Privacy Policy

Version 1.0 — Effective Date: April 12, 2026

1. Introduction

Nxentra ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform. By using Nxentra, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address, name, phone number, password, company name, preferred language
  • Financial data: Chart of accounts, journal entries, invoices, bills, bank transactions, inventory records, and other accounting data you enter
  • Integration credentials: OAuth tokens for Shopify, Stripe, and other connected platforms (stored encrypted)
  • Voice data: Audio recordings submitted through the voice entry feature (processed by OpenAI Whisper, not stored permanently)

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, actions performed (for product improvement)
  • Device information: Browser type, operating system, IP address
  • Error data: Application errors and crash reports (via Sentry, if configured)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your financial data and generate reports as requested
  • Authenticate your identity and manage your account
  • Send transactional emails (verification, password reset, notifications)
  • Facilitate integrations with third-party platforms you connect
  • Monitor and prevent security threats and abuse
  • Comply with legal obligations

We do not sell your personal information or financial data to third parties.

4. Data Storage and Security

  • Your data is stored in secure, access-controlled databases
  • Financial data is isolated per company using PostgreSQL Row-Level Security (RLS) or dedicated databases
  • Passwords are hashed using industry-standard algorithms (never stored in plain text)
  • Authentication tokens are transmitted via encrypted HTTPS connections and stored in HttpOnly secure cookies
  • All data in transit is encrypted using TLS 1.2 or higher
  • We maintain an immutable audit trail of all financial transactions via our event-sourced architecture

5. Data Sharing

We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize a third-party integration (Shopify, Stripe, etc.)
  • Service providers: With trusted providers who assist in operating our Service (hosting, email delivery, error tracking), bound by confidentiality agreements
  • Legal requirements: When required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

6. Data Retention

  • Your account and financial data are retained for as long as your account is active
  • Upon account termination, you may request a data export within 30 days
  • After the 30-day export window, your data will be permanently deleted within 90 days
  • We may retain anonymized, aggregated data for analytics purposes
  • Audit trail events may be retained longer where required by applicable financial regulations

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Export: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing of your personal data for certain purposes

To exercise any of these rights, contact us at admin@nxentra.com. We will respond within 30 days.

8. Cookies

We use essential cookies required for the Service to function (authentication cookies, session management). We do not use advertising or third-party tracking cookies. Authentication cookies are HttpOnly and Secure, meaning they cannot be accessed by client-side scripts and are only transmitted over encrypted connections.

9. International Data Transfers

Your data may be processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through the Service and update the "Effective Date" above. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: admin@nxentra.com