Home

Privacy Policy

Last updated: April 2026

Service Model

NexGuard is a private network infrastructure platform operated by Adstore LLC. We provide dedicated servers to organizations and teams. Each server is exclusively managed by the customer's organization. NexGuard does not monitor, inspect, or control network traffic passing through customer servers.

What We Collect

  • Organization name and contact email (account management)
  • Aggregate bandwidth usage per server (billing)
  • Server metadata: IP address, location, creation time
  • Connection metadata: device count, last connection time per device (retained for 90 days per EU DPED requirements)

What We Never Collect

  • Browsing history or DNS queries
  • Traffic content or packet inspection
  • Source IP addresses of end users
  • Any personally identifiable traffic data

Customer Responsibility

Organizations deploying NexGuard servers are solely responsible for:

  • Managing device access and user permissions on their servers
  • All network traffic routed through their dedicated infrastructure
  • Compliance with applicable laws in their jurisdiction
  • Maintaining their own logs if required by local regulations

Data Retention

Account data is retained for the duration of the subscription. Connection metadata (device count, connection timestamps) is retained for 90 days in compliance with EU Digital Privacy Enhancement Directive (DPED). Billing records are retained for 7 years per tax regulations. Data is stored in encrypted EU (Germany) databases.

Third Parties

Paddle (payments), Hetzner (EU cloud infrastructure). All GDPR and DPED compliant. No customer traffic data is shared with any third party.

Data Controller

Adstore LLC is the data controller for account and billing data. For network traffic data, the customer organization is the data controller — NexGuard acts as a data processor providing infrastructure only.

GDPR & DPED Rights

Data export, correction, or deletion: privacy@nexguard.sh

EU residents have the right to access, rectify, erase, and port their personal data. Requests are processed within 30 days.