Nuclideon

Nuclideon Privacy Policy

Effective Date: March 27, 2026
Last updated: April 7, 2026

Overview

This Privacy Policy explains how Nuclideon Pty Ltd ("Nuclideon", "we", "us" or "our") collects, uses, discloses, stores, and otherwise handles Personal Information when you use our Websites and Services, or interact with us (for example, requesting a demo, purchasing a subscription, or contacting support).

Scope

We are committed to protecting your privacy and complying with applicable privacy laws, including the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (the "Privacy Act") and, where applicable, the Notifiable Data Breaches (NDB) scheme.

You can learn more about the APPs from the Office of the Australian Information Commissioner (OAIC).

Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the applicable Nuclideon website or service where this policy is made available, and you waive the right to receive specific notice of each such change or modification. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Websites and Services after the date such revised Privacy Policy is posted.

Where available, you may opt in to receive update notifications by emailing info@nuclideon.com and requesting to be added to our Privacy Policy change notification list (for example, an account administrator may request notifications on behalf of their organisation).

We keep a public revision history of certain legal documents at https://github.com/Nuclideon/legal; if there is any conflict, the version published on the relevant Nuclideon website or service prevails.

Definitions

  • Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • Websites and Services means any Nuclideon website, domain, subdomain, application, or online service that links to this Privacy Policy, including Nuclideon-hosted udCloud and udServer instances, and related support, sales, and marketing interactions.
  • Customer Content means data, files, models, metadata and other content uploaded to or generated within the services by customers and their authorised users.

By using our Websites and Services, or by otherwise providing information to us, you acknowledge this Privacy Policy applies as described in the Scope and Controller vs Processor sections below.

Our role (Controller vs Processor)

Depending on how you interact with Nuclideon, we may process Personal Information as a controller (we decide why and how Personal Information is processed) or as a processor/service provider (we process Personal Information on a customer's instructions).

In particular:

  • When we act as a controller: for example, when you browse our marketing websites, request a demo or quote, create an administrator account, purchase a subscription, or contact support, we determine the purposes and means of processing your Personal Information.
  • When we act as a processor/service provider: when a customer uses our services to process Personal Information about their end users, employees, or users of Customer Content, we process that Personal Information on the customer's documented instructions. In these cases, the customer is typically the controller, and privacy requests relating to that customer data should generally be directed to the customer.
  • Third-party websites and services: Our Websites and Services may contain links to third-party websites or services that are not owned or controlled by Nuclideon. This Privacy Policy does not apply to those third parties.

Information We Collect

Personal Information you provide

We may collect Personal Information you provide directly to us, such as your name, business contact details (email address, phone number), organisation, job title, and any other information you choose to provide when you create an account, request a demo or quote, purchase a subscription, contact support, or otherwise communicate with us.

How we collect information

We collect Personal Information directly from you, automatically when you use our Websites and Services (for example, through logs and cookies), and sometimes from third parties (for example, analytics, advertising, or referral partners) where permitted by law.

Accounts and access

Some parts of our Websites and Services can be used without providing Personal Information. However, to access certain features (such as account administration, subscriptions, or customer support), you may need to provide personally identifiable information such as a username and password, or information used to help recover your account.

Typical service data

In addition to the categories described above, when you use our services (including udCloud and udServer), we may collect or receive certain information to provide, secure, and support the services. Some of this information may be processed on behalf of our customers where we act as a processor (for example, Customer Content and end-user data).

  • Account and profile data: name, email address, organisation, role, and account preferences.
  • Authentication and access data: usernames, password hashes, multi-factor authentication status, and session/access tokens (as applicable).
  • Single sign-on (SSO) / OIDC identity provider data: where you sign in using an external identity provider (for example, your organisation's SSO or a third-party login such as Google or Microsoft, where enabled), we may receive information from that provider such as a unique user identifier, name, email address, and authentication-related claims (such as group or role information) in order to authenticate you and manage access to the services. We do not receive your password when you use OIDC/SSO; authentication is performed by the identity provider.
  • Information received from third-party sign-in providers: when you authenticate using a third-party sign-in service (such as Google, Microsoft, or any other supported identity provider), we specifically receive the following categories of information from the provider: your name and display name, your email address, your profile image (if available), and a unique account identifier issued by the provider. We use this information solely to create and maintain your Nuclideon account, to verify your identity, and to personalise your experience within the Services. We do not request access to any additional account data from your identity provider (such as calendar, contacts, or files) beyond what is necessary for authentication.
  • Subscription and billing data: plan details, invoices, billing contact information, and transaction metadata. Payment card details are handled by our payment processor(s) as described in this Privacy Policy.
  • Service usage, logs, and telemetry: IP address, device/browser details, timestamps, diagnostic and performance data, audit logs, and security logs (including events used to detect and prevent abuse or attacks).
  • Support and communications data: support tickets, emails, chat transcripts, feedback, and any information you choose to provide to help us resolve an issue.
  • Customer Content and end-user data: Customer Content and other data uploaded to or generated within the services by customers and their authorised users. Where this content includes Personal Information, we generally process it on the customer's instructions as a processor/service provider.

