Vehera LTD ("Nasuni Access Anywhere Server" service) Privacy Policy

Last Updated on November 30, 2020. Updates to the policy have been made based on the United Kingdom's new relationship with the European Union.

We, Vehera LTD ("we," "us,"), trading as Nasuni Access Anywhere Server®, respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. This policy covers this website and all other sites (together, the Websites) and other services and applications (collectively, our "Services") controlled by Vereha LTD, trading as Nasuni Access Anywhere Server ("we", "us")

Our Websites include:


Our Services include the Websites and:

  • Nasuni Access Anywhere Server "SaaS Application" (Software as a Service)
  • The "US Server" is accessed through
  • The "EU Server" is accessed through
  • Desktop and mobile applications using the US or EU Server
  • Microsoft Teams app
  • Nasuni Access Anywhere Server API services
  • FTP, SFTP, FTPS, WebDAV and S3 protocol adapters
  • Dedicated hosted Nasuni Access Anywhere Server appliance "Hosted IaaS"

This policy explains:

  1. Definitions
  2. What Personal Information We Collect and Why
  3. When We Share Your User Content With Third Parties
  4. When We Share Your Data With Third Parties
  5. Outbound Communication
  6. Security - Your Responsibilities
  7. Your Rights to Access, Correct and Delete Your Information
  8. How We Protect Your Information
  9. Retention
  10. Termination
  11. Children’s Privacy
  12. Changes to this Policy
  13. Governing Law
  14. Copyrights
  15. General Notes
  16. Contact

This policy describes the types of personal data that we may collect from you when you access or use our Services, or in rare cases, obtain from other parties, and our practices for collecting, using, maintaining, protecting and disclosing that data.


1. Definitions


"User" or "you" or "your" refers to you, as an individual user of the Services, and any other persons authorized to use the Services. A user is someone who accesses or uses the Services for any purpose, including sharing, displaying, hosting, publishing, transacting, uploading information or viewing pictures.

Org Account, Org Admin and Member Account

A "Org Account" is a dedicated space for a single organization, or tenant, in our SaaS Application with it’s own metadata and user management. An Org Account is managed by an "Org Admin", an administrative user who may create logins within this dedicated space for User members of their organization "Member Accounts".

You are an Org Admin if you have registered for a trial or signed-up for a Business plan. You are an Org Member if you have been given a login by an Org Admin.

Personal Account

A "Personal Account" is a dedicated space for a single individual with its own metadata. You have a Personal Account if you have registered for a free account, or signed-up for a Personal plan.

User Content

"User Content" includes, but is not limited to, documents, images, photos, audio, videos and data files created or retrieved, whether by Users or applications or other methods, through your Org Account, Member Account or Personal Account.


2. What Personal Data We Collect and Why

"Personal Data" refers to any data, whether true or not, relating to an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time. Examples of Personal Data you might give us when using the Services include your email address, your name and application preferences.


3. What Personal Information We Collect and Why

Vehera LTD may collect and use information of and regarding its Users. We will only collect data which is essential to our operations, or for which we have your consent.

The information through which an individual may be identified may include data which you voluntarily enter, use or provide when using the Services of the Vehera LTD Website, submit when creating an Org Account, Member Account, or Personal Account, or in some cases which we obtain externally.

The information we collect on or through our Services may include:

  1. Account information: Personal Data, such as email (required) and optionally your full name and other information you may provide with your account, such as your phone number, as a part of your Org Account, Member Account or Personal Account.
    1. We ask for this information in order to verify your identity and provide you with an individualised experience of our Services. The information may be removed or corrected by an Org Admin or the Member Account User at any time and is removed upon termination of the Services.
  2. Contact Information: Your contact information, such as email address, telephone and address -
    1. We gather this information in order to provide you with access to certain features of our Services and to inform you about relevant information concerning your use of our Services. If you unsubscribe, our marketing automation platform (MailChimp), will keep your email address to prevent automatic re-subscription. Otherwise, we will store this information until you ask us to remove it.
  3. Preferences: Your preferences and settings such as time zone and language
    1. We use this information for certain features of the Services and in order to enhance your user experience. This information will be removed on deletion of the Member Account or termination of the Services.
  4. User Content: Information you upload or download through our Services including data stored on third-party services you have granted our Services access to. We also extract metadata from that content including file names and modification times. You may also add your metadata including tags, comments, annotations and access permissions.
    1. We cache the metadata of your User Content in order to provide responsive support for browsing, searching and other features of the Services. The metadata cache is removed when you either remove the User Content, you disassociate the storage provider from the service, or you terminate the service.
    2. We do not store copies of User Content that you upload or download or through the Service when you are using your storage service. In a few cases, such as with an FTP upload, we store content temporarily while the operation is in process. If you have enabled full-text content search we extract information from the User Content to create a searchable index for deep content searching.
    3. You may provide a client-side encryption key such that the User Content data is encrypted before being sent to the Services. An Org Account encryption key will allow User Content to be encrypted by our Services before it’s sent to storage.
  5. User Behaviour: An audit log, available for team accounts, can be enabled by an Org Admin to track each user log-in, log-off and operations such as searching metadata, uploading, sharing and downloading User Content, for their Member Account. The log includes a short description, user name, IP address, time, and whether the operation succeeded. Information is also collected for anonymous users (when User Content has been shared through a link that doesn’t require authentication)
    1. We record this information in order to provide compliance services - a historical record, for example, of sharing and downloading Content. This information may be viewed, downloaded and deleted by the Org Admin and is removed upon termination of the Services.
  6. Browsing Information: How long you used our Services, how often, and which features you have used.
    1. We collect this information in order to analyse the behaviour of our users and improve our Services. This information is collected in aggregate and is not associated with any Personal Data.
  7. Cookies and Other Tracking Technologies: Our use of cookies and similar browser tracking technologies causes small pieces of data to be placed on your devices when you use our Services.
    1. We, and approved third-party content providers, use cookies and other tracking technologies to remember you from one browser session to another. We use this information to remember your preferences, whether you have logged in, and in aggregate, to analyze and improve our Services. You may opt-out of third-party, analytics and other cookies not required for operation of the Services. For more information see our Cookie Policy.
  8. Communications with Support: We may collect and store your email address, name and telephone number and other data you send, including technical data, or authorise us to access from your Org Account, Member Account or Personal Account, in supporting your use of the Services.
    1. We keep support communication in order to provide context for future communications with you, provide feedback to our support team, augment our knowledge base and improve our products. Communication is not removed on termination of your service. Upon request we will anonymize your Personal Data to the extent supported by our support management system.
  9. Information from Third Party Storage Providers: We may ask for, use and store your user ID and password associated with any storage account (such as your Amazon S3 or Google Drive account) that you connect with or use with the Services. This could include, without limitation, the token supplied to allow us to access the service as requested by your use of the Services.
    1. We ask for this information in order to provide the core service to you and to provide you with easier and faster access to our Services. The information is removed when you remove the storage provider or terminate Services.
  10. Location Data: We may store information about your location if you have instructed your mobile device or computer to send such information via the privacy settings on that mobile device or computer.
  11. Social Media, Forums, Webinar Platforms and App Stores: We may obtain Personal Data you have provided from our company and employee social networking accounts, such as Skype, LinkedIn, Facebook and Twitter, forum sites such as the Website Toolbox, webinar platforms such as GoToWebinar, and application marketplaces such as Google Play and the App Store.
    1. We do not control how your personal information was collected, stored or used by such third-party sites, or to whom it is disclosed. You should review the privacy policies and settings on any site that you use to so that you understand the information they may be collecting and sharing, and how to opt-out. Vehera LTD is not responsible for how these third-party sites may use information collected from or about you.


3. When We Share Your User Content With Third Parties

The Services can be configured by an Org Admin to share content of files with third-party applications or services. This Privacy Policy does not apply to your use of such third-party applications and services, and we are not responsible for how those third parties collect, use and disclose information and User Content. We encourage you to review the privacy policies of those third parties to learn more about their information and privacy practices.

