Nivoxis Privacy Policy

Last updated: 18 January 2026

This Privacy Policy explains how Nivoxis (“we”, “us”, “our”) collects, uses, shares, and protects personal information when you visit our website, contact us, or use our cybersecurity awareness training services (including phishing simulations, micro-learning, reporting, coaching, and audit-evidence outputs).

We operate primarily in South Africa and comply with the Protection of Personal Information Act, 2013 (POPIA) and its Regulations, along with other applicable privacy laws depending on where our customers and users are located.

1. Who we are

1.1. “Responsible Party” for website visitor data:
Nivoxis

1.2. Email:
support@forestgreen-gorilla-697583.hostingersite.com
info@forestgreen-gorilla-697583.hostingersite.com

1.3. Information Officer (POPIA):
Josh Koopman
Information Officer
josh.koopman@forestgreen-gorilla-697583.hostingersite.com

1.4. When we act as Operator:
For most training deployment, the client is the “Responsible Party” and Nivoxis acts as an “Operator/Processor” processing employee and user data on the customer’s instructions (under a Data Processing Agreement).

2. Scope

2.1. Information Provided:

•  Contact information
  – Name and Surname
  – Work Email Address
  – Work Phone Number
  – Company
  – Job Title and Department
• Account Information
  – Usernames
  – Permissions
  – Configuration Preferences
•  Support Content
  – Messages
  – Attachments
  – Tickets
  – Meeting Notes
• Training-related Inputs
  – Quiz Responses
  – Feedback
  – Acknowledgments
  – Survey Responses
•  In-Person Session Records
  – Sign-in Registers
  – Attendance Confirmation
  – Session Feedback
  
  

2.2. Information Collected Automatically (Website + Platform)

• Device Usage and Information:
  – IP Address
  – Device Type
  – Browser Type
  – Pages Visited
  – Timestamps
• Cookies and Analytical Identifiers
  – See Cookie Section Below

2.3. Training and Simulation Data

Depending on the program configuration, we may process:

• Learner Identity
  – Name and Surname
  – Work Email Address
  – Department
  – Course Location
  – Access Level
• Learning Progress
  – Modules Assigned
  – Completion Status
  – Scores
  – Certificates Issued
• Simulation Activity
  – Email Delivery Status
  – Opens, Clicks, Reports
  – Landing-page Interactions
  – All “Credential Entries” on Website
• Risk Insights:
  – Behavioral trends
  – Repeat Patterns
  – Role-based Risk Indicators
• Audit Evidence
  – Aggregated Reports
  – Evidence Packs
  – Policy Acknowledgements
  – Training Records
• Sensitive Personal Information
  We do not intentionally require special-category data (such as health, biometrics, etc). If a customer includes it in free-text fields or uploads the data, we treat it as sensitive information and applying heightened controls.

3. Purpose for Personal Information

3.1. Nivoxis uses the personal information to:

• Provide, run and support training programs and simulations
• Create dashboards, audit-ready reports, and leadership summaries
• Administer learner accounts, access control, and certificates
• Improve content effectiveness and engagement
• Communicate service notices, security updates, and support responses
• Prevent fraud, abuse, and unauthorized access
• Meet legal and contractual obligations (including POPIA)

4. Legal Grounds

4.1. Protection of Personal Information Act (South Africa)

POPIA requires lawful, reasonable processing aligned to defined conditions and safeguards.

5. Sharing of Personal Information
We do not sell personal information. We may share information with:

5.1. Customer Organizations
Training reports and learner data are shared with authorised customer admins according to customer configuration and role-based access.

5.2. Service Providers
We may use vetted service providers for:

• Cloud hosting and storage
• Email Delivery (training invitations, phishing simulations)
• Analytics (website/platform usage)
• Customer support tooling
• Identity and access management

All service providers are bound by contractual confidentially and security obligations.

5.3. Legal Compliance and Protection
We may disclose information where required by law or to response to lawful requests, or to protect rights and security.

5.4. Business Transfers
If Nivoxis restructures, merges, or sells assets, information may transfer subject to appropriate protections.

6. Phishing Simulations
Because we are in the business of reducing human error, not creating it, our simulations are designed to be:

• Appropriate to the training goals
• Role and Department specific
• Minimized in data collection
• Configurable by the customer

Credential capture: We strongly recommend simulation designs that do not collect real credentials. If a customer requests credential-entry simulations, we apply strict safeguards by setting immediate discard protocols, clear contractual limits and one-way capture processes.

7. International Data Transfers
If information is processed or stored outside South Africa (e.g., cloud regions), we implement appropriate transfer safeguards and contractual protections consistent with POPIA cross-border requirements.

8. Security Measures
We implement appropriate technical and organization measures to protect personal information including:

• Access Control and least privilege
• Encryption in transit
• Segmentation and secure configuration
• Audit logging and monitoring
• Supplier risk management and contractual controls
• Incident response processes

If a security compromise occurs, we follow applicable notification duties, including POPIA security compromise notification processes.

9. Retention
We retain personal information only as long as necessary for:

• Delivering training and reporting
• Meeting contractual requirements
• Legal/accounting obligations
• Security and fraud prevention

Typical retention is defined in the customer contract within the termination section.

We can anonymize data for statistical reporting where appropriate.

10. Your Rights

10.1. Protection of Personal Information Act (POPIA)
Data subjects may request correction or deletion and may object to processing in certain cases. The Information Regulator provides prescribed forms and a complaints process.

How to exercise rights:
Email support@forestgreen-gorilla-697583.hostingersite.com or the Regulator with “Privacy Request” in the subject. We may verify identity before actioning request.

Important: If your training is delivered through your employer, some requests must be handled by your employer or customer as the acting responsible party.

11. Children’s Privacy
Our services are intended for organizational training and adult users in the workplace context. We do not knowingly target children. If we learn we processed a child’s personal information unintentionally, we will take relevant steps to permanently delete it where legally required.

12. Cookies and Analytics
We may use cookies and similar technologies for:

• Site functionality and security
• Measuring website performance
• Understanding content effectiveness

You can control cookies via browser settings. Where required by law, we use cookie consent mechanisms.

13. Marketing Communications
We may send marketing communications to business contacts where lawful and appropriate. You can opt out at any time via the unsubscribe link or by contacting us at support@forestgreen-gorilla-697583.hostingersite.com.

14. Governing Law
This Privacy Policy is governed by the laws of South Africa, and disputes will be handled in a court of competent jurisdiction in South Africa.

15. Changes To Privacy Policy
We may update this policy from time to time. We will post updates on this page and revise the “Last Updated” date. If changes are material, we will take reasonable steps to notify customers and admins.

16. Contact Us
For privacy questions, requests, or concerns:

Email: support@forestgreen-gorilla-697583.hostingersite.com
Information Officer: Josh Koopman