Privacy

Privacy Policy

Last updated: June 10, 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how you can control it. We never sell your personal data.

1 Who We Are

NexaCRM ("we", "us", "our") operates the NexaCRM platform — a cloud-based CRM service. This Privacy Policy applies to all users of our website and platform. For questions about this policy, contact us at privacy@nexacrm.io.

2 Information We Collect

We collect information you provide directly, information generated through your use of the Service, and limited information from third parties.

Category Examples How collected
Account data Name, email address, password (hashed), organization name, job title You provide at registration
Profile data Avatar, phone number, bio, timezone, currency preference You provide in settings
CRM data Contacts, leads, deals, activities, notes, tickets, email drafts You enter or import
Usage data Pages visited, features used, actions taken, timestamps Automatically collected
Technical data IP address, browser type, device type, operating system Automatically collected
Communications Support requests, feedback, survey responses You provide directly

3 How We Use Your Information

We use your information to:

  • Provide the Service — authenticate your account, process your CRM data, and deliver the features you use
  • Improve the Service — analyze usage patterns to fix bugs and build better features
  • Communicate with you — send transactional emails (password resets, team invitations, billing receipts)
  • Ensure security — detect fraud, abuse, and unauthorized access
  • Meet legal obligations — comply with applicable laws, respond to legal requests

We do not use your CRM data (contacts, deals, etc.) for any purpose other than providing and improving the Service.

4 Data Sharing & Disclosure

We do not sell your personal data. We may share it only in the following limited circumstances:

  • Service providers: Trusted vendors who process data on our behalf (cloud hosting, email delivery, payment processing) under strict data processing agreements.
  • Within your organization: Other members of your NexaCRM workspace can see data shared within that workspace based on their role permissions.
  • Legal requirements: When required by law, court order, or to protect the rights and safety of NexaCRM, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, with advance notice to you.

5 Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Hashed and salted password storage — we never store passwords in plain text
  • Role-based access controls limiting internal access to your data
  • Regular security reviews and vulnerability assessments
  • Secure session management with automatic expiry

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it to security@nexacrm.io.

6 Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion:

  • Your data remains available for export for 30 days
  • After 30 days, your personal data and CRM data are permanently deleted from our systems
  • Anonymized, aggregated usage statistics may be retained indefinitely
  • We may retain certain data longer if required by law (e.g., billing records)

7 Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

Access
Request a copy of the personal data we hold about you.
Rectification
Correct inaccurate or incomplete data directly in your account settings.
Erasure
Request deletion of your account and personal data.
Portability
Export your CRM data in standard formats (CSV, JSON).
Objection
Object to certain processing activities based on your situation.
Opt-out
Unsubscribe from marketing emails at any time via account settings.

To exercise these rights, contact us at privacy@nexacrm.io. We will respond within 30 days.

8 Cookies & Tracking

We use cookies and similar technologies to:

  • Session cookies: Keep you logged in while you use the Service (essential, cannot be disabled)
  • Preference cookies: Remember your settings such as theme preference and language
  • Analytics: Understand how the Service is used to improve it (anonymized data only)

We do not use third-party advertising cookies or tracking pixels. You can control non-essential cookies through your browser settings, though this may affect Service functionality.

9 Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

10 International Data Transfers

Your data may be processed in countries other than where you reside. When we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant data protection authorities.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice within the Service before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12 Contact Us

For privacy-related questions, data requests, or concerns:

© 2026 NexaCRM. All rights reserved. Privacy Policy  ·  Terms of Service  ·  Home