NNSFlowNNSFlow
Legal

Privacy Policy

Last updated: January 2026

Introduction

NNSFlow is a product of PentaLab SRL, a Belgian software company. This privacy policy explains how we collect, use, and protect data when you use our negative news screening service.

We are committed to compliance with the Swiss Federal Act on Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR) where applicable.

Data Controller

PentaLab SRL

Brussels, Belgium

Contact: privacy@nnsflow.com

What Data We Collect

Account Data

  • Email address
  • Name (as provided during registration)
  • Authentication credentials (securely hashed)
  • Team membership and role information

Screening Data

  • Entity names and types (individuals or companies you screen)
  • Search parameters (keywords, site filters, country settings)
  • Evidence snapshots (extracted text content from reviewed sources)
  • Source metadata (URLs, titles, domains, timestamps)
  • User decisions, notes, and credibility classifications
  • Audit logs (actions taken, timestamps, user attribution)

Technical Data

  • IP addresses (for security and access logging)
  • Browser type and version
  • Session identifiers

Legal Basis for Processing

We process data under the following legal bases:

Contract Performance

Processing necessary to provide the screening service you have requested.

Legal Obligation (GDPR Art. 6(1)(c))

Evidence storage to meet AML/KYC documentation requirements.

Legitimate Interest (GDPR Art. 6(1)(f))

Risk assessment documentation and service security.

Evidence Storage

NNSFlow stores evidence snapshots of sources reviewed during screening sessions. This includes the full extracted text content from web sources. This data is stored strictly for AML due-diligence documentation purposes.

Important: NNSFlow does not perform continuous monitoring. Evidence is collected only in response to explicit screening actions initiated by compliance officers. This is point-in-time due diligence, not surveillance.

Data Retention

10 YEARS

Completed Screenings

Evidence snapshots and audit logs for completed screening sessions are retained for 10 years from the decision date, in line with Swiss AML documentation requirements.

90 DAYS

Abandoned Sessions

Draft or abandoned screening sessions (never completed) are automatically purged after 90 days.

Data Deletion

When retention periods expire, data is automatically and permanently deleted. This process is handled by scheduled jobs and logged for compliance purposes.

Note: Due to regulatory retention requirements, we cannot delete completed screening evidence before the retention period expires. This is a legal obligation, not a policy choice.

Your Rights

Under applicable data protection laws, you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (subject to legal retention requirements)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

To exercise these rights, contact us at privacy@nnsflow.com.

Third-Party Services

We use the following third-party services:

Search API Provider

We use a search API to retrieve publicly available web content for screening. Only entity names and search parameters are sent to this service.

On-Premise Deployment

For enterprise customers using on-premise deployment, all data is stored within your own infrastructure. In this case, you are the data controller and PentaLab SRL acts solely as a software provider.

Contact

For questions about this privacy policy or our data practices, contact us at:

privacy@nnsflow.com

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the revised policy.