Privacy Policy

This privacy policy explains how NextAiBot (“NextAiBot”, “we”, “our”, “us”) collects, uses, discloses, and protects personal data when you visit nextaibot.tech, sign up for an account, or use the NextAiBotplatform (the “Service”).

We act as a data controller for personal data we collect about you directly. When customers use the Service to communicate with their own end-users, we act as a data processoron those customers' behalf — see “Processor obligations”.

1. What we collect

• Account data — name, email, password (hashed), organisation, role, login timestamps, IP address.
• Billing data — billing address, tax IDs, plan choice. Card data is held by our PCI-compliant payment processor.
• Service usage data — feature interactions, performance telemetry, error reports.
• Customer content — messages, contact records, files, and configuration you upload or generate. We process this on your instructions.
• Communications — emails, support tickets, demo recordings (with consent), survey responses.

2. How we use your data

• To provide and operate the Service (account management, message routing, AI replies).
• To bill you and prevent payment fraud.
• To send transactional notifications (security, billing, service updates).
• To improve the Service through aggregated analytics — never to train third-party AI models on your customer content without an opt-in.
• To comply with legal obligations.
• To send marketing emails — only when you've opted in.

3. Legal bases (GDPR / UK GDPR)

• Contract — to provide the Service you signed up for.
• Legitimate interests — to operate, secure, and improve the Service.
• Consent — for marketing emails and optional analytics cookies.
• Legal obligation — for tax, accounting, and law-enforcement requests.

4. Sharing your data

We share personal data only with:

• Sub-processors we rely on (cloud hosting, payments, email delivery, analytics, AI models). List on request via privacy@nextaibot.tech.
• Service providers bound by confidentiality obligations.
• Authorities when required by valid legal process.
• Successors in a merger / acquisition / sale, with notice and the same protections.

We do not sell your personal data and we do not share it with advertising networks for cross-context behavioural advertising.

5. Where we store and process data

We host the Service in [primary region — e.g. EU (Frankfurt) for EU customers, India (Mumbai) for India customers, US (Virginia) for US customers]. Backups stay in the same region. Cross-border transfers, where they happen, are governed by the EU Standard Contractual Clauses (or equivalent UK / India safeguards) and a transfer-impact assessment.

6. How long we keep data

• Account & billing data — for the life of your account, plus seven years after closure for tax / audit obligations.
• Customer content — until you delete it, or 30 days after your account is closed (whichever comes first).
• Logs & telemetry — typically 90 days, longer if a security event is being investigated.
• Marketing contacts — until you unsubscribe; then we keep your email on a suppression list.

7. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, India DPDP Act, CCPA, others) you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to lawful retention obligations).
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent for processing based on consent.
• Lodge a complaint with your supervisory authority.

To exercise any of these, email privacy@nextaibot.tech. We aim to respond within 30 days.

8. Cookies and tracking

We use a small number of essential cookies for authentication and security, and (with your consent) analytics cookies to understand product usage. We do not use advertising cookies.

9. Security

We protect your data with TLS 1.2+ in transit and AES-256 at rest, strict access controls, mandatory MFA for staff, regular penetration testing, and an incident-response runbook. We'll notify you and the relevant authority within 72 hours of confirming a breach that affects your data, in line with GDPR Article 33.

10. Processor obligations (when you're our customer)

When you use the Service to talk to your own end-users, you're the controller and we're your processor. We process personal data only on your documented instructions, ensure our staff are bound by confidentiality, assist you with data-subject requests, and delete or return all personal data at the end of our agreement. Our standard Data Processing Addendum is available on request.

11. Children's data

The Service isn't directed at children under 16 (or the equivalent age in your jurisdiction). If you believe a child has given us their data, contact privacy@nextaibot.tech and we'll delete it.

12. Changes to this policy

We may update this policy as the Service evolves or the law changes. We'll post the new version here with a fresh “Last updated” date and notify you of material changes by email and in-app at least 30 days in advance.

13. Contact us

• Privacy queries: privacy@nextaibot.tech
• General support: support@nextaibot.tech
• Postal address: [Registered office address, City, Country]

See our Terms of Service for the full agreement governing your use of the Service.