Privacy Policy
Effective date: June 12, 2026
1. Who We Are
Nexuux Inc. is a Delaware corporation ("Nexuux," "we," "us," or "our") that provides a dedicated-deployment enterprise accounting automation platform. This Privacy Policy describes how Nexuux collects, uses, stores, and shares information about individuals who interact with our platform, website, and related services (collectively, the "Service"). This Policy applies to: (a) representatives of current and prospective customers who interact with our website or sales team ("Business Contacts"); and (b) end users authorised by customers to access the Service ("Authorised Users"). It does not independently govern the content of financial transaction data submitted by customers, which Nexuux processes as a data processor as described in Section 4.
2. Information We Collect
We collect the following categories of personal information: (a) Account Data — name, business email address, job title, company name, telephone number, and billing and payment information collected during registration, onboarding, and account management; (b) Transaction Data — financial transaction records, journal entries, account balances, chart of accounts configurations, and related financial data submitted by or on behalf of the customer, or ingested via authorised data connectors. Transaction Data is processed on the customer's behalf as a data processor (see Section 4); (c) Usage Data — log data, IP addresses, device identifiers, browser or API client type, pages and features accessed, timestamps, error reports, and performance metrics collected automatically when you use the Service or visit our website; and (d) Communications Data — the content of emails, support tickets, and other communications you send to us.
3. How We Collect Information
We collect information: (a) directly from you when you register for an account, complete a form, contact our support team, or otherwise communicate with us; (b) automatically through the use of cookies, log files, and similar tracking technologies when you use the Service or visit our website; and (c) from customers through data connectors and API integrations configured as part of the Service.
4. Controller and Processor Roles
For Account Data, Usage Data, and Communications Data, Nexuux acts as an independent data controller and is responsible for determining the purposes and means of processing. For Transaction Data submitted by customers, Nexuux acts as a data processor on behalf of the customer, who is the data controller. As a processor, Nexuux processes Transaction Data only on the documented instructions of the customer, solely for the purposes of providing the Service, delivering support, and complying with applicable law. Nexuux does not use Transaction Data to develop or improve its own products, for advertising, or for any purpose not authorised by the customer. Customers requiring a Data Processing Agreement ("DPA") should contact us at hi@nexuux.com.
5. How We Use Information
We use Account Data and Usage Data to: (a) provision and operate the Service; (b) authenticate users and manage access controls; (c) process billing and payments; (d) communicate with you about your account, security alerts, and changes to these policies; (e) provide technical support and respond to enquiries; (f) monitor and improve the performance, security, and reliability of the Service; (g) comply with our legal and regulatory obligations; (h) enforce our Terms of Service; and (i) conduct anonymised, aggregated analysis of how the Service is used in aggregate. We do not use personal information for automated decision-making that produces legal or similarly significant effects without human review. We do not sell personal information or use it for advertising.
6. Legal Bases for Processing (EEA and UK)
If you are located in the European Economic Area or the United Kingdom, our legal bases for processing personal data are: (a) Performance of a Contract — processing necessary to deliver the Service, manage accounts, and process payments; (b) Legitimate Interests — processing for fraud prevention, service security, and product improvement, where our interests are not overridden by your rights; (c) Legal Obligation — processing required to comply with applicable laws and regulations; and (d) Consent — where we have obtained your consent for a specific purpose, such as optional marketing communications, which you may withdraw at any time.
7. Dedicated Single-Tenant Infrastructure
Each customer's Transaction Data and Account Data are stored in a dedicated, isolated database instance. Customer data is not co-mingled with data from other customers at the storage, compute, or network layer. This architecture is a deliberate security design that limits the scope of any potential incident, supports stricter access controls, enables granular audit trails, and simplifies data deletion. Access to a customer's dedicated environment is restricted to authorised Nexuux personnel on a strict need-to-know basis, and all access events are logged.
8. Subprocessors
Nexuux uses a limited number of third-party subprocessors to deliver the Service, including cloud infrastructure and hosting providers. A current list of subprocessors is available upon written request to hi@nexuux.com. Nexuux imposes data protection obligations on subprocessors consistent with applicable law and this Privacy Policy. Nexuux will provide at least 30 days' prior written notice of material changes to its subprocessor list. Customers subject to a DPA may object to new subprocessors on reasonable grounds in accordance with the procedures set out in that DPA.
