is active. You may request deletion of your data at any time by contacting us at info@nextgensystems.co.

6. Security

We implement industry-standard security measures to protect your information, including encrypted connections (HTTPS/TLS) and access controls. However, no method of transmission over the internet is 100% secure.

7. Your Rights

You have the right to access, correct, or delete your personal information. To exercise these rights, contact us at info@nextgensystems.co.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website.

9. Contact

If you have any questions about this Privacy Policy, please contact us at info@nextgensystems.co.