N Nereus

Privacy

Last updated: 2026-04-30

Plain language, not legal boilerplate. This is how Nereus handles data day-to-day. If you need a Data Processing Agreement, sub-processor list, or security questionnaire for procurement, write to privacy@getnereus.ai and we will get one to you.

Who we are

Nereus is an AI operations platform for freight forwarders. Forwarders connect their shared mailboxes to Nereus; we read incoming customer email, understand it, take routine actions (creating shipments, updating bookings, attaching documents), and draft replies for a human to approve and send.

This page describes what data we hold to do that, why we hold it, and what we do not do with it. It applies to the forwarders who use Nereus (our customers) and, by extension, to the shippers, consignees, and carriers whose messages flow through a Nereus-connected mailbox.

What we hold

  • Account data: the email addresses of users you invite to your Nereus organization, their hashed passwords or SSO identifiers, and audit records of who did what inside the product.
  • Mailbox content: emails delivered to or sent from the mailboxes you connect — headers, bodies, and attachments. We only fetch from mailboxes you explicitly connect, and only while the connection is active.
  • Shipment and booking records: the structured data the agent extracts or that your team enters — shipment references, routing, cargo, rates, carrier bookings, status events, internal notes.
  • Documents: attachments such as Bills of Lading, Shipping Instructions, commercial invoices, and packing lists, plus the text we extract from them so the agent can reason over their contents.
  • Operational logs: request logs, error traces, agent tool-call traces (which actions the agent took on your behalf), and security events. We use these to operate, debug, and secure the service.
  • Billing data: if you are on a paid plan, a customer record at our payments provider. Card details live with the provider; Nereus never stores them.

How we use it

  • To run the agent on your behalf — reading email, retrieving the right context, drafting replies, and recording actions for human approval.
  • To keep the service running and secure — backups, monitoring, incident response, abuse prevention.
  • To improve the product for you — debugging real cases that surface bugs, with the smallest amount of data needed.
  • To bill you and to communicate operationally about your account.

We do not sell customer data. We do not use customer email content, shipment records, or documents to train shared, cross-customer AI models.

Sub-processors

Nereus runs on third-party infrastructure and uses third-party AI providers to deliver the product. The current categories are:

  • Cloud hosting and storage — runs the application and stores documents and database backups.
  • LLM providers — process email and document text to power the agent, under no-training agreements that prohibit using customer content to train shared models.
  • Email delivery — for system email such as account invites and notifications.
  • Error monitoring and analytics — to detect and diagnose issues in production.
  • Payments — to process subscription billing.

The current named list of sub-processors is available on request to privacy@getnereus.ai. We give reasonable notice before adding a material new sub-processor.

Where data lives

Customer data is processed and stored on managed cloud infrastructure. We will tell you the primary processing region for your tenant on request. If you require a specific region for residency reasons, contact us before onboarding so we can confirm what is available.

How we protect it

  • Data is encrypted in transit (TLS) and at rest.
  • Access to production data is limited to a small group of staff who need it to operate the service, behind SSO and MFA, and is logged.
  • Each customer’s data is isolated by tenant and access-controlled at the application layer.
  • We follow least-privilege principles for service credentials and rotate them on a regular cadence.
  • We will tell affected customers about a confirmed security incident affecting their data without undue delay.

Retention

We keep customer data for as long as your account is active. When you cancel, we delete or anonymise customer data within 90 days, except where we are required to keep limited records for legal, tax, or audit reasons. You can request deletion of specific records at any time.

Your rights, our roles

For most data flowing through Nereus, our customer (the forwarder) is the data controller and Nereus is a processor acting on the customer’s instructions. If you are a shipper, consignee, or other third party whose message has been processed by a Nereus-connected mailbox and you want to exercise a privacy right, please contact the forwarder you were corresponding with; we will support them in responding.

For data where Nereus is the controller (e.g. our own customer accounts), you can ask us to access, correct, or delete it by writing to privacy@getnereus.ai.

Changes to this page

When we change something material, we update the date at the top and, for active customers, send a notice. Older versions are available on request.

Contact

Privacy questions, DPA requests, sub-processor list, security questionnaires: privacy@getnereus.ai.

← Back home