Privacy Policy

Last Updated: December 28, 2023

Thank you for using NexStack products and services. We are committed to protecting your privacy through our compliance with this Policy.

NexStack offers an online, multi-tool business management, efficiency, and communications platform and standalone applications including but not limited to instant messaging services, cloud storage audio and video calls, and other functions, as well as services that interoperate with other software (collectively, the “Platform”). The Platform and its related services, products, sub-applications within the Platform, standalone applications associated with the Platform, software program and content are collectively referred to herein as the “Services.”

This privacy policy (“ Policy ”) sets out the basis on which your data will be processed, collected, used, and disclosed by us when you access or use our Services, together with all related services, products, software programs and content we provide, including any other services where this Policy is shown. For further information about the applicability of the Policy, please see the section “How Does This Policy Apply”.

Please read the following carefully to understand our approach and practices regarding the processing of your information. For the purposes of this Policy, we use “information”, “personal information” and “personal data” to refer to information relating to an identified or identifiable natural person. We also use the term “ Business Workplace Owner ” to refer to accounts owned by (i) a corporate entity or (ii) a third party who uses it for non-personal purposes.

How Does This Policy Apply?

Under certain data protection laws, a party is either a controller or a processor of data. In general, we are the controller of the information described in the “Types of Information We Collect and Use” section. However, in certain situations, we act as a processor. For example, if a Business Workplace Owner invites you to create an account for its business purposes and you use the Services as an authorized user of its Workplace (“ Authorized Business User Account ”), we are a processor and the Business Workplace Owner is the controller of “Workplace Data” you generate when you are signed into your Authorized Business User Account. This data and any other data the Business Workplace Owner may control are referred to herein as “ Business Owner Controlled Data. ” Please note that this Policy does not cover the processing of Business Owner Controlled Data unless such data is shared with us by the Business Workplace Owner as the data controller. Such processing is primarily covered by the Business Workplace Owner’s privacy policy, a separate agreement between the Business Workplace Owner and NexStack which governs delivery, access and use of the Services and/or the employment agreement (or any agreement in lieu of the employment agreement) between you and the Business Workplace Owner.

Please note that Business Owner Controlled Data does not include Workplace Data that you generate when you are signed into your personal account, even when you interact with Workplaces associated with Business Workplace Owners. Additionally, upon termination of your Authorized Business User Account by a Business Workplace Owner, NexStack will automatically convert your Authorized Business User Account to a personal account. If you continue to use the Services when signed into personal account, we will then generally be the controller of the data associated with that personal account, including Workplace Data.

Types of Information We Collect and Use

We may collect and use the following types of information when you access the Platform or use the Services:

Account Data. To create an account, you or a Business Workplace Owner may give us your name, photo, phone number, email address, password information, and/or similar account details. In addition, if you use a paid version of the Services or certain portions of our Services that enable purchases, we will collect billing details from you or a Business Workplace Owner, including credit card information, banking information and/or billing address.

Workplace Data. We collect and process the content you generate on the Platform and with the Services, including:

  • any messages, files, photos, documents, or other content that you upload, view, edit, share or comment on;
  • your uploaded address book and contacts, if you choose to provide it;
  • voice and video data, including when you use voice messaging and conference services, and any associated transcripts; and search queries and commands.

Administrative and Interactions Data. We also collect and process data to administer, provide, optimize, and market the Services. Some of this data is collected automatically, including by our service providers and third-party vendors. Administrative and Interactions Data includes:

  • metadata and inference information related to your use of the Services, such as your online status, chat details, the features and embedded content you interact with, the types of files you share, and what, if any, third-party integrations you use;
  • internet network activity, cookies, and similar tracking technologies, such as data our servers automatically record, such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information;
  • data about your online activity on websites and connected devices over time and across third party websites, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience;
  • data about the device you are using to access the Services and related device activity, such as mobile carrier, device IDs, and operating system version; and data regarding your communications with us, for example, when you provide us with feedback or contact us with a question or comment through our chat or call services (including on social media).

Location Data. We collect and process information about your location including general location information (e.g., city, state, country and/or zip code) based on your SIM card, IP address, or other device information. With your permission, we may also collect your precise location and Global Positioning System (GPS) data. You may switch off GPS and location information in your system settings. If you choose to share your location with us and consent to our use of this data, we may process this information to provide you with relevant services based on location.

Third Party Data. NexStack permits the integration of other services and applications with our Services. If you are using an integrated third-party service, we may receive and process data from that third party (and will also share certain data with that third party, including data described in the above) in order to provide the integrated service.

This Policy does not apply to the processing of your information by third-parties through your use of any third-party integrations available via our services. When using integrated apps and services on NexStack, please always review the relevant third-party provider’s legal documents including but not limited to Terms of Service and Privacy Policy.

How We Use Information

In addition to the purposes already set out above, we may use, process and/or disclose your information for the following purposes including to:

  • Administer, operate, and provide the Services;
  • Provide user support and respond to, handle, and process queries, requests, applications, complaints, and feedback from you;
  • Investigate and help prevent security issues and abuse, help improve the security of our Services, including use of automated systems to analyze content such as documents, instant messages and emails to detect abuse, such as spam, malware, and illegal content;
  • Better understand your interests and needs, and personalize your experience on the Services;
  • Analyze and research how you interact with our websites and applications;
  • Continually improve the Services and products, including adding new features or capabilities;
  • Comply with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority in accordance with or required by applicable law, regulation or legal process;
  • Communicate with you, including to notify you with service messages about changes to our Platform or Services;
  • Send marketing and promotional materials from us or on behalf of our affiliates and trusted third party business partners;
  • Measure and understand our marketing campaigns and the effectiveness of such campaigns;
  • Enforce our terms, conditions and policies;
  • Fulfill any other purposes for which you have provided the data;
  • Transmit to third parties including our business partners, third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in US or abroad, for the aforementioned purposes;
  • Fulfill other business purposes related to or in connection with the above.

Combined Information

Unless otherwise prohibited by law, we may combine the information that we collect through your use of our Services with information that we receive from other sources, both online and offline, and use that combined information as set forth above.

Aggregated and De-identified Information

We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“ Aggregate/De-Identified Information ”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties in our discretion.

Legal Bases

If you are an individual from the European Economic Area (“EEA”), the UK, Switzerland or any country which requires notification of the legal bases for processing, our legal bases under the General Data Protection Regulation (“GDPR”) and applicable data protection laws of each such country, for collecting and using your information described above will depend on the particular type of information and the specific context in which we collect it. However, some examples of legal bases for processing that we rely on:

  • Where we have your consent to do so;
  • Where use of your information is necessary to perform our obligations under a contract with you (e.g., to comply with the Customer Terms of Service or User Terms of Service and deliver the Services);
  • Where use of your information is necessary for our legitimate interests or the legitimate interest of others (e.g., to operate our Services; provide security for our Services; prevent fraud; analyze use of and improve our Services; and for similar purposes); and
  • Where use of your information is necessary to comply with applicable legal obligations.

How We Share Your Information

We may disclose, at our sole discretion or per your Business Workplace Owner's instructions (if any), your information (including, for example, data which you choose to share with us through Third Party Integrations with NexStack Email such as Gmail) with the following third parties, including, without limitation, to those who may be processing your information on our behalf for one or more of the purposes stated above and herein:

Service Providers and Third-Party Vendors

We may disclose your information to service providers who support our business, such as cloud service providers and other technology third-party vendors. These service providers and vendors help us provide, administer and support the Services, including but not limited to research, payment processing and transaction fulfillment, information system maintenance, data processing and storage, analytics, measurement, and disaster recovery.

Business Workplace Owners and its Designated Third Parties

We will share certain information about you with Business Workplace Owners or any third parties designated by Business Workplace Owners only if you are an Authorized User of such Business Workplace Owner.

Third Party Integrations

We may share certain data with Third Party Integrations if you give such Third Party Integrations access to your account and information, and any content you choose to use in connection with those Third Party Integrations.

Our Corporate Group

We may also share your information with other members, subsidiaries, or affiliates of NexStack’s corporate group, in order to provide, maintain and improve the Services.

Sale or Merger

As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, user information would likely be one of the transferred assets.

Law Enforcement

We may disclose your information as we believe to be necessary or appropriate to: comply with applicable law and legal processes; respond to requests from public and government authorities; enforce Our User Terms of Service ; protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and/or allow us to pursue available remedies or limit the damages that we may sustain.

With Your Consent

We may share your information for other purposes pursuant to your consent or at your direction.

International Data Transfers

International data transfers are necessary for us to provide the Services and fulfill our contractual obligations to you relating to the Services. We share your personal data globally with companies of our business group to carry out the activities specified in this Policy. We may also subcontract the processing of data involved in the Services or share your personal data with third parties located in other countries. We rely on permitted legal bases and exceptions and will comply with requirements under applicable laws, in relation to such transfers.

We maintain servers located in US, Singapore and Japan and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this Policy. When required by applicable law, we will provide an adequate level of protection for your personal data using various means, including where appropriate, relying on a formal decision that a certain country ensures an adequate level of protection for personal data, or complying with Model Contractual Clauses.

In the case where you are an authorized user of a Business Workplace Owner, your Business Workplace Owner will determine which servers will process and store your information. Your Business Workplace Owner may also choose to share your information with parties that are located outside of the country where you live. Your Business Workplace Owner will protect your personal data and comply with requirements under applicable laws in relation to such transfers.

Security of Your Information

We attach great importance to the security of your information and have in place technical, managerial and physical safeguards, including an internal policy for data protection, limiting access to personal data on a need-to-know basis and controlling access to facilities where personal data is processed, in order to prevent any unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold.

However, like all information transferred over the internet, please note that information you send to us electronically may not be secure when it is transmitted to us.

Despite our best efforts, you understand that due to technical limitations and various potential malicious attacks, no security measures are perfect or impenetrable and it is impossible to ensure permanent and absolute security. Therefore, we strongly suggest you take active measures, including but not limited to using a complicated password, regularly changing your password, and avoiding disclosure of your account password or other information relating to logging in to your account, so as to protect the security of your information. We also recommend that you do not use unsecure channels to communicate information or other sensitive or confidential information to us.

For detailed information, please visit NexStack security center .