Nexal Forge Privacy Policy

This policy applies to website visitors, Nexi business customers, authorized Nexi dashboard users, business contacts, prospects, and individuals who interact with businesses that use Nexi.

Nexi is a SaaS product used by businesses to manage communications, leads, bookings, inquiries, and business operations. In many cases, Nexal Forge processes data on behalf of its business customers.

We may collect or process the following categories of data, depending on how the site, product, or connected channels are used:

• contact data, such as name, email address, phone number, and company;
• account data, such as username, role, permissions, and configuration;
• customer business data, such as services, prices, locations, hours, team, providers, internal policies, and service instructions;
• conversation data, such as messages sent or received through connected channels, interaction history, service context, user intent, service preferences, and booking requests;
• lead or end-customer data, such as name, phone number, contact channel, business interest, requested service, preferred location, preferred time, or other information shared during the conversation;
• technical data, such as IP address, browser, device, operating system, activity logs, security events, errors, and usage metrics;
• support, onboarding, or implementation data;
• limited billing data, such as subscription status, transaction identifiers, contracted plan, receipts, and data needed for business support.

When payment is made through Paddle, payment data is managed by Paddle. Nexal Forge does not need to receive the full card number to operate Nexi.

We use data to:

• operate, deliver, and maintain Nexi;
• create and manage accounts;
• configure the product for each customer;
• process conversations, leads, bookings, responses, and handoffs;
• provide support, onboarding, and implementation;
• manage billing, subscriptions, payments, cancellations, and refunds;
• monitor security, prevent fraud, resolve errors, and protect the service;
• improve the quality, reliability, and usefulness of the product;
• analyze site usage and business performance;
• send permitted operational, administrative, or commercial communications;
• fulfill legal, contractual, or regulatory obligations.

Nexi uses automation and artificial intelligence to help respond to messages, classify requests, summarize context, recommend next steps, and assist operational flows.

AI-generated responses may be imperfect. Nexi customers are responsible for providing accurate information and for reviewing relevant flows, responses, and data when necessary.

We do not use Nexi to provide medical, legal, financial, emergency, or high-risk advice. Customers must not configure Nexi to make regulated or sensitive decisions without adequate human and legal review.

Nexal Forge does not use WhatsApp Business Solution conversation data, including anonymous, aggregate, or derived forms, to create, develop, train, or improve shared/general AI models. Any tenant-exclusive fine-tuning or model adaptation requires explicit written agreement, platform permission, and technical controls.

When a person interacts with a business that uses Nexi, we may process their data on behalf of that business to respond to inquiries, capture leads, support bookings, follow up, or hand off context to the business's human team.

The business customer is responsible for informing its own end customers about the use of tools like Nexi when required by applicable law, and for obtaining the necessary consents or legal bases for communications, integrations, and data processing.

In this context, Nexal Forge generally acts as a processor/service provider for end-customer conversation data handled on behalf of the business customer, while the business customer generally acts as the controller/responsible party for its end-customer relationship.

For plain-language information intended for people messaging a business that uses Nexi, see the Nexi Messaging & AI Processing Notice.

Depending on the applicable country, region, and relationship, we process data to perform contracts, deliver the service, comply with legal obligations, respond to requests, protect legitimate interests, improve the product, prevent abuse, or with consent where applicable.

We may share data with providers necessary to operate Nexi, including cloud infrastructure, AI providers, messaging services, analytics, security, support, email, integration platforms, booking systems, CRMs, and Paddle for purchases processed by Paddle.

These providers may only process data for the purposes necessary to deliver their services, subject to reasonable contractual, technical, and organizational conditions.

We may also share information when necessary to comply with the law, protect rights, investigate fraud, respond to competent authorities, enforce our terms, or protect users, customers, providers, or third parties.

Nexal Forge may also act as an independent controller for its own website operations, billing and payments support, account security, fraud prevention, analytics, and internal business operations.

When a purchase is processed through Paddle, Paddle acts as an authorized reseller and Merchant of Record. Paddle may process personal data to handle payments, issue receipts, manage applicable taxes, handle transaction-related support, manage cancellations, refunds, and comply with legal obligations.

Paddle's privacy information is governed by its own Privacy Policy. We recommend reviewing Paddle's policies before completing a purchase.

Nexal Forge operates from Ecuador and may use providers located in other countries. As a result, data may be processed or stored outside the country where the user, customer, or business is located.

Where applicable, we will use reasonable contractual, technical, or organizational measures to protect data in international transfers.

We retain data for as long as necessary to deliver Nexi, maintain accounts, comply with legal obligations, resolve disputes, prevent fraud, maintain security, conduct internal audits, and enforce agreements.

Customers may request deletion or export of data in accordance with their plan, configuration, legal obligations, and available technical capabilities.

We apply reasonable technical and organizational measures to protect information against unauthorized access, loss, alteration, disclosure, or misuse.

No system is 100% secure. Customers must also protect their credentials, control internal access, maintain correct configurations, and report incidents or unauthorized access.

Depending on applicable law, you may have the right to request access, correction, update, deletion, restriction, objection, portability, or withdrawal of consent regarding your personal data.

To exercise rights related to data processed directly by Nexal Forge, contact us at [email protected].

If you are an end customer of a business using Nexi, you may need to direct certain requests to that business directly, as it may act as the controller of your data.

Nexi is intended for businesses and is not designed to be contracted directly by minors. If we identify that we have collected data from a minor without valid authorization where required, we will take reasonable steps to delete or limit that processing.

We use cookies and similar technologies as described in our Cookie Policy.

We may update this policy to reflect legal, technical, commercial, or product changes. We will publish the updated version on this site.

For privacy questions or support, contact us at [email protected].