Privacy Policy — Nsasoft US LLC

Nsasoft US LLC — Privacy Policy
How we collect, use, and protect your personal information.

Last Updated: April 10, 2026

YOUR PRIVACY MATTERS. This Privacy Policy describes how Nsasoft US LLC (“Nsasoft”, “we”, “us”) collects, uses, discloses, and protects information when you visit our websites, download our software, or use our online services. By using our products and services, you agree to the practices described here. NSAuditor AI, our open-source flagship, is designed to never transmit your scan data off the host you ran it on.

1. Who We Are

Nsasoft US LLC is a Nevada limited liability company headquartered at 732 S 6th St, Suite R, Las Vegas, NV 89101, USA. We build network security, asset management, and data recovery software for IT professionals and businesses. For privacy questions, contact support@nsasoft.us.

2. What This Policy Covers

This Privacy Policy applies to:

The website at nsasoft.us and related Nsasoft-operated websites.
Nsasoft desktop software products (Nsauditor, Product Key Explorer, Hardware Software Inventory, and others).
NSAuditor AI when used in modes that involve our online services (the open-source CE edition runs entirely on your infrastructure and does not contact us).
Customer support, sales inquiries, and email correspondence.

It does not cover third-party websites or services we link to, which have their own privacy policies.

3. Information We Collect

a) Information you provide directly

Purchase information: When you buy a license, our payment processor (PayPal) collects your name, email, billing address, and payment details. PayPal shares with us your name, email, and order details — we do not see or store your card or bank account number.
Support requests: When you email support, we receive your email address and any information you choose to include in your message.
License registration: Your name and email become associated with the license key issued to you.
Newsletter / contact forms: If you sign up for updates or fill out a contact form, we receive the contact details you provide.

b) Information collected automatically

Server logs: Our web servers automatically log standard request information (IP address, user-agent, referring URL, timestamps, requested URLs, response codes). These logs are used for security, abuse prevention, and aggregate traffic analysis.
Cookies and similar technologies: We use a small number of cookies for session continuity and basic analytics. See Section 7 below.
Software update checks: Some Nsasoft desktop products check for newer versions on launch by requesting a small version manifest from our servers. The request includes only the product name and current version — not your scan data, license key, or any system information.

c) Information we explicitly do NOT collect

NSAuditor AI scan data: Scan results, vulnerability findings, host inventories, and reports stay on the machine that ran the scan. There is no telemetry, no “anonymized usage” pings, no reporting service, and no cloud upload. You can verify with a packet capture.
Recovered passwords or product keys: Our recovery tools display recovered credentials locally only. We do not collect, transmit, or have any way to see them.
Browser autofill, saved passwords, financial accounts, or biometric data.

4. How We Use Information

We use the information we collect to:

Process orders, deliver license keys, and provide customer support.
Maintain, secure, and improve our websites and software.
Send transactional emails (order confirmations, license-key delivery, important security advisories).
Detect, prevent, and respond to fraud, abuse, security incidents, and unauthorized access attempts.
Comply with applicable legal obligations, court orders, and lawful government requests.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

Contract performance — processing your purchase, delivering license keys, and providing the software you bought.
Legitimate interests — running and securing our websites and services, preventing abuse, and improving our products.
Legal obligations — tax records, accounting requirements, and responses to lawful authority requests.
Consent — for non-essential cookies and any optional marketing communications, where consent is required.

6. How We Share Information

We share personal information only as follows:

Payment processors (PayPal) — to process your transaction. PayPal’s privacy practices are governed by their own policy.
Email delivery providers (SendGrid, Mandrill) — to send transactional emails such as order confirmations and license-key delivery.
Hosting and infrastructure providers — to operate our websites and services.
Legal and safety disclosures — if required by law, court order, or to protect rights, property, or safety of Nsasoft, our users, or the public.
Business transfers — in the event of a merger, acquisition, or asset sale, your information may be transferred subject to standard confidentiality protections.

We require all third-party processors to use your information only for the limited purposes for which we disclosed it.

7. Cookies and Tracking

Our websites use a small number of cookies:

Essential cookies — needed for cart/order continuity and session security. Cannot be disabled without breaking site functionality.
Analytics cookies — aggregate traffic measurement (page views, sources). We do not use cross-site tracking pixels or behavioral advertising networks.

You can control cookies through your browser settings. Disabling essential cookies may break checkout and license-delivery flows. We do not respond to Do Not Track (DNT) signals at this time, but we honor explicit opt-out requests submitted to support@nsasoft.us.

8. Data Retention

We keep personal information only as long as necessary for the purposes described above:

Order and license records — retained for as long as the license is valid plus the period required by U.S. tax and accounting law (typically 7 years).
Support correspondence — retained for up to 3 years after the last contact, unless you request deletion sooner.
Server logs — rotated and deleted within 12 months unless retained for active security investigations.

9. International Transfers

Nsasoft is based in the United States. If you access our services from outside the United States, your information is transferred to and processed in the U.S. We rely on appropriate safeguards, including the EU-U.S. Data Privacy Framework where applicable and Standard Contractual Clauses with our processors, to protect personal data transferred internationally.

10. Your Privacy Rights

EEA, UK, and Switzerland

Under GDPR and UK GDPR you have the right to: access your personal data; request correction or erasure; restrict or object to processing; request data portability; withdraw consent at any time (without affecting prior processing); and lodge a complaint with your local supervisory authority.

California (USA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to: know what personal information is collected and how it’s used and shared; delete personal information; opt out of any “sale” or “sharing” of personal information (Nsasoft does not sell personal information); correct inaccurate information; and exercise these rights without retaliation. We do not knowingly sell or share the personal information of minors under 16.

Other jurisdictions

Residents of other jurisdictions (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Brazil, Canada, Australia, etc.) may have similar rights under local law. We honor verifiable requests in line with applicable law.

How to exercise your rights

Email support@nsasoft.us with the subject line “Privacy Request” and include enough information for us to verify your identity (typically the email address tied to your purchase). We respond within 30 days, or sooner where required by applicable law.

11. Security

We use industry-standard technical and organizational measures to protect personal information — including TLS encryption for all web traffic, hardened server configuration, principle-of-least-privilege access controls, and regular security audits using our own auditing tools. No system is perfectly secure, however, and we cannot guarantee absolute security.

If you become aware of a security issue affecting Nsasoft services, please contact security@nsasoft.us.

12. Children’s Privacy

Our products and services are intended for adult IT professionals and business users. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, please contact support@nsasoft.us and we will delete it.

13. Third-Party Links

Our websites and software may contain links to third-party sites (download mirrors, CVE databases, payment providers, etc.). We are not responsible for the privacy practices of those sites. Please review their privacy policies separately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be communicated via a prominent notice on our website or, where appropriate, by email. Continued use of our products and services after changes take effect constitutes acceptance of the revised policy.

15. Contact

For privacy questions, requests, or complaints, contact:

Nsasoft US LLC — Privacy
732 S 6th St, Suite R
Las Vegas, NV 89101, USA
Email: support@nsasoft.us
Phone: +1 (702) 625-0401