NEXAFLOW BUSINESS PRIVACY POLICY

Last Updated: December 2025

‍

1. INTRODUCTION

1.1 Overview

This Business Privacy Policy explains how Nexaflow ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our platform as a business user to run influencer marketing campaigns.

1.2 Commitment to Privacy

We are committed to protecting your business information and personal data with care and transparency. This policy describes our practices in accordance with applicable privacy laws, including the Australian Privacy Act 1988.

1.3 Scope

This Privacy Policy applies specifically to business accounts on the Nexaflow platform. It should be read in conjunction with our Website Privacy Policy and Business Terms and Conditions.

‍

2. INFORMATION WE COLLECT FROM BUSINESSES

2.1 Business Account Information

When you create a business account, we collect:

Business Details: Legal business name, trading name, ABN/ACN (if applicable), business registration information, and business type/industry.

Contact Information: Primary contact name, email address, phone number, and business address.

Account Credentials: Username, password (encrypted), and security verification information.

Authorized Representatives: Names and contact details of individuals authorized to manage the business account.

2.2 Venue and Operational Information

To facilitate influencer visits and campaign management, we collect:

Venue Details: Physical address, venue description, operating hours, and closed/busy dates.

Availability Calendar: Your venue's booking availability and scheduling preferences.

Capacity Information: Information about your venue's capacity for influencer visits.

2.3 Campaign Information

When you create and manage campaigns, we collect:

Campaign Details: Campaign descriptions, content requirements, campaign objectives, and brand guidelines.

Budget Information: Campaign budgets, compensation structures (monetary or store credit), and spending allocations.

Target Metrics: Desired view counts, target audience demographics, and campaign duration.

Content Preferences: Visual and messaging preferences, restrictions, and approval workflows.

2.4 Payment and Billing Information

For subscription and campaign payments, we collect:

Subscription Data: Selected plan level (Free, Starter, Growth, Scale), billing cycle information, and payment history.

Payment Methods: Payment information processed securely through Stripe (we receive limited transaction data only).

Billing Address: Address associated with payment methods.

Transaction History: Records of platform fees, campaign budgets, and credit top-ups.

2.5 Influencer Interaction Data

As you interact with influencers through the platform, we collect:

Application Reviews: Your responses to influencer applications (accept/reject decisions).

Communication Records: Messages exchanged with influencers through the platform.

Booking Management: Visit confirmations, schedule changes, and cancellation requests.

Performance Reviews: Ratings and feedback provided to influencers after campaign completion.

2.6 Usage and Analytics Data

To improve your experience and our platform, we automatically collect:

Platform Activity: Pages visited, features used, campaigns created, and time spent on platform.

Device Information: Device type, operating system, browser type, and IP address.

Performance Metrics: Campaign performance data, view delivery, engagement statistics, and ROI metrics.

Preferences: Your campaign settings, notification preferences, and platform customisations.

‍

3. HOW WE USE YOUR BUSINESS INFORMATION

3.1 Account Management and Service Delivery

We use your information to create and maintain your business account, verify your business identity and legitimacy, provide access to platform features based on your subscription plan, enable campaign creation and management tools, and facilitate secure login and account access.

3.2 Campaign Operations

Your information helps us display your campaigns to relevant influencers, match your campaigns with suitable content creators based on audience demographics, facilitate booking and scheduling of influencer visits, manage campaign timelines and deadlines, and track campaign performance and analytics.

3.3 Payment Processing

We use your payment information to process subscription fees on bi-monthly billing cycles, handle campaign budget payments and escrow services, manage view credit allocations, process refunds when applicable, and generate invoices and payment receipts.

3.4 Influencer Connections

Your business information enables us to present your business profile to influencers, display campaign details to potential applicants, facilitate communication between you and influencers, coordinate visit schedules and publish dates, and enable content collaboration features.

3.5 Platform Improvement and Analytics

We analyse aggregated business data to improve platform features and functionality, develop new tools for campaign management, optimise influencer matching algorithms, enhance user interface and experience, and identify trends in influencer marketing.

3.6 Agency Support Services

For paid plan subscribers, we use your information to provide campaign review and recommendations, offer agency recommendations for suitable influencers, monitor campaign performance for quality assurance, identify businesses eligible for full-service agency escalation, and provide strategic guidance when needed.

