Privacy Policy

NUL Systems™
A product of NUL Systems Inc, a Delaware corporation
Last Updated: May 13, 2026
SUMMARY. NUL Systems, Inc. ("we," "our," or "us") respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding that information. We designed NUL Systems with privacy and compliance at its core, and we follow the same principles in how we handle your data. If you are located in the European Economic Area (EEA), United Kingdom, or California, you have specific rights described in Sections 9 and 10.

1. Who We Are

NUL Systems, Inc is a Delaware corporation and the operator of NUL Systems, a governance, risk, and compliance platformaccessible at delphiinsights.us and (when live) nulsystems.com. For purposes of data protection law, we are the data controller of personal information collected about our visitors and account holders, and the data processor of Customer Data submitted through the Service.

Contact: privacy@delphiinsights.us

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use the Service, we collect:

  • Account information: name, email address, company, job title, password (stored encrypted)
  • Billing information: payment card details (processed and stored by Stripe, not by us), billing address, tax identifiers where applicable
  • Customer Data: policy documents, transaction records, access request data, and any other content you upload or submit to the Service
  • Communications: messages you send to our support team, surveyresponses, and feedback

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Log data: IP address, browser type and version, operating system, pages visited, timestamps, and referring URL
  • Usage data: features used, actions taken, time spent, error reports
  • Cookies and similar technologies: see Section 7 for details

2.3 Information from Third Parties

We may receive information from authentication providers (if you sign in with a third-party service), payment processors (transaction confirmations), analytics providers, and publicly available sources used for enrichment or verification.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Authenticate users and prevent fraud, abuse, or security threats
  • Send service-related communications (account notifications, security alerts, billing updates)
  • Send product updates, newsletters, and marketing communications (only with your consent, where required by law)
  • Improve the Service through analysis of aggregated and anonymized usage patterns
  • Respond to support requests and provide customer service
  • Comply with legal obligations and enforce our Terms of Service

4. Legal Bases for Processing (EEA / UK)

If you are located in the EEA or UK, we process your personal information under the following legal bases:

  • Contract: to provide the Service you have signed up for
  • Legitimate interests: to improve the Service, ensure security, and prevent fraud
  • Consent: for marketing communications and non-essential cookies (you may withdraw consent at any time)
  • Legal obligation: to comply with applicable laws and regulations

5. How We Share Information

We do not sell your personal information. We share information only in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who help us operate the Service, under contractual obligations of confidentiality and data protection. These include:

  • Stripe (payment processing)
  • Fly.io (application hosting and managed Postgres, US-East region)
  • Supabase (managed Postgres database)
  • Neo4j Aura (managed graph database for the policy graph)
  • Resend (transactional email delivery)
  • Redis (managed in-memory data store for real-timeevaluation).
  • LLM Provider (large language model API used for policyextraction and rule generation).

5.2 Legal Requirements

We may disclose information to comply with a valid legal process (subpoena, court order, law enforcement request), protect the rights, property, or safety of Delphi Insights, our users, or the public, or investigate suspected fraud or violations of our Terms.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or a prominent notice on our website.

5.4 With Your Consent

We may share information for any other purpose with your explicit consent.

6. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account information: retained for the duration of your account plus thirty (30) days after termination for export purposes
  • Customer Data (uploaded documents): Cautomatically deleted thirty (30) days after upload, regardless of accountstatus, unless retention is required by law Customer Data (extracted rules andevaluation history): deleted within thirty (30) days of account termination,unless retention is required by law
  • Billing records: retained for seven (7) years for tax and accounting purposes
  • Log data: retained for up to twelve (12) months for security and diagnostic purposes

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, analyze usage, and improve performance. You can control cookies through your browser settings, though disabling certain cookies may affect functionality. Where required by law, we will request your consent before setting non-essential cookies.

The types of cookies we use include: strictly necessary (for login and session management), functional (preferences), analytics (usage measurement), and where applicable, marketing (subject to consent).

8. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest, access controls, regular security reviews, and monitoring. Details of our current security practices areavailable at delphiinsights.us/legal/security. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights (EEA / UK / Global)

If you are located in the EEA, UK, or certain other jurisdictions, you have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you
  • Correction: request that we correct inaccurate or incomplete information
  • Deletion: request deletion of your personal information
  • Restriction: request that we limit how we process your information
  • Portability: receive your information in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests or for direct marketing
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time
  • Lodge a complaint: with your local data protection authority

To exercise any of these rights, contact us at [privacy@delphiinsights.us]. We will respond within thirty (30) days. We may need to verify your identity before processing your request.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete personal information we have collected from you
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information (we do not sell or share personal information as defined under CCPA/CPRA)
  • The right to limit the use of sensitive personal information
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@delphiinsights.us with the subject line "California Privacy Rights Request."

11. International Data Transfers

We are headquartered in the United States and process data in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. Where required by law, we rely on appropriate safeguards for international data transfers, including the European Commission's Standard Contractual Clauses (SCCs) and equivalent mechanisms.

12. Children's Privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it promptly. Parents or guardians who believe their child has provided personal information to us should contact us at the email address in Section 14.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service at least thirty (30) days before the changes take effect. The "Last Updated" date at the top indicates when this Policy was most recently revised.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

NUL Systems, Inc.

Privacy email: privacy@delphiinsights.us

Website: delphiinsights.us

— END OF PRIVACY POLICY —