Legal

Privacy Policy

At Nexoforma, protecting your personal information is a core part of how we operate. This policy explains what data we collect, why we collect it, and how we keep it safe.

Effective Date: April 17, 2026

01 / WHO WE ARE

Company Information

Nexoforma is a managed remote staffing company that provides dedicated, AI-trained employees to businesses across the United States, United Kingdom, Germany, Switzerland, Netherlands, Canada, Australia, New Zealand, Singapore, Japan, and the Middle East. When we refer to "Nexoforma," "we," "us," or "our" in this policy, we mean the Nexoforma entity responsible for processing your data.

Data Controller Contact

Nexoforma

Website: nexoforma.com

Privacy Inquiries: privacy@nexoforma.com

02 / DATA COLLECTION

Information We Collect

We collect information in three ways: data you provide directly, data collected automatically when you use our website, and data obtained from third parties.

Information You Provide

  • Contact details β€” name, email address, phone number, and company name when you fill out a form, book a consultation, or contact us
  • Business information β€” company size, industry, staffing requirements, and budget range submitted during consultation requests
  • Account information β€” login credentials and profile details if you create a client portal account
  • Payment information β€” billing address and payment details processed through our secure payment providers (we do not store full card numbers)
  • Communications β€” messages, feedback, and support requests you send us via email, chat, or phone

Information Collected Automatically

  • Device and browser data β€” IP address, browser type, operating system, device identifiers, and screen resolution
  • Usage data β€” pages visited, time spent, click patterns, referring URLs, and navigation paths
  • Location data β€” approximate geographic location derived from your IP address
  • Cookie data β€” information stored via cookies and similar tracking technologies (see Section 4 below)

Information From Third Parties

  • Business directories and public sources β€” company information from LinkedIn, public databases, and industry directories for B2B outreach
  • Analytics partners β€” aggregated insights from tools like Google Analytics
  • Referral partners β€” your name and contact details if someone refers you to our services
03 / DATA USAGE

How We Use Your Information

We process your personal data only when we have a lawful basis to do so. Here is how and why we use the information we collect:

Purpose Legal Basis
Responding to your inquiries and consultation requests Contractual necessity / Consent
Matching you with suitable remote employees Contractual necessity
Processing payments and managing your account Contractual necessity
Sending service updates, onboarding materials, and operational communications Contractual necessity / Legitimate interest
Sending marketing communications (only with your permission) Consent
Improving our website, services, and user experience Legitimate interest
Analyzing traffic patterns and website performance Legitimate interest / Consent
Preventing fraud, securing our systems, and complying with legal obligations Legal obligation / Legitimate interest

We will never sell your personal data to third parties. Period.

04 / COOKIES

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to deliver a better experience and understand how visitors interact with our content. Here is what we use and why:

Essential Cookies

Required for the website to function properly. These handle session management, security, and core features. You cannot opt out of essential cookies.

Analytics Cookies

Help us understand traffic patterns, popular pages, and user behavior through tools like Google Analytics. All data is aggregated and anonymized where possible.

Functional Cookies

Remember your preferences β€” such as language, region, and form auto-fill β€” so you have a smoother experience on return visits.

Marketing Cookies

Used to deliver relevant ads and measure campaign effectiveness. These are only placed with your explicit consent.

You can manage cookie preferences through your browser settings or our cookie consent banner. Most browsers allow you to block or delete cookies, though this may affect site functionality.

05 / THIRD-PARTY SERVICES

Third-Party Services We Use

We work with trusted third-party providers to operate our business. These services may process personal data on our behalf, and each is bound by data processing agreements:

  • Analytics β€” Google Analytics, for understanding website traffic and user behavior
  • Payment processing β€” Stripe and/or other PCI-compliant providers for secure payment handling
  • Email and communications β€” email service providers for transactional and marketing communications
  • CRM and sales tools β€” customer relationship management platforms to manage client interactions
  • Cloud hosting β€” infrastructure providers for secure data storage and website hosting
  • Scheduling tools β€” Calendly or similar platforms for booking consultations

We only share the minimum data necessary for each service to function. We do not permit third-party providers to use your data for their own marketing purposes.

06 / GDPR COMPLIANCE

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR grant you specific rights regarding your personal data.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data when it is no longer necessary.

Right to Restrict Processing

Ask us to limit how we process your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interest or direct marketing.

Right to Withdraw Consent

Withdraw consent at any time for consent-based processing.

Right to Lodge a Complaint

File a complaint with your local data protection authority.

To exercise any of these rights, email us at privacy@nexoforma.com. We will respond within 30 days.

07 / CCPA COMPLIANCE

Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

  • Right to Know β€” You can request what personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete β€” You can request that we delete the personal information we have collected from you, subject to certain legal exceptions.
  • Right to Correct β€” You can request that we correct inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing β€” We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination β€” We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@nexoforma.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

08 / DATA RETENTION

How Long We Keep Your Data

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Data Type Retention Period
Client account and contract data Duration of relationship + 5 years
Consultation and inquiry records 2 years from last interaction
Payment and billing records 7 years (legal/tax requirements)
Marketing consent records Until consent is withdrawn
Website analytics data 26 months (anonymized thereafter)
Cookie data Varies by cookie (up to 13 months for analytics)

When data reaches the end of its retention period, we securely delete or anonymize it.

09 / INTERNATIONAL TRANSFERS

International Data Transfers

As a global remote staffing company, we operate across multiple countries. Your personal data may be transferred to and processed in countries outside your country of residence, including countries where our team members and service providers are located.

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) β€” We use EU-approved SCCs for transfers from the EEA to countries without an adequacy decision.
  • UK International Data Transfer Agreement β€” For transfers from the UK, we use the UK IDTA or UK Addendum to SCCs.
  • Data Processing Agreements β€” All third-party processors are bound by contractual obligations to protect your data.
  • Encryption and access controls β€” Technical measures including encryption in transit and at rest, and role-based access controls.
10 / YOUR RIGHTS

Exercising Your Rights

Regardless of where you are located, you have the right to:

  • Access your personal data and receive a copy
  • Correct inaccurate or outdated information
  • Delete your personal data (where legally permissible)
  • Opt out of marketing communications at any time
  • Withdraw consent where processing is based on consent

How to submit a request

Email privacy@nexoforma.com with your full name and the specific right you wish to exercise. We will verify your identity and respond within the legally required timeframe (typically 30 days for GDPR, 45 days for CCPA).

11 / DATA SECURITY

How We Protect Your Data

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication for internal systems

Organizational Safeguards

  • Role-based access controls (principle of least privilege)
  • Staff training on data protection and privacy
  • Incident response procedures for data breaches
  • Vendor security assessments before onboarding

No system is 100% secure. If you suspect unauthorized access to your data, contact us immediately at privacy@nexoforma.com.

12 / CHILDREN'S PRIVACY

Children's Privacy

Nexoforma provides B2B staffing services designed for businesses and professionals. Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

If you believe that a child has provided us with personal information, please contact us at privacy@nexoforma.com, and we will promptly delete that information from our systems.

13 / POLICY UPDATES

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons. When we make changes:

  • We will update the "Effective Date" at the top of this page
  • For material changes, we will notify you by email or through a prominent notice on our website
  • We encourage you to review this policy periodically

Your continued use of our website and services after any changes constitutes acceptance of the updated policy.

14 / CONTACT US

Privacy Questions or Concerns?

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, we are here to help.

Email Us

For all privacy-related inquiries:

privacy@nexoforma.com

Response Time

We aim to respond to all privacy requests within 72 hours, and to fulfill legal data requests within the required timeframe (30 days GDPR, 45 days CCPA).

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.