PRIVACY POLICY
Last updated: 31 May 2026 · NEXWAVE Solutions (Pvt) Ltd
NEXWAVE Solutions (Pvt) Ltd ("NEXWAVE," "we," "us," or "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at nexwavex.com (the "Site") or interact with our services, including our NEXi AI chat assistant, ERP portal, and newsletter.
Google OAuth Notice: If you choose to sign in with Google, we only access your email address, name, and avatar URL — solely for identity verification and personalisation. We never share this data with third parties. You can revoke Google access at any time via your Google Account permissions page.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an ERP account or sign in via Google/GitHub, we collect your name, email address, and profile picture (if you authorise it).
- Communications: When you contact us via the contact form, NEXi chat, or email, we collect your name, email address, phone number, company name, and message content.
- Newsletter Subscriptions: When you subscribe to our newsletter, we collect your email address and optionally your name.
- ERP Data: If you are an authorised ERP user, we process the business data you enter (estimates, invoices, accounting records, company information) solely for the purpose of operating the ERP system.
1.2 Information Collected Automatically
- Usage Data: We may collect information about how you interact with our Site, including pages visited, time spent, referring URLs, and browser type. This is collected via anonymous analytics.
- Device Data: IP address, operating system, and browser type — used for security and troubleshooting only.
- Chat History: Conversations with the NEXi AI assistant are stored in a secure database to provide continuity and improve responses. This data is retained until you request deletion.
2. How We Use Your Information
- To provide, operate, and maintain our website and ERP services
- To authenticate your identity when you sign in (including via Google or GitHub OAuth)
- To communicate with you, respond to your inquiries, and provide customer support
- To send you newsletters, updates, and marketing communications (with your consent only)
- To detect, prevent, and address technical issues, fraud, or abuse
- To improve our website, services, and user experience
3. Google OAuth — Specific Disclosures
When you choose to sign in with Google on our Site:
- We request access only to your email address, name, and profile picture URL.
- We use this information solely to create and authenticate your public NEXi identity on our platform.
- We do not access your Google contacts, calendar, drive, email content, or any other Google service data.
- We do not share your Google account information with any third parties.
- We do not use your Google data for advertising, profiling, or any purpose beyond identity verification.
- You can revoke our access at any time from your Google Account permissions page.
Our use of Google OAuth complies with Google's API Services User Data Policy, including the Limited Use requirements.
4. How We Share Your Information
We do not sell, trade, or rent your personal data to third parties. We may share your information only in the following limited circumstances:
- Service Providers: We may engage trusted third-party service providers (e.g., Supabase for database hosting, Groq for AI inference) who are contractually bound to keep your data confidential and use it only for the services they perform for us.
- Legal Compliance: We may disclose information if required to do so by law or in response to valid legal requests by public authorities.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
5. Data Security
We implement appropriate technical and organisational security measures to protect your personal data, including:
- Encryption in transit (TLS 1.2+) and at rest
- Row-Level Security (RLS) policies on all database tables
- Regular security audits and access controls
- Authentication via Supabase with industry-standard password hashing
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
- Account data: Retained until you delete your account or request removal.
- Chat history: Retained for 12 months from the last message, then anonymised.
- Newsletter subscriptions: Retained until you unsubscribe.
- ERP data: Retained for the duration of your business relationship with us, plus 7 years for tax/compliance purposes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing of your data.
- Portability: Request transfer of your data to another service provider.
- Objection: Object to processing of your data for marketing purposes.
- Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data.
To exercise any of these rights, please contact us at privacy@nexwavex.com.
8. Cookies & Tracking
Our Site uses minimal cookies for essential functionality only:
- Authentication cookies: Used by Supabase Auth to maintain your signed-in session.
- Local Storage: We store a visitor ID in your browser's local storage to maintain chat continuity. This is not a cookie and does not track you across sites.
We do not use tracking cookies, advertising cookies, or third-party analytics that collect personal data.
9. Third-Party Services
We use the following third-party services. Each has its own privacy policy governing data handling:
10. International Data Transfers
Your data may be processed on servers located outside your country of residence. Our infrastructure is hosted on Supabase (Google Cloud Platform) and Groq (US-based). Where data is transferred internationally, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).
11. Children's Privacy
Our Site and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: