Privacy Policy

We collect information necessary to provide the Nexao platform and improve your experience. This includes:

Account Information: When you register for Nexao, we collect your name, business name, email address, phone number, and billing address. This information is required to create and maintain your account.

Business Data: As you use the platform, we store the data you enter — including employee records, payroll information, inventory items, customer contacts, financial transactions, and other business records. This data belongs to you.

Usage Data: We automatically collect information about how you use the platform, including pages visited, features used, actions taken, session duration, and error logs. This helps us improve reliability and usability.

Device and Technical Data: We collect your IP address, browser type and version, operating system, device identifiers, and time zone. This is used for security, fraud prevention, and service delivery.

Payment Information: We do not store your full payment card details. Payment transactions are processed by Razorpay, our PCI-DSS compliant payment partner. We retain transaction IDs, amounts, and billing history.

Communications: If you contact our support team via email, chat, or phone, we retain records of those communications to provide ongoing assistance.

Nexao Technologies uses your data for the following purposes:

Service Delivery: To operate the Nexao platform, process transactions, generate payslips, manage inventory, and deliver all features you have subscribed to.

Account Management: To authenticate your identity, manage your subscription, send invoices, and communicate account-related updates.

Customer Support: To diagnose issues, respond to your queries, and improve our support processes. Support agents may access your account data with your permission.

Product Improvement: Aggregated and anonymised usage data helps us identify which features are most valuable, where users encounter friction, and what to build next.

Security and Fraud Prevention: To detect unauthorised access, prevent fraud, enforce our Terms of Service, and protect the integrity of the platform.

Legal Compliance: To comply with applicable Indian laws, including the Information Technology Act, 2000, and any orders from regulatory authorities.

Marketing (with consent): With your explicit consent, we may send product news, feature announcements, and business tips. You can unsubscribe at any time.

Data Location: Your data is stored on servers located in India and, for redundancy purposes, in data centres that comply with Indian data localisation requirements. We use Amazon Web Services (AWS) infrastructure with data residency in the Mumbai (ap-south-1) region.

Retention: We retain your account and business data for the duration of your subscription and for a period of 7 years thereafter, as required by Indian tax and financial record-keeping laws. You may request deletion of non-statutory data at any time.

Security Measures: We employ industry-standard security practices including: - AES-256 encryption at rest for all stored data - TLS 1.3 encryption in transit for all data transmission - Multi-factor authentication for all Nexao staff with access to production systems - Regular penetration testing and vulnerability assessments - Role-based access control ensuring employees only access data required for their role - Automated security monitoring and incident response procedures

Breach Notification: In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, in accordance with applicable law.

We share your data with trusted third-party service providers only to the extent necessary to deliver our services. These include:

Razorpay (Payment Processing): Processes subscription payments and billing. Governed by Razorpay's privacy policy. We share your name, email, and billing address for payment processing.

Twilio (OTP & SMS): Delivers one-time passwords and SMS notifications. Your phone number is shared for this purpose.

SendGrid (Transactional Email): Sends platform emails including invoices, alerts, and account notifications. Your email address is shared for delivery.

Amazon Web Services (Infrastructure): Hosts the Nexao platform and stores your data under our direction. AWS operates as a data processor on our behalf.

Google Analytics (Analytics): We use anonymised analytics to understand platform usage. No personally identifiable information is shared.

We do not sell your personal data to third parties. We do not share your business data with competitors or use it for advertising purposes. All third-party providers are bound by data processing agreements consistent with applicable Indian law.

As a Nexao customer, you have the following rights regarding your personal data:

Right to Access: You may request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to Correction: If any of your personal data is inaccurate or incomplete, you may update it directly in your account settings or request a correction from our support team.

Right to Deletion: You may request deletion of your personal data. We will honour this request for data that is not required to be retained by law. Statutory records (payroll, financial transactions) may be retained for the mandatory period.

Right to Data Portability: You may request an export of your business data in machine-readable formats (CSV, JSON) at any time from your account settings.

Right to Withdraw Consent: Where we process your data based on your consent (such as marketing communications), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Right to Restrict Processing: In certain circumstances, you may request that we restrict how we process your data while a dispute is resolved.

To exercise any of these rights, contact us at privacy@nexao.in. We will acknowledge your request within 5 business days.

We use cookies and similar tracking technologies to operate the platform and improve your experience. Cookies we use include:

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled without breaking the platform.

Functional Cookies: Remember your preferences such as language, dashboard layout, and display settings.

Analytics Cookies: Help us understand how users interact with the platform so we can improve it.

For full details on cookies, please see our Cookie Policy at nexao.in/cookies.

The Nexao platform is a business-grade software product intended for use by adults operating commercial enterprises. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately at support@nexao.in and we will delete the information.

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your data, please contact:

Grievance Officer: Nexao Technologies Privacy Team **Email:** privacy@nexao.in **Support:** support@nexao.in **Address:** Nexao Technologies, Bengaluru, Karnataka, India

We take privacy concerns seriously and will respond to all complaints within 30 days. If you are not satisfied with our response, you may escalate to the relevant data protection authority under Indian law.