Legal
Privacy Policy
We explain what data we collect, why, how we protect it, and your rights. Controller: NEXODASH LLC, 511 SW 4TH AVE APT 2, Miami, FL 33130, USA. Contact: privacy@nexodash.com / info@nexodash.com / +1 786 436 7132.
Last updated: 2025-12-24
Scope and roles
This policy describes how NexoDash processes personal data when you visit our site or use our platform. In general:
- For account data (admins/users), NexoDash acts as a controller.
- For end-customer data (people booking services with a business using NexoDash), we typically act as a processor on behalf of that business.
If you are an end-customer, we recommend contacting the business you booked with first. If needed, you can also email us and we will coordinate.
Data we collect
- Account data: name, email, phone, credentials, and language preferences.
- Business data: brand name, services, prices, schedules, and published content.
- Operational data: bookings, statuses, associated amounts (e.g., configured prices and recorded package purchases), and reporting metrics.
- Support and communications: messages via chat, email, or forms.
- Technical data: IP, device, browser, logs, and events for security and performance.
Purposes and legal bases
- Operate the platform, authentication, personalization (contract performance).
- Manage service access (e.g., trial/plan status) and prevent fraud/abuse (contract / legitimate interest).
- Customer support and transactional notifications (contract).
- Product improvement, metrics, and security (legitimate interest). Analytics/marketing tools are used only with consent where applicable.
- Optional product updates and marketing (revocable consent).
- Legal, tax, and security obligations (legal obligation).
Retention
We keep data while your account is active or needed for the stated purposes. When you request deletion, we remove data from active systems; some backups or logs may be retained for limited periods.
| Data category | Retention period |
|---|---|
| Account data | While the account is active; after deletion, removed from active systems |
| Transaction/billing data | If applicable, up to 7 years (tax/legal obligations) |
| DSR requests (record and audit) | 90 days |
| Account deletion logs (audit) | 90 days |
| Security logs | Up to 90 days |
| Support communications | Up to 2 years after ticket closure |
| Analytics cookies | Provider configuration (max 26 months) |
| Backups | Up to 30 days (rotation) |
International transfers
Service is operated from the USA and may involve international transfers depending on provider locations. We use contractual safeguards (e.g., Standard Contractual Clauses) when applicable.
Data subject rights
You may exercise rights over your personal data, including:
- Access: request a copy of your personal data.
- Rectification: correct inaccurate or incomplete data.
- Deletion: request deletion where applicable.
- Portability: receive your data in a structured format (JSON/CSV).
- Restriction: restrict processing in certain cases.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: withdraw consents you previously gave.
How to exercise your rights
- Online form: use our data request form (DSR).
- Email: send a message to privacy@nexodash.com describing your request.
- Include your full name and the account email to verify your identity.
- We will respond within 30 days (extendable up to 60 days for complex cases).
- If you are not satisfied, you may lodge a complaint with the applicable data protection authority.
If you are an end-customer of a business using NexoDash, contact that business first; you can also reach us and we will coordinate.
California notice (CCPA/CPRA)
If you live in California, you may have additional rights under CCPA/CPRA, including (as applicable) the right to know what personal information we collect/share, request deletion or correction, and opt out of “selling” or “sharing” personal information for cross-context behavioral advertising.
We do not sell your personal information. If you enable marketing cookies, some processing may be considered “sharing” for advertising purposes; you can disable marketing at any time via cookie preferences. For details, see our Cookies Policy.
Security
We use encryption in transit, access controls, and activity logs. We maintain backups and review vulnerabilities periodically. If an incident impacts your data, we will notify as required by law. To strengthen password security, we may check passwords against compromised password databases using k-anonymity (we do not send your full password).
Marketing communications
We send product updates and promotions only if you consent or where permitted for existing customers. Unsubscribe from any email or write to info@nexodash.com.
Minors
NexoDash is not directed to children under 16. If we detect data from minors without valid authorization, we will delete it.
Contact
Privacy: privacy@nexodash.com | Support: info@nexodash.com | Phone/WhatsApp: +1 786 436 7132.