Additional information

  • You are under no obligation to provide Personal Information; however, not providing it may prevent you from using certain features of the Websites and Services.
  • Our Websites and Services are not directed at children under 18 and we do not knowingly collect Personal Information from children under 18.

Sensitive Information

Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

We do not intentionally collect Sensitive Information. However, Sensitive Information may be provided to us or included in Customer Content. If we receive Sensitive Information, we will handle it in accordance with applicable law.

  • If Sensitive Information is received, we will take reasonable steps to handle it appropriately, including applying safeguards suitable to the nature of the information.
  • We will only use or disclose Sensitive Information for the purpose for which it was provided (or a directly related purpose), unless you consent otherwise.
  • We may also use or disclose Sensitive Information where required or authorised by law.

Usage data, cookies and tracking

Usage Information is certain information we may automatically collect regarding your visits to and use of our Websites and Services.

Usage Information may include your internet protocol (IP) address, your access times, your country, your browser type and operating system, device type, other unique identifiers (including mobile device identification numbers), the pages you visited before and after using our Websites and Services, pages you view and links you click on while using our Websites and Services, information collected through cookies and other tracking technologies, information about your interactions with e-mail messages, your likes and replies to a post, server log files, and any other information about how you interacted with our Websites and Services.

We use cookies and similar technologies to operate our Websites and Services, to provide essential functionality (such as authentication and security), and to understand and improve performance. Where required by law, we will ask for your consent before using non-essential cookies (such as analytics or advertising cookies). You can change your cookie preferences at any time using our cookie settings (or by contacting us at info@nuclideon.com).

Technologies We Use

  • Cookies: Cookies are small information text files that are stored on your computer hard drive by your web browser when you use our Websites and Services. Cookies help us recognize you when you return. We also use cookies to ensure you obtain the information you request, to improve navigation according to your needs and to understand your interests.
  • Necessary Cookies: We may use some Necessary Cookies to enable you to use our Websites and Services and some of their features, such as the language you choose while visiting, or to track your cookies consent. Because these cookies are necessary to deliver the Websites and Services, you cannot refuse them. You can always block or delete them by changing your browser settings. However, some features may not function properly if you disable such cookies.
  • Performance and Functionality Cookies: We may use performance and functionality cookies to collect information about how you use our Websites and Services, for instance, which pages you visit most often, or if you get an error message. These cookies don't collect personal information. However, without such cookies, certain functionalities may become unavailable.
  • Analytics Cookies: Where enabled, we may use analytics tools (such as Google Analytics) to help us understand how our Websites and Services are used. We configure analytics to minimise data collection where feasible.
  • Internet-based Advertising cookies: Where enabled, we may use marketing pixels (such as the LinkedIn Insight Tag) for campaign measurement and (where permitted) retargeting. Where required, these are enabled only with your consent.

You can manage cookies through your browser settings and, where available, through any cookie consent tools we provide. You may also direct inquiries regarding cookie preferences to info@nuclideon.com.

Do Not Track (DNT) signals

California law requires that operators of websites and online services disclose how they respond to a DNT signal and whether other third parties may collect Personal Information about an individual's online activities from their website or online service.

Some browsers offer a "Do Not Track" signal. Because there is no consistent industry standard for how to interpret these signals, and because third-party tools may not respond to them, our Websites and Services may not respond to DNT signals. You can manage tracking through our cookie settings and your browser/device controls.

Payment and billing information

Payment card details are handled by our payment processor(s) (for example, Stripe). We do not intentionally store full payment card numbers on our systems. We may store billing and transaction records (such as invoices, amounts, and payment status) for accounting, tax and audit purposes.

Information from other sources

We may also obtain information about you from other sources or retain third party services to operate our Websites and Services and help us monitor, collect, analyse and better understand your interactions with our Websites and Services. These other sources may include, without limitation, analytics and advertising partners, referral partners, and service providers supporting our business systems. If you sign in to a service using single sign-on (SSO) / OpenID Connect (OIDC) or another third-party login, we may receive certain information from your identity provider to authenticate you and administer access (such as a unique identifier, name, and email address, and where applicable group/role claims).

We do not receive your password when you authenticate via OIDC/SSO.

How We Use Information

We may use Personal Information for the following purposes:

  • To provide, operate, maintain, improve and promote our Websites and Services;
  • To enable you to access and use our Websites and Services;
  • To communicate with you and respond to any query or request you have submitted;
  • To send you information you have requested from us (such as quotes);
  • To send you marketing communications where permitted by law. Where consent is required, we will obtain it, and you can opt out at any time (see Marketing Communications below);
  • To provide customer service and support;
  • To secure, monitor, troubleshoot, and provide updates for our Websites and Services, including to detect, prevent, and address technical issues, fraud, abuse, and security incidents;
  • To comply with legal obligations and enforce our terms;
  • To manage corporate governance activities such as audits, reporting, and business continuity planning.

Google API Services User Data Policy Compliance

Nuclideon's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  1. Nuclideon only uses data obtained through Google APIs to provide and improve the Services as described in this Privacy Policy.
  2. Nuclideon does not use Google user data for serving advertisements or for any advertising-related purpose.
  3. Nuclideon does not allow humans to read Google user data unless: (a) it is necessary to provide the Services and customer support; (b) you have given explicit consent; (c) it is necessary for security purposes (such as investigating a security incident); (d) it is necessary to comply with applicable law; or (e) the data has been aggregated and anonymised and is used for internal operations.
  4. Nuclideon does not transfer Google user data to third parties except: (a) as necessary to provide the Services (for example, to our hosting provider); (b) as required by applicable law; or (c) with your explicit prior consent.

Legal Bases (EEA/UK Only)

If you are from the European Economic Area ("EEA"), our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only where we need the Personal Information to perform a contract with you, where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, where we have your consent, or where we have a legal obligation to collect personal information from you.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide your Personal Information).

Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need that Personal Information. If we process Personal Information in reliance on your consent, you may withdraw your consent at any time. This will not affect processing that occurred before you withdrew consent.

How We Share Information

We may share Personal Information with third parties in the ordinary course of operating our Websites and Services (for example, for hosting, support tooling, payment processing, analytics, and shipping where applicable). We take reasonable steps to ensure that these organisations are bound by appropriate confidentiality and privacy obligations and are permitted to access Personal Information only as needed to perform services for us (or, where applicable, for our customers) consistent with this Privacy Policy.

No Sale of Personal Information

Nuclideon does not sell, rent, or trade your Personal Information to third parties for monetary or other valuable consideration. This applies to all Personal Information we collect, including information obtained through any third-party identity provider or authentication service (such as Google, Microsoft, or any other provider we may support in the future). We do not use Personal Information obtained through authentication services for advertising, data brokering, or any purpose unrelated to providing and improving the Services.

Subprocessors and Service Providers

Amazon Web Services (AWS) is a key subprocessor we use to host and operate our cloud services (including udCloud) and to provide underlying cloud infrastructure such as compute, storage, and networking.

For udCloud offerings that are provisioned in a specific AWS region (for example, udCloud Australia), we configure the service so that Customer Content and customer account data are stored and processed within that region. We do not intentionally transfer that data outside the selected region, except where necessary for limited purposes such as providing support, maintaining service security and reliability, or complying with law (and where applicable, consistent with customer instructions and contractual commitments).

We use third-party service providers to help us deliver, operate, and secure our Websites and Services (for example, cloud hosting, data storage, content delivery, analytics, customer communications, support tooling, and payment processing). Where we act as a processor for customer data, these providers may act as our "subprocessors". We take reasonable steps to select and retain providers that maintain appropriate security measures and, where required, we enter into contractual commitments designed to protect Personal Information (such as data processing terms and confidentiality obligations). Some of these providers may process or store information outside Australia or outside your jurisdiction; please see the International Transfers section for additional information.

If you would like information about our current subprocessors used for customer data, please contact us using the details in the Contact Us section.

  • Service Providers: We employ and contract with people and other entities that provide us with certain services, such as hosting, maintenance and security of our Websites and Services, and analytics (collectively, our "Service Providers") to assist in the provision of our Websites and Services. We provide these Service Providers with only the Personal Information they need to perform their services and work closely with them to ensure that your privacy is respected and protected. Unless we tell you differently, our Service Providers do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us.
  • Change of control: We may also transfer and assign your Information in the event we are sold, acquired, or a majority of our business is acquired by a third party. If such a transaction occurs, we will take reasonable steps to ensure your Personal Information remains subject to appropriate protections.
  • Related companies: We may also share your Information with our related companies for purposes consistent with this Privacy Policy.
  • Legal requests: We may disclose Personal Information where required or authorised by law (including to respond to lawful requests from courts, regulators or law enforcement). Where permitted, we will notify affected customers or individuals of a legally binding request for disclosure, and we will seek to limit disclosure to what is legally required.

