Privacy Policy

1. Introduction

NexDesign Agency Pty Ltd (ACN: 643850159) trading as NexChat ("we", "our", or "us") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

Our registered office is located in Melbourne, Victoria, Australia, and we operate in compliance with Australian privacy laws and regulations.

2. Information We Collect

We collect personal information that you provide to us directly, including:

• Identity information: name, email address, phone number
• Account information: username, password (encrypted), profile details
• Business information: company name, ABN/ACN, business address
• Payment information: billing address, payment method details (processed securely through third-party payment processors)
• Usage data: how you interact with our platform, features used, chat history
• Technical data: IP address, browser type, device information, cookies
• Communications: correspondence with our support team, feedback, and inquiries

3. Google API / Google Workspace Data

NexChat integrates with Google APIs and Google Workspace services to enable enhanced functionality. This section describes how we access, use, store, and protect Google user data.

3.1 When We Access Google Data

We only access your Google data when you explicitly connect your Google account to NexChat and authorize the integration. You remain in full control and can revoke access at any time through your Google Account settings or within NexChat.

3.2 What Google Data We Access

• Google Sign-In (Basic Profile): If you use Google Sign-In to authenticate, we receive your name, email address, and profile image as provided by Google's authentication service. This is limited to the basic profile information returned by the Google Sign-In flow.
• Google Sheets Integration: When you choose to import training data from Google Sheets, we access:
  • Spreadsheet file name and unique ID
  • Sheet names within the spreadsheet
  • Cell data and ranges that you specifically select to import
  We only access the specific spreadsheets and data ranges you explicitly authorize during the import process.

Scope Requested: https://www.googleapis.com/auth/spreadsheets.readonly

This read-only scope allows NexChat to view your Google Sheets data only. We cannot modify, delete, or create spreadsheets.

3.3 Why We Access Google Data

We access your Google data solely to enable the features you have explicitly requested:

• Authentication: To provide a convenient and secure sign-in method using your existing Google account
• Training Data Import: To allow you to import content from Google Sheets as training data for your AI chatbot agent
• Service Functionality: To build and operate your NexChat agent's knowledge base using the data you choose to import

We do not access your Google data for any purpose beyond what you have explicitly authorized and what is necessary to deliver the requested functionality.

3.4 How We Use Google Data

Google user data is used strictly for the purposes disclosed above:

• Processing: We process imported Google Sheets data to create and maintain your chatbot agent's knowledge base
• Storage: Data is stored securely in our database to enable your agent to respond to user queries
• Display: Data may be displayed back to you within NexChat for review and management purposes
• Support: Our support team may access your Google-sourced data only when necessary to troubleshoot technical issues you report

3.5 Sharing and Transfer of Google Data

• We do not sell Google user data. Your Google data is never sold, rented, or traded to third parties.
• We do not use Google user data for advertising. Google data is not used for ad targeting, personalization, or remarketing purposes.
• We do not share with data brokers. We do not provide Google user data to data brokers or aggregators.
• Subprocessors: We may share Google user data with the following service providers solely to deliver our service:
  • Supabase (Database Hosting): For secure storage and data management
  • Vercel (Application Hosting): For hosting the NexChat platform
  • OpenAI: For AI chatbot functionality when your agent responds to queries using Google-imported training data
  These subprocessors are contractually bound to protect your data and use it only as instructed by NexChat.
• No Unauthorized Transfer: We do not transfer Google user data to any third party except as disclosed above and only to the extent necessary to provide the NexChat service.

3.6 Retention and Deletion of Google Data

We retain Google user data only as long as necessary to provide the services you have requested:

• Active Use: While your agent is active and using Google Sheets as a training data source, we retain the imported data to power your agent's responses
• Data Source Deletion: If you delete a Google Sheets training data source from your agent, the associated data is permanently deleted from our systems within 30 days
• Agent Deletion: If you delete an agent that uses Google-imported data, all associated Google data is permanently deleted within 30 days
• Account Closure: If you close your NexChat account, all Google user data is permanently deleted within 30 days
• User-Requested Deletion: You may request immediate deletion of your Google user data at any time by emailing us at hello@nexchat.co or using the in-app delete function

3.7 Revoking Access to Google Data

You can revoke NexChat's access to your Google data at any time through:

• Google Account Settings: Visit Google Account Permissions and remove NexChat's access
• Within NexChat: Navigate to your agent settings and disconnect the Google Sheets integration

Once access is revoked, NexChat can no longer access your Google data. Any previously imported data will remain in your agent's knowledge base unless you explicitly delete the training data source.

3.8 Security Controls for Google Data

We apply the same rigorous security measures to Google user data as we do to all personal information:

• Encryption in Transit: All data transmitted between NexChat and Google APIs uses TLS/SSL encryption
• Encryption at Rest: Google user data stored in our database is encrypted at rest
• Access Controls: Strict role-based access controls limit who can view or process Google user data
• Authentication: OAuth 2.0 authentication ensures secure, token-based access to Google services
• Audit Logging: All access to Google user data is logged for security monitoring and compliance purposes
• Regular Security Reviews: We conduct regular security audits and vulnerability assessments

3.9 User Control and Transparency

You maintain full control over your Google data at all times:

• Explicit Authorization: We only access Google data after you explicitly grant permission
• Granular Permissions: You choose which specific spreadsheets to connect
• Read-Only Access: We can only read your Google Sheets data; we cannot modify or delete your Google files
• Visibility: You can view all Google-imported training data within your NexChat agent settings
• Easy Disconnection: You can disconnect Google Sheets integration at any time without losing other agent functionality

4. How We Collect Information

We collect personal information through:

• Direct interactions when you register, subscribe, or contact us
• Automated technologies including cookies, analytics tools, and tracking pixels
• Third-party sources including payment processors and analytics providers
• Your use of our AI chatbot platform and related services
• Google APIs when you authorize Google Sheets integration (see Section 3)

5. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI chatbot platform
• Account Management: To create and manage your account, authenticate users
• Communication: To send service updates, notifications, and respond to inquiries
• Billing: To process payments and manage subscriptions
• Analytics: To understand usage patterns and improve our services
• Security: To detect and prevent fraud, abuse, and security incidents
• Legal Compliance: To comply with Australian laws and regulations
• Marketing: To send promotional materials (with your consent, which you can withdraw at any time)

6. Disclosure of Information

We may disclose your personal information to:

• Service Providers: Third-party vendors who assist in operating our platform (e.g., hosting, payment processing, analytics)
• AI Service Providers: OpenAI and other AI service providers for chatbot functionality
• Business Partners: With your consent, for specific business purposes
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In connection with mergers, acquisitions, or sale of assets

We do not sell your personal information to third parties.

7. Overseas Disclosure

Some of our service providers and data storage facilities are located overseas, including:

• United States (cloud hosting, AI services)
• European Union (backup services)

When we disclose personal information overseas, we take reasonable steps to ensure that the recipient complies with the APPs or is subject to a substantially similar privacy regime.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and monitoring
• Employee training on data protection
• Incident response procedures

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights and Choices

Under Australian privacy law, you have the following rights:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Opt-out: Unsubscribe from marketing communications
• Complaint: Lodge a complaint about how we handle your personal information

To exercise these rights, please contact us at hello@nexchat.co

10. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Analyze platform usage
• Improve user experience

You can control cookies through your browser settings. Disabling cookies may affect platform functionality.

11. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Account data is typically retained for the duration of your account plus 7 years for business and tax record purposes in accordance with Australian law.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Complaints

If you have a complaint about how we handle your personal information, please contact us first at hello@nexchat.co. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: