Legal

Privacy Policy

We explain what data we collect, why, how we protect it, and your rights. Controller: NEXODASH LLC, 511 SW 4TH AVE APT 2, Miami, FL 33130, USA. Contact: privacy@nexodash.com / info@nexodash.com / +1 786 436 7132.

Last updated: 2025-12-24

Scope and roles

This policy describes how NexoDash processes personal data when you visit our site or use our platform. In general:

For account data (admins/users), NexoDash acts as a controller.
For end-customer data (people booking services with a business using NexoDash), we typically act as a processor on behalf of that business.

If you are an end-customer, we recommend contacting the business you booked with first. If needed, you can also email us and we will coordinate.

Data we collect

Account data: name, email, phone, credentials, and language preferences.
Business data: brand name, services, prices, schedules, and published content.
Operational data: bookings, statuses, associated amounts (e.g., configured prices and recorded package purchases), and reporting metrics.
Support and communications: messages via chat, email, or forms.
Technical data: IP, device, browser, logs, and events for security and performance.

Purposes and legal bases

Operate the platform, authentication, personalization (contract performance).
Manage service access (e.g., trial/plan status) and prevent fraud/abuse (contract / legitimate interest).
Customer support and transactional notifications (contract).
Product improvement, metrics, and security (legitimate interest). Analytics/marketing tools are used only with consent where applicable.
Optional product updates and marketing (revocable consent).
Legal, tax, and security obligations (legal obligation).

Retention

We keep data while your account is active or needed for the stated purposes. When you request deletion, we remove data from active systems; some backups or logs may be retained for limited periods.

Data category	Retention period
Account data	While the account is active; after deletion, removed from active systems
Transaction/billing data	If applicable, up to 7 years (tax/legal obligations)
DSR requests (record and audit)	90 days
Account deletion logs (audit)	90 days
Security logs	Up to 90 days
Support communications	Up to 2 years after ticket closure
Analytics cookies	Provider configuration (max 26 months)
Backups	Up to 30 days (rotation)

International transfers

Service is operated from the USA and may involve international transfers depending on provider locations. We use contractual safeguards (e.g., Standard Contractual Clauses) when applicable.

Data subject rights

You may exercise rights over your personal data, including:

Access: request a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Deletion: request deletion where applicable.
Portability: receive your data in a structured format (JSON/CSV).
Restriction: restrict processing in certain cases.
Objection: object to processing based on legitimate interests.
Withdraw consent: withdraw consents you previously gave.

How to exercise your rights

Online form: use our data request form (DSR).
Email: send a message to privacy@nexodash.com describing your request.
Include your full name and the account email to verify your identity.
We will respond within 30 days (extendable up to 60 days for complex cases).
If you are not satisfied, you may lodge a complaint with the applicable data protection authority.

If you are an end-customer of a business using NexoDash, contact that business first; you can also reach us and we will coordinate.

California notice (CCPA/CPRA)

If you live in California, you may have additional rights under CCPA/CPRA, including (as applicable) the right to know what personal information we collect/share, request deletion or correction, and opt out of “selling” or “sharing” personal information for cross-context behavioral advertising.

We do not sell your personal information. If you enable marketing cookies, some processing may be considered “sharing” for advertising purposes; you can disable marketing at any time via cookie preferences. For details, see our Cookies Policy.

Security

We use encryption in transit, access controls, and activity logs. We maintain backups and review vulnerabilities periodically. If an incident impacts your data, we will notify as required by law. To strengthen password security, we may check passwords against compromised password databases using k-anonymity (we do not send your full password).

Cookies and similar tech

Essential cookies support authentication and platform operation. Analytics/marketing cookies load only with your consent. Manage preferences via the banner or browser settings. See our Cookies Policy for details.

Marketing communications

We send product updates and promotions only if you consent or where permitted for existing customers. Unsubscribe from any email or write to info@nexodash.com.

Minors

NexoDash is not directed to children under 16. If we detect data from minors without valid authorization, we will delete it.

Contact

Privacy: privacy@nexodash.com | Support: info@nexodash.com | Phone/WhatsApp: +1 786 436 7132.

Scope and roles

This policy describes how NexoDash processes personal data when you visit our site or use our platform. In general:

For account data (admins/users), NexoDash acts as a controller.
For end-customer data (people booking services with a business using NexoDash), we typically act as a processor on behalf of that business.

If you are an end-customer, we recommend contacting the business you booked with first. If needed, you can also email us and we will coordinate.

Data we collect

Account data: name, email, phone, credentials, and language preferences.
Business data: brand name, services, prices, schedules, and published content.
Operational data: bookings, statuses, associated amounts (e.g., configured prices and recorded package purchases), and reporting metrics.
Support and communications: messages via chat, email, or forms.
Technical data: IP, device, browser, logs, and events for security and performance.

Purposes and legal bases

Operate the platform, authentication, personalization (contract performance).
Manage service access (e.g., trial/plan status) and prevent fraud/abuse (contract / legitimate interest).
Customer support and transactional notifications (contract).
Product improvement, metrics, and security (legitimate interest). Analytics/marketing tools are used only with consent where applicable.
Optional product updates and marketing (revocable consent).
Legal, tax, and security obligations (legal obligation).

Retention

We keep data while your account is active or needed for the stated purposes. When you request deletion, we remove data from active systems; some backups or logs may be retained for limited periods.

Data category	Retention period
Account data	While the account is active; after deletion, removed from active systems
Transaction/billing data	If applicable, up to 7 years (tax/legal obligations)
DSR requests (record and audit)	90 days
Account deletion logs (audit)	90 days
Security logs	Up to 90 days
Support communications	Up to 2 years after ticket closure
Analytics cookies	Provider configuration (max 26 months)
Backups	Up to 30 days (rotation)

Data subject rights

You may exercise rights over your personal data, including:

Access: request a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Deletion: request deletion where applicable.
Portability: receive your data in a structured format (JSON/CSV).
Restriction: restrict processing in certain cases.
Objection: object to processing based on legitimate interests.
Withdraw consent: withdraw consents you previously gave.

How to exercise your rights

Online form: use our data request form (DSR).
Email: send a message to privacy@nexodash.com describing your request.
Include your full name and the account email to verify your identity.
We will respond within 30 days (extendable up to 60 days for complex cases).
If you are not satisfied, you may lodge a complaint with the applicable data protection authority.

If you are an end-customer of a business using NexoDash, contact that business first; you can also reach us and we will coordinate.

California notice (CCPA/CPRA)

Security

Scope and roles

Data we collect

Purposes and legal bases

Retention

Sharing

International transfers

Data subject rights

How to exercise your rights

California notice (CCPA/CPRA)

Security

Cookies and similar tech

Marketing communications

Minors

Contact

Scope and roles

Data we collect

Purposes and legal bases

Retention

Sharing

International transfers

Data subject rights

How to exercise your rights

California notice (CCPA/CPRA)

Security

Cookies and similar tech

Marketing communications

Minors

Contact