This Privacy Policy explains how Nexunova ("we", "us") handles personal data when you use Nexunova RMS (the "Service"). It applies to data about our customers' account users (the people who sign in) and to personal data our customers enter about their own clients ("end-customer data"). For end-customer data, our customer is the data controller and Nexunova acts as a data processor on their behalf.
We do not sell personal data, and we do not use end-customer data for advertising.
Where data-protection law applies, we rely on: performance of our contract with you; your consent (which you may withdraw); our legitimate interests in operating and securing the Service; and compliance with legal obligations.
We share data only with service providers that help us run the Service, under appropriate confidentiality and data-protection terms. These include our cloud and database infrastructure provider (Supabase / hosted PostgreSQL) and our transactional email provider for verification and notification messages. We may also disclose data where required by law or to protect rights and safety.
We retain account and Customer Data for as long as your account is active. Trial data may be deleted approximately 30 days after trial expiry. After account termination we delete or anonymise Customer Data within a reasonable period, except where retention is required by law (for example, financial records) or for legitimate backup cycles.
We apply technical and organisational measures including encryption in transit and at rest, hashed passwords, row-level tenant isolation, role-based access control, audit logging, failed-login lockout, session/idle timeouts, and optional admin two-factor authentication. No system is perfectly secure, but we work to protect your data and to notify affected parties of material breaches as required by law.
Subject to applicable law, you may request to access, correct, export, or delete your personal data, object to or restrict certain processing, and withdraw consent. Account users can exercise many of these directly in-app; for other requests, contact us using the details below. Where Nexunova acts as a processor, requests about end-customer data should be directed to the customer that controls that data.
The Service uses browser storage (cookies, localStorage, sessionStorage) strictly to keep you signed in, remember preferences such as theme and session timeout, and operate the application. We do not use third-party advertising or tracking cookies.
Your data may be processed in data centres located outside your country. Where this occurs, we take steps to ensure an appropriate level of protection consistent with applicable law.
The Service is intended for business use and is not directed to children under 18. We do not knowingly collect personal data from children.
We may update this Policy from time to time. We will revise the "Last updated" date and, for material changes, provide additional notice in-app or by email.
For privacy questions or to exercise your rights, contact us at support@nexunova.com.