International Transfers

We may store or process Personal Information in Australia and in other countries where we or our service providers operate. Where Personal Information is disclosed overseas, we take reasonable steps to ensure the overseas recipient handles Personal Information in accordance with the Privacy Act (APP 8) or an applicable exception.

If you are a customer with specific data residency requirements (for example, Australian Government customers), please contact us to discuss available deployment and support options and any contractual commitments regarding storage location.

The European Commission has adopted standard data protection clauses, which provide safeguards for Personal Information transferred outside of the EEA. We may use Standard Contractual Clauses when transferring Personal Information from a country in the EEA to a country outside the EEA. If your Personal Information is affected, you can request a copy of our Standard Contractual Clauses by contacting us as set forth in the Contact Us section below.

Security

We take reasonable precautions designed to protect the confidentiality and security of Personal Information processed in connection with our Websites and Services.

Any Personal Information that we store is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. We use a combination of technical and organisational measures designed to protect Personal Information, including access controls and encryption in transit (for example, TLS) and, where appropriate, encryption at rest.

We strive to take reasonable measures to protect Personal Information. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Data Breach Notification

If we become aware of a suspected or actual data breach involving Personal Information, we will take reasonable steps to investigate, contain and remediate the incident, including taking steps to reduce the risk of harm where appropriate. Where required by applicable law (including under Australia's Notifiable Data Breaches (NDB) scheme), we will notify affected individuals and/or relevant regulators.

Where we act as a processor/service provider, we will notify the relevant customer without undue delay after becoming aware of a personal data breach affecting Customer Content, so the customer can meet its obligations.

Data Retention

We keep Personal Information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, tax, accounting, security, and audit requirements).

Typical retention periods (indicative):

CategoryIndicative retention
Account profile & admin recordsFor the life of the account, and up to 7 years after closure where required for legal, audit or dispute purposes
Billing / invoices / tax recordsUp to 7 years (or longer if required by law)
Support tickets & communicationsTypically 24 months after ticket closure (or longer where needed for safety/security or dispute)
Security logs / audit logsTypically 12–24 months (may be longer for security investigations and compliance)
Marketing leadsUntil you opt out or we determine the data is no longer required for marketing purposes

Where we act as a processor on behalf of a customer, we retain and process Personal Information in accordance with our contract with the customer and the customer's documented instructions, subject to applicable law.

When we no longer have a legitimate business need to process Personal Information, we will take reasonable steps to delete it or anonymise it, subject to applicable law and routine business continuity and security practices (for example, limited retention in backups or logs for a period of time).

For Customer Content and end-user data processed on behalf of customers, we retain and delete that data in accordance with the customer's instructions and applicable contract terms, subject to applicable law.

Your Rights and Choices

Access, Correction and Deletion

You have a right to access, update, correct or edit your Personal Information, subject to exceptions allowed by law. If you would like to do so, please let us know via the Contact Us section below. You may be required to put your request in writing for security reasons. We will respond to access and correction requests within a reasonable time and, where practicable, within 30 days. We may need to verify your identity before processing a request. If you would like to export Personal Information we control, contact us at info@nuclideon.com. We will provide export information within a reasonable time, subject to verification and legal exceptions.

If you are in the EEA/UK (or another jurisdiction with similar rights), you may have additional rights such as deletion/erasure, restriction, objection, and data portability. Where Nuclideon acts as a controller, you can submit these requests using the contact details below. Where Nuclideon acts as a processor on behalf of a customer, requests relating to Customer Content or end-user data should generally be directed to the relevant customer (the controller).

You may delete your account at any time by contacting us by email at info@nuclideon.com. We will process account deletion requests within a reasonable time after receipt. Deletion generally involves removing or anonymising Personal Information associated with your account, subject to applicable law and legitimate business purposes (for example, retaining certain records for tax, accounting, dispute resolution, fraud prevention, security, and compliance). Please note that residual copies of certain information (for example, in backups or logs) may persist for a limited period as part of routine business continuity and security practices.

Marketing Communications

You may opt out of receiving promotional and newsletter marketing emails by following the opt-out instructions provided in the bottom of those emails. We will process your request within a reasonable time after receipt. You will continue to receive transaction-related emails regarding products or services you have requested and administrative communications, such as updates to this Privacy Policy.

Complaints

If you have a complaint about how we handle Personal Information, please contact us using the details below. We will acknowledge your complaint and investigate it, and we will respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

California Disclosures

If you are a California resident, you may have additional rights under California privacy laws. You can submit a request by emailing info@nuclideon.com. If applicable, we will respond as required by law.

Contact Us

If you have questions about this Privacy Policy, or would like to make a privacy request, please contact us:

Nuclideon Pty Ltd
ACN 681 220 548
Email: info@nuclideon.com
Website: https://nuclideon.com