9. Disclosure of Information
We do not sell personal information. We may share personal information with: (a) subprocessors as described in Section 8; (b) professional advisers — lawyers, accountants, auditors, and insurers — under confidentiality obligations; (c) government authorities or law enforcement where required by applicable law, regulation, or valid legal process; (d) a successor entity in connection with a merger, acquisition, change of control, or sale of substantially all of our assets, in which case we will notify affected users before their data is transferred and becomes subject to a different privacy policy; and (e) any person with your prior written consent. We do not share Transaction Data with any third party except as required to operate the Service, as instructed by the customer, or as required by law.
10. International Data Transfers
Nexuux Inc. is headquartered in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our subprocessors operate. Where Nexuux transfers personal data from the European Economic Area, the United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on appropriate transfer mechanisms, which may include: (a) standard contractual clauses adopted by the European Commission or the UK Information Commissioner's Office; or (b) any other lawful transfer mechanism recognised under applicable data protection law. To request information about the specific transfer mechanisms applicable to your data, contact us at hi@nexuux.com.
11. Data Retention
Account Data is retained for the duration of the customer relationship and for three (3) years thereafter, or for such longer period as required by applicable law or regulation. Transaction Data is retained for the term of the applicable service agreement. Following termination or expiration, Transaction Data is available for customer export for 90 days, after which it is securely deleted unless the customer requests a written extension before that period expires and Nexuux agrees. Usage Data is retained for up to 24 months for operational, security, and fraud-prevention purposes. Communications Data is retained for up to three (3) years.
12. Security
Nexuux implements technical, administrative, and physical safeguards designed to protect personal information against unauthorised access, disclosure, alteration, and destruction. These measures include: (a) encryption of data at rest and in transit using industry-standard protocols; (b) network segmentation and dedicated single-tenant infrastructure; (c) access controls based on the principle of least privilege; (d) regular security testing and vulnerability assessments; and (e) employee security training. No method of transmission or storage is completely secure. If Nexuux becomes aware of a security incident affecting your personal information, we will notify you in accordance with applicable law.
13. Your Privacy Rights
Depending on your location and applicable law, you may have the right to: (a) Access — request a copy of the personal information we hold about you; (b) Correction — request that we correct inaccurate or incomplete personal information; (c) Deletion — request that we delete your personal information, subject to our legal retention obligations; (d) Restriction — request that we restrict processing of your personal information in certain circumstances; (e) Portability — receive your personal information in a structured, commonly used, machine-readable format; (f) Objection — object to processing based on our legitimate interests; and (g) Withdrawal of Consent — withdraw consent previously given, without affecting the lawfulness of prior processing. To exercise any of these rights, contact us at hi@nexuux.com. We will respond within 30 days, or within the timeframe required by applicable law, whichever is shorter. For personal information within Transaction Data, Nexuux acts as a processor and will refer your request to the relevant customer as the responsible controller.
14. California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act of 2018 and its amendments (collectively, "CCPA") provide you with specific rights regarding your personal information. Under the CCPA you have the right to: (a) know what categories of personal information Nexuux collects about you and for what purposes; (b) request deletion of your personal information, subject to certain exceptions; (c) opt out of the sale or sharing of your personal information — Nexuux does not sell or share personal information for cross-context behavioural advertising; (d) correct inaccurate personal information; and (e) non-discrimination for exercising your CCPA rights. To submit a CCPA request, contact us at hi@nexuux.com. We will verify your identity before processing your request and respond within 45 days, with one 30-day extension where reasonably necessary.
15. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to: (a) enable core website functionality; (b) remember your preferences; and (c) understand how visitors use our site through aggregated analytics. We do not use third-party advertising cookies. You can manage or disable cookies through your browser settings. Disabling certain cookies may affect website functionality. We do not currently respond to browser "Do Not Track" signals, but will revisit this position as industry standards develop.
16. Children's Privacy
The Service is intended for business use by adults. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have inadvertently collected personal information from a minor, we will promptly delete it. If you believe we have collected information from a minor, please contact us at hi@nexuux.com.
17. Changes to This Privacy Policy
Nexuux may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will provide at least 30 days' prior notice of material changes by email to registered account holders. The effective date of the current version is shown at the top of this page. Your continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy.
18. Contact
For privacy enquiries, to exercise your rights, or to request a Data Processing Agreement, please contact us at: hi@nexuux.com. We are committed to working with you to resolve any privacy concerns. If you are located in the EEA or the UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.