Privacy Policy

Effective Date: April 16, 2026  |  Last Updated: April 16, 2026

Nyte Nebula Consulting Inc., doing business as Nyte Nebula Technology Solutions ("we," "us," or "our"), is committed to protecting the privacy and security of all individuals who use our services, including Veterans of the United States Armed Forces. This Privacy Policy describes how we collect, use, store, and protect personal information — including Personally Identifiable Information (PII) and Protected Health Information (PHI) — across our managed IT services and technology products.

1. Information We Collect

We may collect the following categories of information depending on the service you use:

• Account Information: Name, email address, phone number, and organizational affiliation provided during registration or service engagement.
• Veteran Profile Data: For Veteran-facing applications, we may collect veteran status, service history, disability ratings, and claims-related information accessed through authorized VA Lighthouse APIs with your explicit consent.
• Health Information (PHI): Where applicable and authorized, limited health records accessed through VA Health APIs, processed strictly for the purpose of supporting Veteran claim preparation and evidence organization.
• Technical Data: IP addresses, browser type, device identifiers, and usage analytics collected to maintain service reliability and security.
• Communication Data: Information you provide via contact forms, support requests, or scheduled consultations.

2. How We Use Your Information

We use collected information exclusively for:

• Delivering the managed IT, cybersecurity, and Veteran-support technology services you request.
• Organizing claim evidence, comparing filing paths, and preparing submissions using Veteran-consented records and plain-language workflow guidance.
• Maintaining account security, session continuity, and role-based access controls.
• Fulfilling legal, contractual, and regulatory obligations.
• Improving our services based on aggregated, de-identified usage patterns.

3. Data Security & Encryption

We implement industry-standard security measures to protect your data:

• Encryption at Rest: All PII and PHI are encrypted at rest using AES-256 or equivalent cryptographic standards. OAuth tokens and credential material are Fernet-encrypted in backend storage.
• Encryption in Transit: All data transmitted between your device and our services is protected by TLS 1.2 or higher.
• Role-Based Access Controls (RBAC): Access to sensitive data is restricted to authorized personnel and service accounts operating under the principle of least privilege.
• Credential Management: Production keys and OAuth credentials are stored only as environment variables and secret-managed runtime configuration. Credentials are never embedded in frontend code, repositories, logs, or client-side storage.
• Continuous Security Monitoring: We run continuous dependency scanning, container security audits, and routine patch cycles. Critical vulnerabilities are prioritized and tracked to closure with owner accountability.

4. Data Retention & Minimization

We adhere to a minimal-retention policy:

• We store only the minimum data required to deliver the services you request.
• Data retention is tied to your active account lifecycle. Upon account deletion or service termination, associated personal data is purged within 30 days unless retention is required by law.
• Veteran profile and workflow context is retained strictly for session continuity and user-requested support workflows.

5. We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information — including Veteran data — to any third party, for any purpose, under any circumstances.

Our revenue comes from subscription service tiers and implementation services, not from the monetization of user data.

6. Third-Party Data Sharing

We do not expose VA health, claims, disability, or service-history data to third parties. Information may be shared only in the following limited circumstances:

• With Your Consent: When you explicitly authorize sharing for a specific purpose.
• Legal Compliance: When required by law, court order, or government regulation.
• Service Providers: With trusted infrastructure providers (hosting, security monitoring) operating under strict contractual data protection agreements, who process data solely on our behalf.

7. VA Lighthouse API Compliance

Where our services integrate with the U.S. Department of Veterans Affairs Lighthouse API platform:

• All data access requires Veteran-initiated OAuth2 authorization and explicit consent.
• API scopes are limited to the minimum required for the specific service function.
• We enforce request throttling, server-side caching, idempotent controls, and audit logging to prevent unnecessary API requests.
• We comply with all VA API Terms of Service and security requirements.

8. Breach Notification

In the event of a data breach involving your personal information:

• We will conduct immediate incident triage, credential rotation, access revocation, and forensic log preservation.
• Affected individuals will be notified in accordance with applicable federal and state breach notification laws.
• We maintain documented runbooks, containment procedures, and post-incident corrective action tracking.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate data.
• Request deletion of your personal data.
• Withdraw consent for data processing at any time.
• Receive a copy of your data in a portable format.

To exercise any of these rights, contact us at privacy@nytenebula.com.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the revised policy.

12. Contact Information

For questions about this Privacy Policy or our data practices:

• Email: privacy@nytenebula.com
• Company: Nyte Nebula Consulting Inc. dba Nyte Nebula Technology Solutions
• Location: Spokane, Washington, USA
• Website: www.nytenebula.com