We collect the information needed to sell, host, support, secure, bill, and improve our services. We do not sell personal information.
This policy applies to Nexa Systems websites, NexaCloud services, VPS hosting, dedicated servers, app hosting, Odoo ERP services, custom software projects, customer portals, documentation, support, billing, and related communications.
1. Information we collect
We collect information you provide directly, information generated through service use, and limited information from trusted service providers. This may include:
- contact details such as name, email address, phone number, company name, billing address, and support contacts;
- account details such as login identifiers, customer ID, account settings, language preference, role, permissions, and security settings;
- billing details such as invoices, payment status, subscription details, tax information, transaction references, and partial payment information from payment processors;
- technical data such as IP address, device type, browser, operating system, pages viewed, referrer, timestamps, DNS settings, service IDs, log entries, API activity, and usage metrics;
- support and project information such as tickets, emails, files, screenshots, call notes, project requirements, credentials you choose to share, and troubleshooting records;
- Customer Data you upload, host, transmit, or ask us to access while providing hosting, Odoo, support, migration, backup, or software services.
2. How we use information
We use personal information to provide, operate, secure, bill, support, and improve our services. This includes:
- creating accounts, provisioning services, authenticating users, and managing access;
- processing payments, issuing invoices, collecting overdue balances, calculating taxes, and preventing billing fraud;
- responding to support requests, performing migrations, troubleshooting issues, monitoring uptime, and restoring services;
- communicating about service updates, maintenance, security events, renewals, policy changes, invoices, and product improvements;
- detecting abuse, malware, spam, unauthorized access, payment fraud, and violations of our Terms;
- improving our websites, documentation, products, infrastructure, customer experience, and internal operations;
- meeting legal, regulatory, tax, accounting, security, and dispute-resolution obligations.
3. Payments and financial information
We use third-party payment processors, such as Stripe or another provider, to process card payments and subscriptions. We do not store full card numbers on our own website servers. Payment processors may provide us with limited details such as card brand, last four digits, expiry month and year, payment status, transaction ID, billing address, and fraud signals.
Payment processors handle payment information according to their own terms and privacy policies. You should review those policies when entering payment details.
4. Hosting, Customer Data, and support access
When you use hosting, Odoo, managed infrastructure, backup, migration, or support services, we may process Customer Data on your behalf to provide the service. Customer Data may include files, databases, logs, configurations, source code, business records, user data, and application content.
We access Customer Data only as needed to provide support, troubleshoot, migrate, back up, secure, monitor, maintain, or administer services, or when required by law. You are responsible for ensuring you have the right to upload, process, and share Customer Data with us.
We may keep administrative logs, service logs, security logs, backup logs, support notes, and audit records for security, operations, billing, compliance, and dispute resolution.
5. Cookies and similar technologies
We use cookies, local storage, and similar technologies to keep websites working, remember preferences such as language and theme, maintain sessions, secure accounts, measure site performance, and understand how people use our services.
You can control cookies through your browser settings. Blocking necessary cookies may prevent account portals, forms, dashboards, or checkout flows from working correctly.
6. When we share information
We do not sell personal information. We may share information with:
- service providers who help us provide hosting, cloud infrastructure, payment processing, email delivery, analytics, security, support, monitoring, backups, or business operations;
- contractors, consultants, and professional advisers who are bound by confidentiality obligations;
- domain registrars, certificate authorities, software vendors, app providers, and infrastructure providers when needed for services you request;
- law enforcement, regulators, courts, or third parties when required by law, legal process, abuse handling, security response, or protection of rights;
- a successor organization if Nexa Systems is involved in a merger, acquisition, financing, reorganization, or sale of assets.
7. Security and retention
We use administrative, technical, and physical safeguards designed to protect personal information and Customer Data. These may include access controls, encryption in transit, logging, monitoring, backups, least-privilege access, vulnerability remediation, and account security measures.
No system is perfectly secure. You are responsible for your own passwords, SSH keys, API keys, firewall rules, user permissions, application updates, data classification, and independent backups unless a written agreement states otherwise.
We keep information only as long as reasonably needed for the purposes described in this policy, including service delivery, support, security, tax, accounting, legal, compliance, backup, and dispute-resolution purposes. Retention periods vary based on the type of information, service, legal requirement, and operational need.
8. Location of processing and Canadian privacy
Nexa Systems is based in Canada. We aim to use Canadian infrastructure where offered, selected, or commercially practical, but service providers may process information in Canada, the United States, or other jurisdictions. Information processed outside Canada may be subject to the laws of that jurisdiction.
We handle personal information in line with applicable Canadian privacy principles, including accountability, appropriate purposes, consent where required, limiting collection, limiting use and disclosure, safeguards, openness, access, correction, and complaint handling.
9. Your privacy rights and choices
Depending on where you are located and the type of information involved, you may have the right to request access, correction, deletion, portability, restriction, withdrawal of consent, or information about how we use and disclose your personal information.
We may need to verify your identity before responding. Some information may be retained where required for billing, security, legal compliance, dispute resolution, fraud prevention, backup integrity, or legitimate business purposes.
You may unsubscribe from marketing emails using the link in the email or by contacting us. Service, security, billing, and account emails are not marketing messages and may still be sent while you use our services.
10. Security incidents
If we become aware of a security incident affecting personal information under our control, we will investigate and take steps we consider appropriate based on the nature of the incident, the information involved, the risk of harm, our legal obligations, and the services affected.
11. Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date. If a change is material, we may provide additional notice through the website, portal, email, or another practical channel.
12. Contact
Privacy questions, access requests, correction requests, deletion requests, or complaints can be sent to Nexa Systems Inc.