Privacy Policy

NexaOne (“we”, “us”) provides done-for-you AI automation and systems integration for SMEs.
This Privacy Notice explains how we collect, use, share, and protect personal information when you visit our site, contact us, or use our services.

 

Contact: team@nexaone.ltd

 

1. Scope and Roles

This Notice applies to website visitors, prospects, customers, and individuals whose data we process for our customers.

We act as a data controller for our website, marketing, account management, and operations.

We act as a data processor/service provider when handling customer data inside our automations.
In those cases, our Data Processing Addendum (DPA) governs, and we process data only on customer instructions.

2. Information We Collect

You provide: name, work email, phone, company, role, and form submissions; integration credentials via OAuth or encrypted tokens.

Processed for customers (examples):

• Sales & Lead Automation: lead lists, emails, engagement metrics, CRM fields.

• Financial Automation: OCR’d invoices/receipts text, transactions (amount/date/merchant/category), reconciliation status, reports.

• Content & Growth: brand guidelines, calendars, posts, campaign metrics.

Automatically: IP address, device/browser, pages viewed, timestamps, cookies (essential/analytics/marketing — marketing only with consent).
From third parties: systems you connect (e.g., accounting, CRM, or payment tools) and permitted business data sources.

3. How We Use Data

We use data to:

• Provide and improve services;

• Enable automations and integrations;

• Authenticate and secure accounts;

• Perform reconciliation and anomaly/duplicate detection;

• Support and onboarding;

• Conduct analytics;

• Communicate about services;

• (With consent) send marketing updates;

• Comply with legal obligations and enforce agreements.

Legal bases: contract performance, legitimate interests, compliance with law, and consent where required.

4. AI & Automation

We use AI for classification (e.g., invoice categories), anomaly/duplicate detection, content drafting, and outreach assistance under your configuration.
We do not use customer data to train public models.
When using third-party AI providers, we contractually opt out of data retention or model training whenever possible.
Outputs may involve human review, and all processing occurs through enterprise-grade APIs with no data stored beyond processing needs.

5. Cookies & Tracking

• Essential cookies: security and basic site functions.

• Analytics cookies: to understand site usage.

• Marketing cookies: only active if you opt in.

Manage your preferences through our banner or browser settings.

Learn more in our Cookie Notice.

6. Sharing

We share data with:

• Service providers/sub-processors (hosting, analytics, email, AI, and data connectors you enable);

• Integrations you choose;

• Legal authorities when required;

• In the event of business transfers.

We do not sell personal information and do not share it for cross-context behavioral advertising without your consent.

7. International Transfers

Where data moves internationally (e.g., EEA/UK to the U.S.), we use appropriate safeguards such as Standard Contractual Clauses and additional measures where required.

Our primary data infrastructure is hosted in the United States and European Union via reputable cloud providers.

8. Retention

We retain data as long as necessary to deliver services and meet legal obligations.
By default:

• Customer data retained for the subscription term.

• Upon termination, data is deleted or returned within 30 days (backups rotate within ~90 days).

• Web analytics data is retained 12–24 months in aggregate.

9. Security

We apply encryption in transit, encrypted secret storage, role-based access control, multi-factor authentication, and audit logging.
No method is 100% secure — report any issues to team@nexaone.ltd.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your data; opt out of certain processing; or withdraw consent.

If we process your data for a customer, contact that customer directly — we assist them in responding.
Requests: team@nexaone.ltd (subject: “Privacy Request”).
We respond within 45 days where required. Appeals: subject “Privacy Appeal.”
We honor Global Privacy Control (GPC) signals and do not sell personal information.

11. Responsible Outreach

For Sales & Lead Automation, customers must ensure a lawful basis to contact leads and honor unsubscribes.
We provide unsubscribe and suppression tools to support compliance.

12. Children

Our services are not directed to children under 16.

13. Changes

We may update this Notice from time to time.
See “Last updated” above.
Material changes will be posted here and, if required, additionally notified to you.

14. Documents

• Data Processing Addendum (DPA): available on request via team@nexaone.ltd

• Sub-processors: available on request via team@nexaone.ltd