3.7 Communication and Support

We use your contact information to send important platform updates and notifications, provide customer support and technical assistance, share best practices and educational resources, notify you of policy changes, and respond to your inquiries and feedback.

3.8 Security and Compliance

Your information helps us detect and prevent fraudulent activity, enforce our Terms and Conditions, protect against unauthorised access, comply with legal obligations and regulatory requirements, and resolve disputes with influencers or other parties.

‍

4. HOW WE SHARE YOUR BUSINESS INFORMATION

4.1 With Influencers on the Platform

When influencers view or apply to your campaigns, they can see:

Public Business Profile: Business name, venue description, location (city/region), and business type.

Campaign Information: Campaign description, content requirements, compensation details, and campaign duration.

Your communication preferences and booking availability.

4.2 With Ruygrok Marketing (Agency)

As the operator of Nexaflow, Ruygrok Marketing has access to your business information to provide agency oversight and campaign review services, offer strategic recommendations, identify opportunities for full-service engagement, and ensure platform quality and compliance.

4.3 With Payment Processors

We share necessary information with Stripe to process subscription payments and campaign budgets, verify payment methods, handle refunds and disputes, and maintain payment security. Stripe processes payment information according to their privacy policy and PCI-DSS compliance standards.

4.4 With Service Providers

We share information with trusted third-party service providers who assist us:

Cloud Hosting: For secure data storage and platform infrastructure.

Analytics Services: To understand platform usage and improve services (aggregated data only).

Email Services: To send transactional emails and notifications.

Customer Support Tools: To provide efficient support services.

These providers are contractually obligated to protect your information and use it only for specified purposes.

4.5 Legal and Regulatory Compliance

We may disclose your information when required to comply with legal obligations and regulatory requirements, respond to valid legal processes (subpoenas, court orders, warrants), protect rights, property, or safety of Nexaflow, influencers, or the public, enforce our Terms and Conditions, or investigate and prevent fraud or security issues.

4.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, your business information may be transferred as part of that transaction. We will notify you of any such change and provide options regarding your information.

4.7 With Your Consent

We may share your business information with other parties when you provide explicit consent for specific purposes.

4.8 What We Don't Share

We do not sell your business information to third parties. We do not share your data with competitors. We do not provide your contact information to unrelated marketing companies. Campaign budgets and financial details remain confidential except as necessary for platform operations.

‍

5. DATA RETENTION FOR BUSINESS ACCOUNTS

5.1 Active Account Data

While your business account is active, we retain all information necessary to provide platform services, including business profile information, campaign history and performance data, payment and billing records, and communication history.

5.2 Subscription and Payment Records

We retain subscription and payment information for at least seven years to comply with financial record-keeping requirements, tax regulations, and accounting standards.

5.3 Campaign Historical Data

Completed campaign data may be retained for business analytics, platform improvement, dispute resolution, and historical reference. Campaign performance metrics may be used in aggregated, anonymized form for industry insights.

5.4 Account Closure

If you close your business account, we may retain certain information for legal compliance, ongoing obligations to influencers who completed campaigns, financial record-keeping requirements, fraud prevention, and dispute resolution. You may request deletion of eligible data subject to these requirements.

5.5 Data Deletion Requests

You can request deletion of your business data at any time. We will honor deletion requests except where retention is required by law, pending legal matters, unresolved disputes, or legitimate business purposes (such as completed campaign records).

‍

6. DATA SECURITY FOR BUSINESS ACCOUNTS

6.1 Technical Security Measures

We implement robust security measures to protect your business information:

Encryption: All data transmission uses SSL/TLS encryption. Sensitive data is encrypted at rest using industry-standard encryption algorithms.

Access Controls: Business data is accessible only to authorized personnel who require it for their job functions. Multi-factor authentication is available for account security.

Secure Infrastructure: Our platform is hosted on secure, enterprise-grade cloud infrastructure with regular security updates and monitoring.

Payment Security: All payment processing is handled through PCI-DSS compliant systems (Stripe). We never store complete payment card information.

6.2 Organisational Security Measures

Security Training: Our team receives regular security awareness training.

Privacy Policies: Internal policies govern employee access to and handling of business data.

Incident Response: We maintain incident response procedures for potential security breaches.

Regular Audits: Periodic security assessments and vulnerability testing.

6.3 Business Account Security

You can enhance your account security by using strong, unique passwords, enabling multi-factor authentication if available, not sharing account credentials, regularly reviewing account activity, and promptly reporting suspicious activity.

6.4 Data Breach Notification

In the unlikely event of a data breach affecting your business information, we will notify you promptly in accordance with applicable law and provide information about the nature of the breach, data affected, and steps being taken to address the situation.

‍

7. YOUR PRIVACY RIGHTS AS A BUSINESS

7.1 Access to Your Information

You have the right to access all personal and business information we hold about you. You can view and download most information directly through your account dashboard, including business profile details, campaign history, payment records, and analytics data.

7.2 Correction and Updates

You can update most business information directly through your account settings, including business details, contact information, venue details, and preferences. For information you cannot update directly, contact our support team.

7.3 Data Portability

You may request a copy of your business data in a structured, machine-readable format (such as CSV or JSON) to enable transfer to another service if desired.

7.4 Deletion Rights

You may request deletion of your business account and associated data, subject to legal retention requirements for financial records, completed campaign obligations, and dispute resolution needs. Campaign history involving influencer work may be retained as necessary.

7.5 Marketing Communications

You can control marketing communication preferences through your account settings or unsubscribe links in emails. Transactional emails (payment confirmations, campaign notifications) cannot be disabled as they are essential for platform operation.

7.6 Exercising Your Rights

To exercise any privacy rights, contact us at [Privacy Email] or through your account support portal. We will respond to requests within 30 days as required by applicable law and verify your identity before processing requests affecting your account.

‍

8. STRIPE PAYMENT INTEGRATION FOR BUSINESSES

8.1 Payment Processing Overview

All business payments on Nexaflow are processed through Stripe, a certified PCI Service Provider Level 1 (the highest level of payment security certification). This includes subscription fees and campaign budgets.

8.2 Information Collected by Stripe

When you make payments through our platform, Stripe collects and processes payment card information, billing address and contact details, transaction amounts and dates, device information for fraud prevention, and IP address and browser information. This information is collected and stored directly by Stripe according to their privacy policy and security standards.

8.3 Information We Receive from Stripe

We receive only the information necessary for account management and record-keeping:

Transaction Confirmations: Notification of successful or failed payments.

Transaction Details: Date, amount, and currency of transactions.

Payment Method Information: Last four digits of card and card type (for your reference).

Subscription Status: Active, past due, or canceled subscription status.

We do not receive or store your complete payment card details.

8.4 Recurring Billing

For subscription plans, Stripe handles automatic bi-monthly billing. Your payment method is securely stored by Stripe and charged automatically at the start of each billing period. You can update or remove payment methods through your account settings.

8.5 Payment Security

Stripe maintains the highest payment security standards through PCI-DSS Level 1 compliance, encryption of all payment data, tokenisation to replace sensitive card data, fraud detection and prevention systems, and secure payment processing infrastructure. We do not have access to your complete payment card information at any point.

8.6 Stripe's Privacy Policy

Your use of Stripe's payment services is governed by Stripe's Privacy Policy (stripe.com/privacy). We encourage you to review their privacy practices to understand how they protect your payment information.

8.7 Payment Disputes and Refunds

Payment disputes should first be raised through our support system. We will work with Stripe to resolve billing issues, process authorised refunds, and investigate payment discrepancies. Unauthorized chargebacks may result in account restrictions as outlined in our Business Terms.

‍

9. ANALYTICS AND CAMPAIGN PERFORMANCE DATA

9.1 Campaign Performance Tracking

We collect and analyse campaign performance data to provide you with insights and analytics:

View Metrics: Predicted vs. actual views delivered by influencers.

Engagement Data: Likes, comments, shares, and other engagement metrics.

Audience Insights: Demographics of audiences reached through campaigns.

ROI Indicators: Performance relative to campaign budget and objectives.

9.2 How We Use Analytics

Campaign performance data helps you make informed decisions about influencer selection, optimise future campaign strategies, understand return on investment, and track progress toward marketing goals.

We use aggregated analytics to improve platform features, enhance influencer matching algorithms, provide industry benchmarks (anonymised), and develop new tools for businesses.

9.3 Data Sharing and Anonymisation

Individual campaign data remains private to your account. We may use aggregated, anonymised data for platform improvement and industry insights without identifying specific businesses. Performance benchmarks and trends may be shared in anonymised form.

9.4 Influencer Performance Visibility

You can view historical performance data for influencers who have completed campaigns, including view delivery rates, engagement quality, and business ratings. This helps you make informed decisions about future collaborations.

‍

10. THIRD-PARTY INTEGRATIONS

10.1 Payment Services (Stripe)

As detailed in Section 8, we integrate with Stripe for all payment processing. Stripe's integration is essential for subscription billing and campaign budget management.

10.2 Cloud Infrastructure

Your business data is stored on secure cloud infrastructure provided by trusted enterprise cloud service providers. These providers are contractually obligated to maintain security and privacy standards.

10.3 Analytics Services

We use analytics services to understand platform usage and improve our services. These services receive only aggregated, non-personally identifiable information about platform usage patterns.

10.4 Communication Services

Email and notification services help us send important updates, transactional emails, and support communications. These providers are bound by strict data protection agreements.

10.5 No Direct Third-Party Marketing

We do not integrate with third-party marketing or advertising platforms that would share your business information for their own purposes.

‍

11. INTERNATIONAL DATA TRANSFERS

11.1 Primary Operations

Nexaflow primarily serves businesses in Australia. However, some of our service providers (including payment processors and cloud infrastructure) may store or process data in other countries.

11.2 Data Storage Locations

Your business data may be stored and processed in countries including but not limited to the United States (for Stripe payment processing and cloud hosting), Singapore (for cloud infrastructure), and other locations where our service providers operate.

11.3 Safeguards for International Transfers

When transferring business data internationally, we ensure appropriate safeguards:

Standard Contractual Clauses: Approved by regulatory authorities for international data transfers.

Service Provider Certifications: Ensuring service providers meet international security standards.

Compliance Verification: Regular review of service provider compliance with privacy regulations.

11.4 Data Protection Standards

Regardless of where data is stored or processed, we maintain consistent data protection standards aligned with Australian privacy law and international best practices.

‍

12. CHANGES TO THIS PRIVACY POLICY

12.1 Policy Updates

We may update this Business Privacy Policy to reflect changes in our practices, legal requirements, platform features, or industry standards.

12.2 Notification of Changes

For material changes to this policy, we will notify you through email to your registered business email address, prominent notice on the platform dashboard, and notification during your next login. The updated policy will show a new "Last Updated" date.

12.3 Review and Acceptance

We encourage you to review this Privacy Policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy. If you do not agree with changes, you may close your account.

12.4 Significant Changes

For significant changes that materially affect how we handle your business information, we may require explicit acknowledgment or consent before the changes take effect.

‍

13. CHILDREN'S PRIVACY

13.1 Age Requirement

Our business platform is designed for adults representing business entities. Users must be at least 18 years of age. We do not knowingly collect information from individuals under 18.

13.2 Business Verification

We may request verification that account holders have authority to represent their business and meet age requirements.

‍

14. CONTACT INFORMATION AND SUPPORT

14.1 Privacy Inquiries

For questions about this Business Privacy Policy or how we handle your business information: support@nexaflow.com.au

14.2 Data Protection Officer

For specific privacy-related matters, you may contact our Data Protection Officer at [DPO Email].

14.3 Business Support

For general business account support: support@nexaflow.com.au

14.4 Response Timeframes

We aim to respond to privacy inquiries within 30 days and general support requests within 2 business days.

‍

15. AUSTRALIAN PRIVACY COMPLIANCE

15.1 Australian Privacy Principles

We comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), including principles relating to open and transparent management of personal information, anonymity and pseudonymity where practicable, collection of solicited information, dealing with unsolicited information, notification of collection, use and disclosure, and data quality and security.

15.2 Privacy Complaints

If you have a complaint about how we handle your business information:

Step 1: Contact our Privacy Team using the details in Section 14.

Step 2: We will acknowledge your complaint within 7 days.

Step 3: We will investigate and respond with our findings within 30 days.

Step 4: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.

15.3 Office of the Australian Information Commissioner

You may contact the OAIC:

Website: oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

15.4 Australian Business Obligations

As a business user, you acknowledge that you may also have obligations under Australian privacy law when collecting information about influencers or customers through your campaigns. You are responsible for compliance with applicable privacy laws in your business operations.

‍

16. ACKNOWLEDGMENT

By creating a business account and using the Nexaflow platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your business information as described in this Business Privacy Policy.

‍