Privacy Policy

Last Updated: December 7, 2024  ·  Nexform AI

1. Introduction

Nexform AI ('we,' 'us,' or 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our AI automation solutions.

By accessing or using Nexform AI's services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

We reserve the right to update or modify this Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the 'Last Updated' date. Your continued use of our services after any modifications indicates your acceptance of the updated policy.

---

2. Information We Collect

We collect several types of information to provide and improve our services.

2.1 Personal Information

When you interact with our services, we may collect personally identifiable information including but not limited to:

• Name, email address, phone number, and company name
• Job title and business address
• Payment information (processed through secure third-party payment processors)
• Any other information you voluntarily provide through forms, consultations, or communications

2.2 Usage Data

We automatically collect certain information when you visit our website or use our services, including:

• IP address, browser type and version, and operating system information
• Pages visited, time spent on pages, and date and time of your visit
• Unique device identifiers, referring and exit pages, and clickstream data
• Interaction patterns with our AI systems

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to track activity on our website and store certain information. Cookies are small data files stored on your device. You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

2.4 AI System Data

For clients using our AI automation services — voice receptionists, chat assistants, and workflow automation — we collect and process:

• Conversation transcripts and recordings (with consent)
• Interaction logs and metadata
• Performance metrics and analytics
• Integration data from connected tools and systems
• Customer interaction patterns for optimisation purposes

---

3. How We Use Your Information

We use the information we collect for the following purposes.

Service Delivery

• To provide, maintain, and improve our AI automation services
• To process transactions and send related information including confirmations and invoices
• To manage your account and provide customer support
• To deploy and optimise AI voice receptionists, chat assistants, and workflow automations
• To integrate with your business tools and systems as authorised

Communication

• To respond to your inquiries and fulfil your requests
• To send you technical notices, updates, security alerts, and support messages
• To provide information about our services, features, and updates
• To send marketing and promotional communications (with your consent where required)
• To notify you about changes to our services or policies

Analytics and Improvement

• To monitor and analyse usage patterns and trends
• To improve our website, services, and AI models
• To personalise user experience and content
• To develop new features, products, and services
• To conduct research and testing to improve service quality

Legal and Security

• To comply with legal obligations and respond to lawful requests
• To protect our rights, property, and safety and that of our users and others
• To detect, prevent, and address technical issues, fraud, or security threats
• To enforce our Terms of Service and other agreements
• To investigate and prevent prohibited or illegal activities

---

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances.

Service Providers

We may share information with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you. These providers include cloud hosting services (AWS, Google Cloud, Microsoft Azure), payment processors (Stripe, PayPal), CRM and communication platforms (HubSpot, Calendly), analytics services (Google Analytics), and email delivery services. All service providers are contractually obligated to maintain the confidentiality and security of your information.

Business Transfers

If Nexform AI is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities such as court orders, subpoenas, or government agencies.

With Your Consent

We may share your information for any other purpose with your explicit consent.

---

5. Data Security

We implement industry-standard security measures to protect your information from unauthorised access, disclosure, alteration, and destruction.

Encryption

All data transmitted between your browser and our servers is encrypted using SSL/TLS protocols. Data at rest is encrypted using AES-256 or equivalent encryption standards.

Access Controls

We implement strict access controls and authentication mechanisms. Access to personal information is limited to authorised personnel who need it to perform their job functions. All employees and contractors are bound by confidentiality agreements.

Infrastructure Security

Our systems are hosted on secure, SOC 2 Type II certified infrastructure with regular security audits. We employ firewalls, intrusion detection systems, and regular vulnerability scanning. Regular backups are maintained with encryption and secure storage.

Monitoring

We continuously monitor our systems for security threats and suspicious activity and maintain incident response procedures to address security breaches promptly.

---

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

Access and Correction

You have the right to request access to the personal information we hold about you and to request correction of inaccurate or incomplete information.

Deletion

You may request deletion of your personal information, subject to certain legal exceptions such as records required for accounting, legal compliance, or fraud prevention.

Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.

Opt-Out

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly. You can disable cookies through your browser settings, though this may affect website functionality.

Object to Processing

You have the right to object to certain types of processing of your personal information, particularly for direct marketing purposes.

Restrict Processing

You may request that we restrict the processing of your personal information under certain circumstances.

Withdraw Consent

Where we rely on your consent to process your information, you have the right to withdraw that consent at any time.

---

7. International Data Transfers

Nexform AI operates in multiple jurisdictions including the United Kingdom, United States, and the GCC region. Your information may be transferred to, stored, and processed in countries other than your own.

When we transfer personal information across borders, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by relevant data protection authorities
• Data processing agreements with third-party processors
• Compliance with applicable data protection regulations including GDPR, CCPA, and local GCC privacy laws
• Adequate security measures during transfer and storage

By using our services, you consent to the transfer of your information to countries outside your residence, which may have different data protection rules than your country.

---

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@nexformai.com. If we discover that we have collected personal information from a child under 18, we will promptly delete that information from our systems.

---

9. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

The criteria we use to determine retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you
• Whether there is a legal obligation to retain the information such as tax, accounting, or legal requirements
• Whether retention is advisable given our legal position including statutes of limitations and litigation holds
• Whether retention is necessary for our legitimate business interests

When we no longer need to retain your information, we will securely delete or anonymise it in accordance with our data retention and destruction policies.

---

10. Third-Party Links

Our website and services may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website or interact with third-party services, we encourage you to read the privacy policy of every website you visit.

---

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA).

Right to Know

You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected your information, the business or commercial purpose for collecting your information, and the categories of third parties with whom we share your information.

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out

You have the right to opt out of the sale of your personal information. Please note that Nexform AI does not sell personal information.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your CCPA rights.

---

12. European Union (GDPR) Rights

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your personal information based on:

• Your consent, where you have provided it
• Performance of a contract with you
• Compliance with legal obligations
• Protection of vital interests
• Our legitimate interests, provided these do not override your rights
• Public interest

Your Rights Under GDPR

• Right to access, rectification, and erasure ('right to be forgotten')
• Right to restriction of processing and data portability
• Right to object to processing and to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at info@nexformai.com.

---

13. Business Client Data

For business clients using our AI automation services, additional data processing terms apply.

Data Processing Agreement

We act as a data processor on behalf of our clients, who are the data controllers. A separate Data Processing Agreement (DPA) governs how we handle customer data processed through our AI systems.

Client Responsibility

Clients are responsible for obtaining necessary consents from their customers for AI-powered interactions, ensuring compliance with applicable laws in their jurisdiction, configuring AI systems in accordance with their own privacy policies, and informing their customers about AI usage.

Data Isolation

Client data is logically isolated and not shared between different client organisations. AI conversation data is not used to train public AI models or shared with other clients.

Data Deletion

Upon contract termination or client request, we will delete or return all client customer data within 30 days, except where retention is required by law.

---

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us. We will respond to all legitimate requests within 30 days. For urgent privacy concerns, please mark your communication as 'URGENT: Privacy Matter' in the subject line.

---

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will:

• Post the updated Privacy Policy on this page with a new 'Last Updated' date
• Notify you via email if you have provided an email address
• Provide prominent notice on our website
• For business clients, provide direct notification through your account dashboard

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.