Trust
One link for your procurement review.
Everything a security, legal, or procurement reviewer needs. Each section below links to a printable document or live page. Send this URL when an RFP asks for "your security and privacy documentation".
Security overview
Consolidated reference covering infrastructure, encryption, access control, backups, vulnerability management, and incident response. Print-optimized for one-PDF attachment.
Privacy policy
GDPR roles, lawful bases, data residency, subject rights, retention, and the live sub-processor list. Updated when material changes occur; recent changes shown at the bottom.
Data Processing Addendum
Standard DPA accepted on signup. Negotiated DPAs accommodated on request for enterprise customers.
Cookie policy
Strictly necessary cookies only. No third-party analytics or tracking. Detailed inventory.
Sub-processors
Live list, database-driven. 30-day advance notice on additions or replacements (GDPR Art. 28(2)), with the right to object.
Live status
Real-time operational state. Material incidents receive a public post-mortem with timeline, root cause, and remediation.
Accessibility (WCAG 2.1 AA)
Manual audit against AA criteria, verified pass with documented residuals. Procurement Q&A pre-written. VPAT on request.
Changelog
What we shipped, when. Updated frequently — buyers reading the changelog as a velocity proxy are skeptical readers, so we keep the tone factual.
Getting a security questionnaire today?
We can complete standard procurement questionnaires (CAIQ-Lite, SIG Lite, custom RFPs) within one Nordic business week. Honest answers, including where we are not yet certified — buyers respect precision over polish. Email info@nexvendo.com with the questionnaire attached.
info@nexvendo.comData residency at a glance
All production infrastructure runs in the European Union, primarily in Frankfurt, Germany. We do not initiate transfers of personal data outside the European Economic Area in the course of normal operations. Sub-processor locations are listed at /privacy.