This Privacy Policy explains how NEXA ("we", "us", "our") collects, uses, stores and shares your personal data when you visit our website, create an account, or otherwise interact with our services. It is provided in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Swiss Federal Act on Data Protection (FADP).

1. Data controller

The data controller is NEXA, based in 6900 Lugano, Switzerland. For any privacy-related question or request, you can reach us at info@nexa-network.com.

2. What data we collect

Depending on how you use NEXA, we may collect the following categories of personal data:

  • Account data — when you sign up: first name, last name, email address, password (stored as a salted hash), and your account type (assigned after signup; may be Talent, Pro, Studio or Elite).
  • Social login data — if you sign in via Google or LinkedIn: your provider user ID, name, email and basic profile information shared by the provider during authentication.
  • Waitlist data — if you join our waitlist: your email address.
  • Contact data — if you reach out via our contact form: your name, email and the content of your message.
  • Content you publish — articles, comments and any media (images, PDFs) you upload through our editorial tools.
  • Technical data — server logs strictly required to operate the service (IP address, request timestamps, user agent), retained for security and debugging purposes.

3. Why we process your data

  • To create and maintain your account, authenticate you and provide the service you signed up for.
  • To send you operational messages (e.g. password resets, security notices, important changes to the service).
  • To respond to your messages and waitlist subscriptions.
  • To prevent fraud, abuse and to keep the platform secure.
  • To comply with our legal obligations.

4. Legal basis

We process your personal data on the following legal bases (Art. 6 GDPR):

  • Performance of a contract — to deliver the services you request when you create an account.
  • Consent — for example, when you join our waitlist or send us a message.
  • Legitimate interest — to keep the platform secure and to investigate misuse.
  • Legal obligation — when we are required to retain or disclose data by applicable law.

5. Who we share your data with

We do not sell your personal data. We share data only with carefully selected service providers (data processors) acting on our instructions:

  • Hosting and storage — our infrastructure provider, used to host the application and to store uploaded files.
  • Authentication providers — Google and LinkedIn, only if you choose to sign in via social login. The corresponding privacy policies apply on their domains.
  • Email delivery — the transactional email provider used to send operational messages.

We may also disclose data when required by a court order, by law, or to protect our rights and the safety of our users.

6. Data retention

We keep your data only for as long as needed to provide the service and to comply with legal obligations. Account data is kept until you delete your account; waitlist and contact data are kept until they are no longer useful for the purpose for which they were collected, or until you ask us to remove them.

7. Your rights

You have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data ("right to be forgotten");
  • request restriction or object to processing;
  • request portability of your data;
  • withdraw your consent at any time, where processing is based on consent;
  • lodge a complaint with the relevant supervisory authority (in Switzerland, the FDPIC).

To exercise these rights, contact us at info@nexa-network.com.

8. International transfers

Some of our service providers may process data outside Switzerland and the EU/EEA. When this happens, we ensure appropriate safeguards are in place (e.g. EU Standard Contractual Clauses, adequacy decisions).

9. Security

We apply technical and organisational measures to protect your data: encrypted connections (HTTPS), password hashing, role-based access controls, regular updates, and audit logging. No system is perfectly secure, but we work continuously to keep your data safe.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated to you via email or through a notice in the application.

11. Contact

For any question about this policy or about how we handle your data, write to info@nexa-network.com.