Contents
β Privacy by Design: Nexim is built with privacy and security at its core. We comply with major global data protection regulations and give you full control over your data.
1. Our Commitment
At Nexim, we believe your data belongs to you. We are committed to:
- Transparency: Clear communication about how we collect, use, and protect your data
- Security: Industry-leading security measures to protect your information
- Control: Tools to access, export, and delete your data at any time
- Compliance: Adherence to applicable data protection laws worldwide
- Minimization: Collecting only the data necessary to provide our services
2. Regulatory Compliance
We design our practices to comply with major data protection regulations around the world:
πͺπΊ GDPR
We comply with the General Data Protection Regulation for all EU users, including lawful processing, data subject rights, and breach notification requirements.
π¬π§ UK GDPR
Post-Brexit, we maintain compliance with the UK's version of GDPR and the Data Protection Act 2018.
πΊπΈ CCPA/CPRA
California residents have specific rights under the California Consumer Privacy Act and California Privacy Rights Act.
πΏπ¦ POPIA
We comply with the Protection of Personal Information Act for South African users, including all 8 processing conditions.
π¦πΊ Privacy Act
Australian users are protected under the Privacy Act 1988 and the Australian Privacy Principles (APPs).
π¨π¦ PIPEDA
We comply with the Personal Information Protection and Electronic Documents Act for Canadian users.
3. Your Rights
Regardless of where you're located, we provide all users with comprehensive data rights:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data
Right to Portability
Export your data in a machine-readable format
Right to Restrict
Limit how we process your data
Right to Object
Object to certain types of processing
To exercise any of these rights, email us at privacy@neximaccounting.com. We respond to all requests within 30 days.
4. How We Process Data
Lawful Basis for Processing
We process your personal data based on one or more of the following legal grounds:
- Contract: Processing necessary to provide our services to you
- Consent: Where you have given explicit consent (e.g., marketing emails)
- Legitimate Interest: For purposes like security, fraud prevention, and service improvement
- Legal Obligation: When required by law (e.g., tax records retention)
Data We Collect
- Account Data: Name, email, company information
- Financial Data: Transactions, invoices, bills you enter into the system
- Usage Data: How you interact with our service
- Technical Data: IP address, browser type, device information
Important: We never sell your personal data to third parties. Your financial data is yours alone.
5. Security Measures
We implement comprehensive security measures to protect your data:
Encryption
AES-256 at rest, TLS 1.3 in transit
Infrastructure
SOC 2 Type II compliant hosting
Access Control
Role-based access, MFA available
Monitoring
24/7 security monitoring
Backups
Daily automated backups
Audits
Regular penetration testing
6. International Transfers
Your data may be processed in countries outside your own. When we transfer data internationally, we ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs): EU-approved contracts for international transfers
- Data Processing Agreements: Binding agreements with all service providers
- Adequacy Decisions: Transfers to countries with adequate protection levels
- Your Consent: Where required, we obtain your explicit consent
7. Data Retention
We retain your data only as long as necessary:
- Active Accounts: Data retained while your account is active
- After Cancellation: 90 days to allow for account recovery
- Legal Requirements: Some data retained up to 7 years for tax/legal compliance
- Backups: Removed from backups within 90 days of deletion
You can request data export at any time before closing your account.
8. Subprocessors
We use trusted third-party services to help provide our service:
- Cloud Hosting: Secure, SOC 2 compliant infrastructure
- Payment Processing: PCI-DSS compliant payment providers
- Email Services: For transactional and support emails
- Analytics: Anonymized usage analytics to improve our service
All subprocessors are bound by data processing agreements and must meet our security standards.
9. Contact & Requests
For any data protection questions or to exercise your rights:
Data Protection Contact
Email: privacy@neximaccounting.com
Response time: Within 30 days
General Support
Email: Nexim.software@outlook.com
Supervisory Authorities
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority:
- EU: Your national Data Protection Authority
- UK: Information Commissioner's Office (ICO)
- USA: Federal Trade Commission (FTC) or State Attorney General
- South Africa: Information Regulator
- Australia: Office of the Australian Information Commissioner (OAIC)
- Canada: Office of the Privacy Commissioner