Effective Date: 27/02/2026
Last Updated: 27/02/2026
1. Introduction
REGNEXA LTD, a company registered in the Republic of Cyprus under Company Registration Number HE482989, with its registered address at Anexartisias 9, Timi, Paphos, 8507, Cyprus (“RegNexa”), provides a compliance workflow platform designed for regulated professionals operating in environments where data confidentiality, integrity, availability, and accountability are critical.
Security is not treated as a feature of the Platform. It is treated as a foundational operational requirement. This document outlines the technical, organisational, and governance measures implemented to safeguard information processed within the RegNexa Platform.
This statement should be read together with the Privacy Policy and the Data Protection & GDPR page.
2. Security Governance Framework
RegNexa applies a security by design and privacy by design approach to system architecture and operational processes. Information security considerations are integrated into platform development, infrastructure configuration, and ongoing system maintenance.
Security controls are reviewed periodically and adjusted where necessary to address evolving technological, regulatory, and operational risks.
Access to production environments is restricted to authorised personnel and is governed by defined access control procedures.
3. Infrastructure Security
The RegNexa Platform operates within secure cloud infrastructure environments. Hosting environments are selected based on reliability, physical security standards, network protections, and data protection compliance.
Infrastructure controls include network segmentation, firewall protections, secure configuration management, and monitoring mechanisms designed to prevent unauthorised access and detect anomalous activity.
RegNexa does not disclose detailed infrastructure configurations publicly for security reasons.
4. Data Encryption
Data transmitted between users and the Platform is protected using encryption protocols designed to prevent interception and unauthorised access during transmission.
Where applicable, stored data is protected through encryption at rest or equivalent protective mechanisms within the infrastructure environment.
Encryption keys and access credentials are handled through controlled access processes.
5. Access Control and Authentication
Access to the Platform is restricted to authorised users through authentication mechanisms. User roles and permissions can be configured to restrict access based on functional responsibility.
Administrative access is limited and subject to additional safeguards. Activity logs and audit trails are maintained to support traceability and accountability.
Users are responsible for maintaining the confidentiality of their login credentials and implementing appropriate internal access controls within their organisations.
6. Data Segregation
RegNexa employs logical segregation mechanisms designed to ensure that data belonging to one subscribing organisation is not accessible to another.
Each User environment operates within an isolated context to prevent cross-access between clients.
7. Monitoring and Incident Management
RegNexa maintains monitoring procedures designed to detect potential security incidents, unauthorised access attempts, or system anomalies.
In the event of a confirmed personal data breach, RegNexa will act in accordance with applicable legal and contractual obligations. Where RegNexa acts as Data Processor, affected Users will be notified without undue delay in accordance with the Data Processing Agreement.
Incident management procedures are periodically reviewed to ensure readiness and response capability.
8. Subprocessor Security
Where third-party service providers support infrastructure or operational services, RegNexa requires that such providers implement appropriate security measures and contractual confidentiality obligations consistent with applicable data protection laws.
RegNexa remains responsible for ensuring that subprocessors process data in accordance with contractual safeguards.
9. Data Retention and Deletion
Personal data processed within the Platform is retained in accordance with contractual arrangements and applicable regulatory requirements.
Where RegNexa acts as Data Processor, data retention and deletion are governed by User instructions and the Data Processing Agreement.
Upon termination of a subscription, data export and deletion procedures are implemented in accordance with agreed contractual terms.
10. Business Continuity
RegNexa maintains business continuity considerations designed to reduce the risk of service disruption. Infrastructure environments are selected with redundancy and reliability in mind.
While no system can guarantee uninterrupted availability, RegNexa aims to maintain operational resilience appropriate to the nature of the services provided.
11. User Responsibilities
Security is a shared responsibility. Users are responsible for maintaining internal controls, protecting login credentials, implementing appropriate endpoint security, and ensuring that authorised personnel access the Platform.
RegNexa is not responsible for security breaches resulting from User negligence, credential compromise, or failure to implement reasonable internal safeguards.
12. Limitations
No online system or transmission method can be guaranteed to be completely secure. While RegNexa implements reasonable and appropriate security measures, absolute security cannot be guaranteed.
Users acknowledge that use of the Platform involves inherent technological risks and that RegNexa’s liability is limited as set out in the Terms of Service.
13. Contact Information
REGNEXA LTD
Anexartisias 9, Timi, Paphos, 8507, Cyprus
Company Registration Number HE482989
For security or data protection matters, please contact: [email protected]
