Privacy Policy

This page explains how Nascent LLC (“we”, “us”, “our”) handles personal data for our website and when you contact or engage us for enterprise software services (including LLM applications and agentic systems). This policy is for information only and is not legal advice.

Effective date: 05 September 2025

Who we are

Nascent Works is a senior engineering studio delivering enterprise LLM, agent, and cloud systems. We act as a data controller for website interactions and inquiries, and as a data processor (or service provider/processor under applicable law) when we build or operate solutions for clients under contract.

Contact: info@nascent-works.com

What we collect

We collect the minimal data needed to run this site and respond to you:

Site data: standard server logs (IP address, user agent, URL, timestamp) for security and reliability.
Contact data: your name, email, company, and message when you email us.
Business data (client work): only what is necessary to deliver the contracted services—this may include datasets, prompts, files, artifacts, logs, model inputs/outputs, and system metadata configured by you.

We do not sell personal information and do not use cross-context behavioral advertising.

How we use data

Provide and secure the site (operate, monitor, prevent abuse).
Respond to inquiries and pre-contract steps (quotes, proposals).
Deliver services under contract (e.g., building an LLM application, configuring agents, deploying backends).
Legal/compliance (record-keeping, required disclosures).

Enterprise LLM & agent systems

For client projects we follow these principles:

Client control: Client data is processed only to provide the service and per written instructions.
Training & evaluation: We do not use client data to train foundation models. Fine-tuning/evaluation for your solution occurs only with your authorization and within your chosen environment.
Isolation: We prefer cloud-account isolation, regional controls, and least-privilege access for tools/agents.
Oversight: Agents are instrumented with guardrails, logging, and human-in-the-loop where appropriate.
Retention: We keep operational logs and artifacts only as long as needed for support, security, or as required by contract/law.

Legal bases (EEA/UK)

Where GDPR applies, we rely on one or more of these bases:

Contract (or steps prior to entering a contract) to respond to your requests and perform agreed services.
Legitimate interests (e.g., site security, service quality), balanced against your rights.
Consent where required (e.g., non-essential cookies if ever used).
Legal obligation where processing is required by law.

See GDPR Article 6 for the lawful bases framework.

International data transfers

If we transfer personal data from the EEA/UK to countries without an adequacy decision, we use appropriate safeguards—Standard Contractual Clauses (SCCs)—and implement supplementary measures as needed.

We share data only with:

Service providers/processors (e.g., cloud hosting on AWS/GCP, managed databases, email, issue tracking, optional model providers) under written agreements.
Professional advisors (legal/accounting) and authorities when legally required.

Processors are bound to use data only to provide the services to us and must protect it appropriately.

Retention

We retain data only as long as necessary for the purposes above, to comply with law, resolve disputes, and enforce agreements. Client project data follows retention in the master services agreement or statement of work.

Your privacy rights

You may have rights to access, rectify, erase, restrict or object to processing, and data portability. You also have the right to lodge a complaint with your local supervisory authority. See GDPR Chapter III for a full list of data subject rights and Article 12 on how controllers must facilitate them. :contentReference[oaicite:2]{index=2}

California (CCPA/CPRA)

California residents may have rights to know/access, delete, correct, opt-out of sale/share, and limit use of sensitive personal information, subject to exceptions. We do not sell or share personal information as those terms are defined. See the statute and CPPA materials for details.

How to exercise rights: email info@nascent-works.com. We may need to verify your request. If we act as a processor/service provider for a client, we will refer your request to the relevant controller.

Cookies & similar technologies

Our one-page marketing site is designed to run without non-essential cookies. If we ever add analytics or similar technologies, we will request consent where required and provide controls; strictly necessary cookies do not require consent. EU guidance clarifies that consent is required before setting non-essential cookies.

Security

We use appropriate technical and organizational measures—including least-privilege access, encryption in transit/at rest where supported, environment isolation, logging/monitoring, and regular updates—to protect personal data. Controllers must implement measures appropriate to risk under GDPR Article 32.

Children

Our website and services are intended for business use and are not directed to children.

Changes to this policy

We may update this policy from time to time. Material changes will be noted by updating the Effective date above.

Contact

Nascent LLC
New York — 127 w26th St, Suite 1002, New York, NY 10001, USA
Email: info@nascent-works.com