Privacy Policy

Nexuvo LLC ("Company," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our membership management platform ("Service"). Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

We collect information in the following ways:

Information you provide directly: Account registration details (name, email, organization name), billing information (processed and stored by Stripe; we store only card brand and last four digits), contact form submissions, and support requests.

Data you manage through the Service: Member records, event registrations, financial transactions, communications, and other data you create or upload. You are the data controller for this information; we are the data processor.

Information collected automatically: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of visits, and other standard web analytics data. We use cookies and similar technologies as described in Section 7 below.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related billing information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and support requests
• Monitor and analyze usage trends to improve the Service
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your member data for advertising purposes.

3. Data Storage and Security

Your data is stored in Microsoft Azure data centers in the United States (East US region). All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Backups are maintained in a geographically separate Azure region for disaster recovery. We maintain SOC 2 Type II certification and conduct regular security audits. Unlimited plan customers may request data residency in the EU, Canada, or Australia.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We may share information with the following categories of third parties solely to provide and improve the Service:

• Payment processors: Stripe processes all payments. We never store full credit card numbers.
• Infrastructure providers: Microsoft Azure hosts our platform and data.
• Email delivery: Amazon SES delivers transactional and campaign emails on your behalf.
• Analytics: We use privacy-respecting analytics to understand usage patterns. We do not use Google Analytics.

All third-party providers are bound by data processing agreements that require them to protect your data in accordance with this Privacy Policy and applicable law.

5. Your Rights (GDPR and General)

Regardless of where you are located, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can update or correct inaccurate personal data through your account settings or by contacting us.
• Right to erasure: You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
• Right to data portability: You can export all your data in standard formats (CSV, JSON) at any time from your admin dashboard.
• Right to restrict processing: You can request that we limit how we process your data in certain circumstances.
• Right to object: You can object to our processing of your data for certain purposes, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. EU residents also have the right to lodge a complaint with a supervisory authority.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your account, your data remains accessible in read-only mode for 30 days to allow for export. After 30 days, your data is scheduled for permanent deletion, which is completed within 90 days (including removal from backups). Billing records may be retained longer as required by tax and accounting regulations.

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for the Service to function (authentication, session management, CSRF protection). These cannot be disabled.
• Analytics cookies: Help us understand how the Service is used. These are privacy-respecting and do not track users across websites. You can opt out.
• Preference cookies: Remember your settings and preferences (language, theme, display options).

We do not use third-party advertising cookies. We do not participate in cross-site tracking or data broker networks.

8. International Data Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data from the EEA, UK, and Switzerland to the United States. A Data Processing Agreement (DPA) incorporating SCCs is available for all customers upon request.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also send notification via email to the address associated with your account. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

11. Contact Us

If you have questions about this Privacy Policy, your personal data, or would like to exercise your data rights, contact us: