NEXAFLOW WEBSITE PRIVACY POLICY

Last Updated: December 2025

‍

1. INTRODUCTION

1.1 Overview

Nexaflow ("we," "us," or "our") operates a website and platform that connects businesses with content creators for influencer marketing campaigns. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website.

1.2 Commitment to Privacy

We are committed to protecting your privacy and handling your personal information with care and transparency. This policy describes our practices in accordance with applicable privacy laws, including the Australian Privacy Act 1988.

1.3 Scope

This Privacy Policy applies to all users of the Nexaflow platform, including businesses, influencers, and website visitors.

‍

2. INFORMATION WE COLLECT

2.1 Information You Provide

When you create an account or use our services, you may provide us with the following information:

Account Information: Name, email address, phone number, date of birth, and account credentials.

Business Information: For business accounts, we collect business name, ABN/ACN, business address, venue details, and operating hours.

Profile Information: Profile photos, biographical information, professional details, and preferences.

Payment Information: Billing address, payment method details (processed securely through Stripe), and transaction history.

Campaign Information: Campaign descriptions, content requirements, budget details, and performance preferences.

Communications: Messages, feedback, support requests, and correspondence with us or other platform users.

2.2 Information Collected Automatically

When you use our platform, we automatically collect certain information:

Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.

Device Information: Device type, operating system, browser type, IP address, and device identifiers.

Location Information: General geographic location based on IP address for service functionality.

Cookies and Tracking Technologies: We use cookies and similar technologies to improve user experience and analyze platform usage. You can control cookie preferences through your browser settings.

2.3 Information from Third-Party Services

With your permission, we collect information from third-party platforms you connect to our service:

Social Media Platforms: When influencers connect their Instagram, Facebook, YouTube, or TikTok accounts through OAuth authentication, we collect:

Account verification details (username, handle, account ID)
Audience demographics and geographic distribution
Content performance metrics (views, engagement rates)
Public profile information

Payment Processors: We use Stripe to process payments. Stripe collects and processes payment information according to their privacy policy. We receive limited transaction data necessary for account management.

2.4 Information Purposes

We collect this information to provide and improve our services, facilitate connections between businesses and influencers, process payments, ensure platform security, personalize user experience, and comply with legal obligations.

‍

3. HOW WE USE YOUR INFORMATION

3.1 Service Delivery

We use your information to create and maintain your account, facilitate campaign connections and bookings, process payments and compensation, provide customer support, communicate important updates and notifications, and enable messaging between businesses and influencers.

3.2 Platform Improvement

Your information helps us analyze platform usage and performance, develop new features and functionality, conduct research and analytics, improve user experience and interface design, and optimize matching between businesses and influencers.

3.3 Marketing and Communications

With your consent, we may use your information to send newsletters and platform updates, share promotional offers and campaigns, provide educational content and resources, and gather feedback through surveys. You can opt out of marketing communications at any time.

3.4 Safety and Security

We use your information to detect and prevent fraud and abuse, enforce our Terms and Conditions, investigate security incidents, verify user identity and authenticity, and maintain platform integrity.

3.5 Legal Compliance

We may use your information to comply with legal obligations, respond to lawful requests from authorities, protect our legal rights and interests, and resolve disputes.

‍

4. HOW WE SHARE YOUR INFORMATION

4.1 With Other Platform Users

Business-to-Influencer: When businesses view influencer profiles or receive applications, they see profile information, predicted views, performance history, and audience demographics. When influencers apply to campaigns, businesses see application details and relevant profile information.

Influencer-to-Business: Influencers can view business profiles, campaign details, venue information, and campaign requirements when browsing opportunities.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

Hosting and Infrastructure: Cloud storage and hosting providers for platform operations.

Payment Processing: Stripe processes all payment transactions. Payment information is handled according to Stripe's security standards and privacy policy.

Analytics Services: Analytics providers help us understand platform usage and improve our services.

Communication Services: Email and messaging service providers for platform communications.

Customer Support: Tools that help us provide efficient customer support.

4.3 Social Media Platforms

We connect with social media platforms through official APIs for influencer verification and metrics collection. This integration is essential for our service functionality and operates under each platform's respective terms and privacy policies.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and how it affects your information.

4.5 Legal Requirements

We may disclose your information when required to comply with legal obligations, respond to valid legal processes (subpoenas, court orders), protect rights, property, or safety of Nexaflow, our users, or the public, or prevent fraud or security issues.

4.6 With Your Consent

We may share your information with other parties when you provide explicit consent for us to do so.

4.7 Information We Do Not Share

We do not sell your personal information to third parties. We do not share your information for third-party advertising purposes. We do not provide contact information to third parties without consent.

‍

5. DATA RETENTION

5.1 Retention Periods

We retain your personal information for as long as necessary to provide our services, fulfill the purposes outlined in this Privacy Policy, and comply with legal obligations.

Active Accounts: Information is retained while your account remains active and you continue using our services.

Closed Accounts: After account closure, we may retain certain information for legal compliance, dispute resolution, and fraud prevention purposes. You may request deletion of your data subject to these requirements.

Campaign Data: Campaign information and performance data may be retained for business analytics and historical records.

5.2 Data Deletion

You may request deletion of your personal information at any time. We will honor deletion requests except where retention is required for legal obligations, pending investigations, dispute resolution, or legitimate business purposes.

‍

6. DATA SECURITY

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Encryption: Data transmission is encrypted using industry-standard protocols (SSL/TLS). Sensitive data is encrypted at rest.

Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions.

Authentication: Account access requires secure authentication credentials.

Regular Security Assessments: We conduct periodic security reviews and updates.

Secure Payment Processing: Payment information is processed through PCI-DSS compliant payment processors (Stripe).

6.2 Limitations

While we strive to protect your information, no method of electronic storage or internet transmission is completely secure. We cannot guarantee absolute security of your information.

6.3 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials. Notify us immediately if you suspect unauthorized access to your account.

‍

7. YOUR PRIVACY RIGHTS

7.1 Access and Correction

You have the right to access your personal information held by us and request corrections to inaccurate or incomplete information. You can update most information directly through your account settings.

7.2 Data Portability

You may request a copy of your personal information in a structured, commonly used format.

7.3 Deletion

You may request deletion of your personal information, subject to certain legal exceptions. Account deletion can be initiated through account settings or by contacting support.

7.4 Withdrawal of Consent

Where we process your information based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

7.5 Marketing Opt-Out

You can unsubscribe from marketing communications using the unsubscribe link in our emails or by updating your communication preferences in account settings.

7.6 Cookie Management

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

7.7 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to requests within a reasonable timeframe as required by applicable law.

‍

8. SOCIAL MEDIA INTEGRATION

8.1 OAuth Authentication

We use OAuth 2.0 protocol for secure authentication with social media platforms. This industry-standard protocol allows you to grant us limited access to your social media data without sharing your passwords.

8.2 Instagram and Facebook Integration

Meta Platform Access: When you connect Instagram or Facebook accounts, you authorize us to access specific data through Meta's official APIs. This includes account verification, audience insights, and content performance metrics.

Data Collection: We collect only the minimum necessary data to provide our services: account identifiers, public profile information, audience demographics, and post-performance metrics.

Token Management: Access tokens are securely stored and automatically refreshed to maintain connection. Tokens are used exclusively for authorized data collection.

Data Updates: Certain data (like audience demographics) may be automatically updated periodically to ensure accuracy.

8.3 YouTube and TikTok Integration

We follow similar OAuth authentication processes and data collection practices for YouTube and TikTok integrations, adhering to each platform's respective API policies and privacy requirements.

8.4 Disconnecting Social Media

You can disconnect social media accounts at any time through your profile settings. Disconnecting will remove our access to your social media data, though some historical data may be retained as outlined in Section 5.

8.5 Third-Party Policies

Your use of social media platforms is also governed by their respective privacy policies and terms of service. We encourage you to review these policies.

‍

9. STRIPE PAYMENT INTEGRATION

9.1 Payment Processing

All payment transactions on the Nexaflow platform are processed through Stripe, a certified PCI Service Provider Level 1 (the highest level of payment security certification).

9.2 Information Collected by Stripe

When you make a payment or receive compensation through our platform, Stripe collects payment card information, billing address, transaction details, and device information. This information is collected and processed directly by Stripe in accordance with their privacy policy.

9.3 Information We Receive

We receive limited transaction information from Stripe necessary for account management, including transaction confirmation, transaction amounts and dates, payment status, and partial payment method information (last four digits of card, card type). We do not store complete payment card information on our servers.

9.4 Security

Stripe maintains the highest level of payment security standards. Payment information is encrypted and tokenized. We do not have access to your complete payment card details.

9.5 Stripe's Privacy Policy

Your use of Stripe's payment processing services is governed by Stripe's Privacy Policy, available at stripe.com/privacy. We encourage you to review their privacy practices.

‍

10. INTERNATIONAL DATA TRANSFERS

10.1 Primary Operations

Our platform primarily serves users in Australia. However, some of our service providers and partners may be located outside Australia.

10.2 Data Storage

Your data may be stored and processed in countries where our service providers operate, including but not limited to the United States (for services like Stripe and cloud hosting).

10.3 Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses, service provider certifications, and compliance with applicable data protection regulations.

‍

11. CHILDREN'S PRIVACY

11.1 Age Requirement

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

11.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information from our systems.

‍

12. CHANGES TO THIS PRIVACY POLICY

12.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features.

12.2 Notification

We will notify users of material changes by posting the updated policy on our website with a new "Last Updated" date and sending notice through email or platform notifications for significant changes.

12.3 Continued Use

Your continued use of the platform after changes to this Privacy Policy constitutes acceptance of the updated policy.

‍

13. CONTACT INFORMATION

13.1 Privacy Inquiries

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Nexaflow Privacy TeamOperated by Ruygrok MarketingEmail: [Privacy Contact Email]Website: [Website URL]

13.2 Data Protection Officer

For privacy-related matters, you may contact our Data Protection Officer at [DPO Email].

13.3 Response Time

We aim to respond to all privacy inquiries within 30 days.

‍

14. ADDITIONAL INFORMATION FOR AUSTRALIAN USERS

14.1 Australian Privacy Principles

We comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth).

14.2 Complaints

If you have a complaint about how we handle your personal information, please contact us using the details in Section 13. We will investigate and respond to your complaint.

14.3 Office of the Australian Information Commissioner

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

‍

15. ACKNOWLEDGMENT

By using the Nexaflow platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

‍