Next Stakk Privacy Policy

NextStakk ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at nextstakk.com, use our services, or interact with our platforms.

This Privacy Policy applies to all users of our website and services, including prospective clients, active clients, maintenance subscription customers, and visitors to our website.

By using our services or providing us with your personal information, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services or provide us with your personal information.

We collect several types of information from and about users of our services:

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Submit a quote request: Name, email address, phone number, company name, project details, budget information, timeline requirements
• Create an account: Name, email address, password, company information, billing address, phone number
• Execute a contract: Full legal name, signature, IP address, device information (for electronic signatures), business details, tax identification numbers
• Make a payment: Billing information (processed by Stripe - we do not store full credit card details), billing address, VAT number (if applicable)
• Subscribe to maintenance services: Contact information, website/application details, hosting credentials (when necessary), access credentials for systems requiring maintenance
• Contact us: Name, email address, phone number, message content, any information you choose to include in communications
• Submit support requests: Technical issue descriptions, system information, error logs, screenshots

1.2 Information Automatically Collected

When you access our website or use our services, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device type, screen resolution
• Usage Information: Pages visited, time spent on pages, links clicked, referral source, date and time of visits
• Location Information: General geographic location based on IP address (country, region, city)
• Cookies and Similar Technologies: Cookie identifiers, session data, preferences

1.3 Information from Third Parties

We may receive information about you from third-party sources:

• Payment Processors: Payment confirmation, transaction details, billing information (from Stripe)
• Analytics Services: Website usage statistics, user behavior patterns
• Business Partners: Referral information, project requirements (with your consent)

1.4 Project-Related Information

During the course of providing services, we collect:

• Content and materials you provide for projects
• Feedback and approval communications
• Project milestone completion data
• Technical specifications and requirements
• Access credentials for development environments (stored securely)
• Communications related to project management

We use the information we collect for the following purposes:

2.1 Service Provision

• Provide, maintain, and improve our software development services
• Process and respond to quote requests
• Execute contracts and deliver agreed-upon services
• Manage maintenance subscriptions and provide ongoing support
• Communicate about projects, timelines, and deliverables
• Grant access to client portals and project management systems

2.2 Billing and Payments

• Process payments and manage billing
• Issue invoices and receipts
• Manage subscriptions and recurring payments
• Calculate and apply applicable taxes (VAT, sales tax)
• Detect and prevent fraudulent transactions

2.3 Communication

• Send project updates and milestone notifications
• Respond to inquiries and support requests
• Send transactional emails (payment confirmations, contract notifications)
• Provide customer support
• Send important service announcements and policy updates

2.4 Business Operations

• Maintain and improve our website and services
• Analyze usage patterns and optimize user experience
• Conduct internal research and development
• Monitor and analyze business metrics
• Manage team assignments and project allocation

2.5 Legal and Security

• Comply with legal obligations and regulatory requirements
• Protect against fraud, security threats, and illegal activity
• Enforce our Terms of Service and other policies
• Maintain audit logs for security and compliance purposes
• Respond to legal requests and prevent harm

2.6 Marketing (With Consent)

• Send promotional communications about our services (you can opt out anytime)
• Display completed projects in our portfolio (with client permission)
• Create case studies (subject to confidentiality agreements)
• Testimonials and reviews (with explicit permission)

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, we process your personal data based on the following legal grounds:

• Contract Performance: Processing is necessary to perform our contract with you or take steps at your request before entering into a contract (e.g., providing services, processing payments)
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, maintaining security, or conducting business analytics
• Legal Obligation: Processing is necessary to comply with legal obligations, such as tax laws, accounting requirements, or responding to lawful requests
• Consent: You have given explicit consent for specific processing activities, such as marketing communications or displaying your project in our portfolio

You have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before withdrawal.

