Privacy Policy

This Privacy Policy explains how Nexxt Nest Group ("Nexxt Site Manager", "we", "us") collects, uses, stores, discloses and protects your personal information when you use the Nexxt Site Manager platform at nexxtsitemanager.com.au (the "Service"). We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information we collect

We collect only what the Service needs to function:

• Account information — your email address, and the builder profile you choose to provide: company / trading name, authorised representative name, ABN, VBA builder licence number, and phone number.
• Content you submit — the project details, descriptions and files you enter into the AI tools to generate documents.
• Usage data — records of which tools you use and when, for billing, quota and product-improvement purposes.
• Billing information — subscription and payment records. Card details are handled entirely by Stripe; we never receive or store your full card number.
• Technical data — standard server logs (e.g. IP address, timestamps) used for security and reliability.

2. How we use your information

• To provide, operate and secure the Service and your account.
• To generate the documents you request through the AI tools.
• To process subscriptions, payments and entitlements.
• To send service and account communications (e.g. login links, receipts, important notices).
• To monitor reliability, prevent abuse, and improve the Service.

We do not sell your personal information, and we do not display third-party advertising.

3. How we store and protect it

Your account data is stored in a managed PostgreSQL database (Supabase) hosted in the Sydney, Australia region. Access is restricted by row-level security so each user can access only their own records. Data is encrypted in transit. Further detail is in our Security & Data Protection page.

4. Service providers and disclosure

We share information only with the service providers needed to run the platform, and only as far as required:

• Stripe — payment processing.
• Anthropic (Claude AI) — processes the content you submit to the AI tools to generate output. API inputs are not used to train AI models.
• Supabase — database and authentication.
• Vercel — application hosting.
• Zoho Mail / Resend — email delivery.
• Upstash — rate-limiting and abuse protection.

We may also disclose information where required by law.

5. Overseas disclosure

Some of the providers above process data outside Australia (for example, AI processing and parts of our hosting). Where personal information is disclosed overseas, we take reasonable steps consistent with APP 8 to ensure it is handled appropriately.

6. Cookies and sessions

We use a secure browser session token to keep you signed in. We do not use third-party advertising or tracking cookies.

7. Data retention

We retain your account and content data for as long as your account is active, and for a reasonable period afterwards as needed for legal, accounting and security purposes. You can request deletion (see below).

8. Your rights

Under the Privacy Act you may request access to, or correction of, the personal information we hold about you, and you may request deletion of your account. To make a request, contact us at the address below. If you have a privacy concern you may also contact the Office of the Australian Information Commissioner (OAIC).

9. Children

The Service is intended for businesses and is not directed at anyone under 18.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified through the Service or by email, and the "last updated" date above will change.

11. Contact

Privacy questions or requests: hello@nexxtsitemanager.com.au.