Privacy Policy

1. Data Controller

N.E.X.A Loop ("we", "us") is the data controller for personal data collected through the Service. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data We Collect

We collect the following categories of personal data:

• Account information (name, email address, organisation name)
• Organisation data (country, VAT/Tax ID, industry)
• Supply chain data (supplier names, contacts, compliance documents)
• Usage data (login activity, feature usage for product improvement)

3. How We Use Your Data

We process your data to provide the Service, including supplier management, compliance tracking, and regulatory output generation. We do not sell your data to third parties. Data processing is based on contractual necessity (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

4. Data Storage and Security

All data is stored on EU-hosted infrastructure. We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security audits. Passwords are hashed using bcrypt and never stored in plain text.

5. Your Rights

Under GDPR, you have the right to access, rectify, erase, restrict processing, and port your personal data. You may also object to processing and withdraw consent at any time. To exercise these rights, contact us at privacy@nexaloop.eu.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

7. Contact

For privacy enquiries, contact our Data Protection Officer at privacy@nexaloop.eu.