  1. Office Online keeps a temporary copy of files being viewed and edited for the purposes of rendering and making changes to the file. Office Online is a Microsoft service and use of Office Online is subject to Microsoft’s terms of use and privacy policy. If you are a business user you will need to log into Office Online with an Office business account. We also report to Microsoft each quarter, in quantity only, how many users used this service, how many documents were opened in total, and how many disabled the service.
  2. Zoho is an online service that may be configured for viewing and editing files. Zoho stores a temporary copy of your file while viewing or editing. See the Zoho Privacy Policy for more information.
  3. Google Drive is a file storage and collaboration service that allows viewing and editing of documents. Documents viewed and edited through Google Drive are subject to Google’s Privacy Policy.


4. When We Share Your Data With Third Parties

Gravatar (Automattic Inc.) - is a service that shows an avatar image based on a user's email address. It’s used by our Services to show an icon beside a comment against a file. A hash of the email is sent to the service even when a user has not registered with Gravatar. See the Automattic Privacy Policy for more information.

TinyURL - is a link shortening service. When you use the Short URL option we share the original link with Unless a password is added, TinyURL would have access to your content.

Marketing - We use MailChimp as our marketing automation platform and Zoho CRM for customer relationship management.

Support - We use Zoho Desk for our support system.

Payment Processing - Online payments may be made via our payment service provider PayPal. We do not share any personal information with or obtain any personal information from PayPal except whether payment was completed. We receive from PayPal your name as it was given to PayPal and the amount paid.

Transfer of Data - Information that you submit via the Services may be transferred to, and processed in countries outside the UK and US. Regardless of where your information is processed, we shall apply the same protections described in this Privacy Policy. We shall also comply with the relevant legal frameworks relating to the transfer of Personal Data.

Legal Obligation - We may share your information where we are legally obliged to do so. Please note we may not be able to provide you with notice prior to disclosure in such cases.

Corporate Transaction - Where we are considering a corporate transaction or we are in negotiations to sell or buy any business or assets or conclude such a transaction, we may disclose your Personal Data to the prospective or actual seller or buyer of such business or assets.


5. Outbound Communication

As an information management service our Services may display or send Personal Data, under your control, through our applications or via email or text. For example, you may have configured the service to send an email notification when a user downloads a file.


6. Security - Your Responsibilities

It is your responsibility to secure your login credentials to the Services, and keep your email address up to date. We highly recommend enabling two factor authentication, and learning about security controls available with the Services. For more information see our documentation at


7. Your Rights to Access, Correct and Delete Your Information

You have the right to review, correct, delete, or limit the use of your Personal Data. You may do so through tools we provide within the Services or through a written or verbal request. You may email or submit a Contact Us form.

Information for Nasuni Access Anywhere Server Users

Users can access the Personal Data that is held by Nasuni Access Anywhere Server under the “My Personal Data” section within their “Dashboard”. They may also change their marketing preferences and delete their account completely from this page. This applies to SaaS and IaaS. Deleting an account also removes files created in personal folders by that user.

In many situations, Nasuni Access Anywhere Server operates as a service provider on behalf of another entity. For example, when we provide an organization with an Org Account, we are processing user data under the direction of the owner of that account. In this scenario we are known as the ‘processor’ and they are known as the ‘controller’. Certain data protection laws (like GDPR) mandate that data subject requests are handled by data controllers.

8. How We Protect Your Information

We have implemented appropriate measures in the form of various technical, physical and other means, including, but not limited to measures regarding the security of our electronic systems and databases, locks, racks, cases and other devices and access controlling systems, fire-notifying and fire extinguishing systems. These means aim at improving the integrity and security of the Personal Data that we collect and maintain. However, please be advised that even the best security measures cannot guarantee the full elimination of all risks.

Your Personal Data safety is of utmost importance to us. We review and strive to improve our security measures on a regular basis.

If we learn of a Personal Data breach that affects our Services we will attempt to notify you electronically so that timely and appropriate protective steps can be taken. Apart from informing you via email, we may post a notice through the website if a security breach occurs.


9. Retention

We retain Personal Data where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, whether you have the ability to remove that data yourself, and the legal need. For example, we have a legal obligation to retain payment transaction data for seven years for tax and accounting purposes.

We store encrypted backups in cloud storage as an important layer of protection to help recover from accidental loss of systems or data. Under ordinary circumstances these backups will be retained for up to six months.


10. Termination

This Privacy Policy is effective until terminated by either party. If you no longer agree to be bound by this Privacy Policy, you must cease the use of the Vehera Services. If you are dissatisfied with Vehera LTD, its content, or any of these terms, conditions, and policies, your sole legal remedy is to discontinue using the Services. Vehera LTD reserves the right to terminate or suspend your access to and use of the Services, or parts of them, without notice, if we believe, in our sole discretion that such use is in violation of any applicable law, or harmful to our interests or the interests of another person or entity, or where Vehera LTD has reasons to believe that their use is in violation of this Privacy Policy or the Terms of Use.


11. Children’s Privacy

The Services are directed to businesses though also available to consumers. They are not available to children under the age of 16.


12. Changes to this Policy

Vehera LTD reserves the rights to change this Privacy Policy at any time. Please check this page periodically for changes. Your use of the services after any such amendment or change in the Privacy Policy shall be deemed as your express acceptance to such amended/changed Privacy Policy and an assent to be bound by such changed/amended Privacy Policy.


13. Governing Law

This Privacy Policy and the use of the Website are governed by the laws of the United Kingdom. We also follow the privacy laws of the European Union including the General Data Protection Regulation (GDPR) (EU) 2016/679. The parties undertake to first try to resolve the dispute through negotiation. If the parties fail to reach an amicable resolution through negotiation, Vehera LTD agrees to submit the dispute to the competent Court of the United Kingdom.

If you are accessing the Vehera LTD UK website ( from another jurisdiction, please be advised that you are transferring your personal information to Vehera LTD in the United Kingdom and, by using the website, you consent to that transfer and to abide by the applicable laws concerning your use of the website and your agreement(s) with us.

If you are accessing the Vehera LTD US website ( from another jurisdiction, please be advised that you are transferring your personal information to Vehera LTD in servers based in the United States and, by using the website, you consent to that transfer and to abide by the applicable laws concerning your use of the website and your agreement(s) with us.


14. Copyrights

The copyrights of our Websites are the property of Vehera LTD.

Texts, graphics, photographs, animations, videos and clips, visible on the Website are the object of copyright and are part of the intellectual property of Vehera LTD or our partners. Those may not be reproduced, used, presented or represented without an explicit written permission by Vehera LTD. Any distribution of these files, obtained by the Users under the Terms and Conditions of the Website, or of parts of such files, constitutes a violation of the relevant intellectual property protection laws and is prosecuted by the law.

Nothing contained on this Website may be interpreted as granting a license or right of use as a trademark without the prior explicit written consent of Vehera LTD.


15. General Notes

Vehera LTD is controlled, operated and administered entirely within United Kingdom.

Our Services may contain links to other websites of interest. You should note that we do not have any control over other websites. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

This statement and the policies outlined in this Privacy Policy are not intended to and do not create any contractual or other legal rights in or on behalf of any third party.

Vehera LTD may provide a translation of the English version of the Privacy Policy into other languages. You understand and agree that any translation of the Privacy Policy into other languages is only for your convenience and that the English version shall govern your rights and responsibilities. In case there are any inconsistencies between the English version of the Privacy Policy and its translated versions, the English version of the Terms shall prevail.


16. Contact

If you believe Vehera LTD does not adhere to this Privacy Policy, in order to address a question, to resolve a complaint regarding the Websites or the Vehera LTD Services, or to receive further information regarding the Services, please contact Vehera LTD via email at or via mail at Mulgrave Chambers, 26-28 Mulgrave Road Unit 1, Sutton, London SM2 6LE, UK.

If Vehera LTD does not address your request, or fails to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. See for more information.