We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

• Payment Processing: Stripe (for payment processing and billing)
• Email Services: Resend (for transactional and service-related emails)
• Hosting Services: Vercel, Neon (for website and database hosting)
• Analytics: Website analytics providers (anonymized data)
• Customer Support: Tawk.to (for live chat support)

These service providers are contractually obligated to use your information only for the purposes we specify and to implement appropriate security measures.

4.2 Team Members

We share project-related information with our employees, contractors, and team members who need access to perform services on your behalf. All team members are bound by confidentiality obligations.

4.3 Business Transfers

If NextStakk is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Prevent fraud or security threats
• Enforce our Terms of Service

4.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

We use cookies and similar tracking technologies to collect information about your use of our website.

5.1 What Are Cookies

Cookies are small text files stored on your device that help us recognize you, remember your preferences, and improve your experience.

5.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors use our website
• Performance Cookies: Improve website speed and performance

5.3 Third-Party Cookies

Some cookies are placed by third-party services we use:

• Stripe (for payment processing)
• Analytics providers (for website analytics)
• Tawk.to (for live chat functionality)

5.4 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific websites
• Delete all cookies when you close your browser

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

6.1 Security Measures

• Encryption of data in transit using SSL/TLS
• Encryption of sensitive data at rest
• Secure password hashing (bcrypt)
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Secure hosting infrastructure
• Regular backups of critical data
• Employee training on data protection and security

6.2 Payment Security

We use Stripe, a PCI DSS Level 1 certified payment processor, for all payment processing. We do not store full credit card details on our servers. Payment information is encrypted and transmitted securely to Stripe.

6.3 Limitations

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

6.4 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Logging out of your account when finished
• Notifying us immediately of any suspected security breach

6.5 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Account Information: Retained for the duration of your account plus 7 years after account closure (for legal and tax purposes)
• Contract and Project Data: Retained for 7 years after project completion (for legal, tax, and warranty purposes)
• Payment Records: Retained for 7 years (for tax and accounting requirements)
• Support Communications: Retained for 3 years or until issue resolution
• Marketing Opt-Out Lists: Retained indefinitely to honor your preferences
• Website Analytics: Retained for 26 months in anonymized form

7.2 Deletion

After the retention period expires, we securely delete or anonymize your personal information. You may request earlier deletion by contacting us, subject to our legal obligations to retain certain information.

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

You have the right to request access to your personal information and receive a copy in a structured, commonly used format.

8.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly in your account settings.

8.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations to retain records, ongoing contracts, dispute resolution).

8.4 Restriction

You have the right to request restriction of processing of your personal information in certain circumstances.

8.5 Objection

You have the right to object to processing of your personal information for direct marketing purposes or where processing is based on legitimate interests.

8.6 Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

8.7 Marketing Communications

You can opt out of marketing emails by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us directly

You will continue to receive transactional emails related to your account and services.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@nextstakk.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8.9 Complaints

If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

We operate globally and may transfer your personal information to countries other than your own, including the United States and United Kingdom, which may have different data protection laws.

9.1 Transfer Mechanisms

When transferring personal data internationally, we use appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Ensuring recipients are in countries with adequate data protection levels
• Implementing appropriate technical and organizational security measures

9.2 Data Processing Locations

Your personal information may be processed and stored in:

• United Kingdom (primary operations)
• United States (hosting infrastructure, payment processing)
• European Union (backup services, email services)

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are under 18, please do not use our services or provide any personal information to us.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as soon as possible.

If you believe we have collected information from a child, please contact us immediately at privacy@nextstakk.com.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request disclosure of:

• Categories and specific pieces of personal information we have collected
• Categories of sources from which we collected personal information
• Our business or commercial purpose for collecting personal information
• Categories of third parties with whom we share personal information

11.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

11.3 Right to Opt-Out of Sale

We do not sell personal information as defined by the CCPA.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11.5 Shine the Light Law

California's "Shine the Light" law permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this policy
• Post the updated policy on our website
• Notify you via email if you have an account with us
• Obtain your consent if required by applicable law

Your continued use of our services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.