1. BYOD Mission Statement

Nexly.biz (the “Company”) supports a flexible, mobile-first work environment. Our BYOD mission is to enable employees to utilize their personal devices for professional output while maintaining the structural isolation of Company data. We balance user autonomy with the imperative of institutional cybersecurity.

2. Node Eligibility & Technical Baseline

To maintain systemic security, personal devices must meet the following minimum architectural standards:

• OS Integrity: iOS 16+, Android 12+ (latest security patch), macOS 13+, Windows 11.
• Prohibited States: Jailbroken, rooted, or end-of-life (EOL) devices are strictly forbidden from connecting to Nexly nodes.
• Hardware Readiness: Devices must support hardware-backed encryption (TPM/Secure Enclave) and biometric authentication.

3. Mandatory MAM/MDM Enrollment

Accessing Nexly data on a personal device requires enrollment in our "Mobile Application Management" (MAM) system. This process installs a managed "Work Profile" that segregates Company applications from your personal ecosystem, ensuring no data leakage occurrs between identities.

4. Professional Data Containerization

We employ "Sandboxed Containers" for all Company data. Information stored within managed apps (e.g., Outlook, Slack, OneDrive) is cryptographically isolated from your personal apps. You cannot "Copy/Paste" or "Share" data from Company containers to personal silos (e.g., personal Gmail or iMessage).

5. Bio-Encryption & Access Control

Managed devices must utilize biometric authentication (FaceID/Fingerprint) or a complex alphanumeric pass-code. A device lockout must trigger after a maximum of 5 minutes of inactivity. This represents our primary defense against unauthorized physical access to distributed nodes.

6. Secure Tunneling & Gateway Access

Communication between your personal device and Nexly servers must be tunneled through our Zero-Trust Gateway. The gateway dynamically evaluates the device’s security posture (e.g., verifying that the OS is not compromised) before granting access to internal resources.

7. Managed Application Registry

Only applications pushed via the Nexly Company Portal are authorized for work use. Users are forbidden from utilizing non-managed third-party apps for Company business logic, as these apps are not subjected to our institutional security audits.

8. Personal Device Data Sovereignty

Nexly data residing on personal hardware remains the exclusive property of the Company. Users must not backup Company data to personal cloud accounts (e.g., personal iCloud/Google Photos). Managed apps are configured to automatically backup to Nexly-managed object storage only.

9. Incident Reporting & Loss

If an enrolled device is lost, stolen, or suspected of compromise, the user must notify IT Command within 1 hour. This window is critical for triggering a remote container wipe before a threat actor can attempt to bypass the local encryption.

10. Employee Privacy Boundaries

Nexly respects your personal digital life. Our MAM solution **cannot** access:

• Personal photos, videos, or messages.
• Personal web browsing history or social media data.
• Real-time geolocation data (unless the device is reported stolen).

11. Selective Wipe & Offboarding Logic

Upon termination of employment or the voluntary withdrawal from BYUOD, Nexly will execute a "Selective Wipe." This protocol deletes only the Company-managed container and its contents, leaving all personal data, apps, and photos completely intact.

12. Financial Liability & Stipend Logic

Employees are responsible for the acquisition and maintenance of their personal hardware. Nexly provides a monthly "Mobility Stipend" to cover data plan usage. The Company is not liable for personal device damage or hardware failure incurred during the execution of work logic.

13. Mobility Integrity Command

To enroll a new device, report a compromised node, or inquire about MAM configuration settings, please connect with the IT Mobility Desk.