Privacy Policy

Last updated: January 31, 2025 | Effective: February 1, 2025

1. Introduction

NexusTrack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our task management platform.

We are committed to GDPR compliance and respect your rights regarding your personal data. This policy applies to all users worldwide.

2. Information We Collect

Information You Provide

  • Account Information: Name, email address, password
  • Profile Information: Avatar, bio, timezone preferences
  • Content: Tasks, projects, notes, and any data you create within NexusTrack
  • Payment Information: Processed securely through Stripe (we don't store card details)
  • Communications: Support tickets, feedback, and correspondence
  • Team Information: Team names, member roles, and collaborative data

Information We Collect Automatically

  • Usage Data: Features used, actions taken, time spent
  • Device Information: Browser type, operating system, screen resolution
  • Log Data: IP address, access times, pages viewed, referring URLs
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Performance Data: Error reports, load times, feature usage patterns

3. How We Use Your Information

To Provide Our Services

  • Create and maintain your account
  • Synchronize your tasks and projects across devices
  • Enable collaboration features with team members
  • Process payments and manage subscriptions
  • Send transactional emails (password resets, notifications)

To Improve Our Platform

  • Analyze usage patterns to enhance features
  • Debug issues and improve performance
  • Develop new features based on user behavior
  • Conduct A/B testing and research

To Communicate With You

  • Respond to support requests
  • Send product updates and announcements (with your consent)
  • Share tips and best practices (optional)
  • Notify about security or privacy updates

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide the services you've requested
  • Consent: For marketing communications and optional features
  • Legitimate Interests: To improve our services and ensure security
  • Legal Obligations: To comply with applicable laws

5. Data Sharing and Disclosure

We never sell your personal data. We share information only in these limited circumstances:

Service Providers

  • Stripe: Payment processing
  • AWS: Cloud infrastructure and storage
  • SendGrid: Email delivery
  • Google Analytics: Usage analytics (anonymized)
  • Sentry: Error tracking and monitoring

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights and safety.

Business Transfers

In the event of a merger or acquisition, your information may be transferred. We will notify you before any transfer and any changes to this policy.

6. Data Security

We implement comprehensive security measures:

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access Controls: Role-based permissions and multi-factor authentication
  • Infrastructure: Secure AWS cloud infrastructure with regular updates
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular security assessments and penetration testing
  • Backups: Daily encrypted backups with point-in-time recovery
  • Incident Response: Established procedures for security incidents

7. Data Retention

We retain your data based on the following schedule:

  • Active Account Data: As long as your account is active
  • Deleted Content: Removed immediately, backups purged within 30 days
  • Account Deletion: Personal data deleted within 30 days
  • Legal Requirements: Some data may be retained longer if legally required
  • Anonymized Data: May be retained indefinitely for analytics

8. Your Privacy Rights

You have the following rights regarding your personal data:

Universal Rights

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Objection: Opt-out of certain processing activities
  • Restriction: Limit how we use your data

GDPR Rights (EU/EEA Users)

  • Right to withdraw consent at any time
  • Right to lodge a complaint with supervisory authorities
  • Right to object to automated decision-making

CCPA Rights (California Residents)

  • Right to know what personal information is collected
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (we don't sell data)
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@nexustrack.io. We will respond within 30 days.

9. Cookies and Tracking

We use cookies to enhance your experience. You can control cookies through:

  • Browser settings to block or delete cookies
  • Our cookie preferences in your account settings
  • Do Not Track signals (we honor DNT headers)

For detailed information, see our Cookie Policy.

10. International Data Transfers

Your data may be processed in the United States. We ensure appropriate safeguards:

  • Standard Contractual Clauses for EU data transfers
  • Privacy Shield principles compliance
  • Encryption for all international data transfers
  • Data processing agreements with all sub-processors

11. Children's Privacy

NexusTrack is not intended for users under 16 years of age. We do not knowingly collect information from children. If we discover we have collected data from a child under 16, we will delete it immediately.

Parents who believe we have inadvertently collected their child's information should contact us immediately at privacy@nexustrack.io.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

  • Email notification to your registered address
  • Prominent notice within the platform
  • Update to the "Last updated" date

Continued use after changes constitutes acceptance of the updated policy.

14. Data Protection Officer

For privacy-related inquiries, you can contact our Data Protection Officer:

Email: privacy@nexustrack.io
Response Time: Within 30 days
Alternative Contact: support@nexustrack.io

15. Supervisory Authority

EU/EEA residents have the right to lodge a complaint with their local data protection authority if they believe we have not adequately addressed their privacy concerns.