Privacy Policy
This Privacy Policy explains how Nexxt Nest Group Pty Ltd ("Nexxt Site Manager", "we", "us") collects, uses, stores, discloses and protects your personal information when you use the Nexxt Site Manager platform at nexxtsitemanager.com.au (the "Service"). We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information we collect
We collect only what the Service needs to function:
- Account information — your email address, and the builder profile you choose to provide: company / trading name, authorised representative name, ABN, VBA builder licence number, and phone number.
- Content you submit — the project details, descriptions and files you enter into the AI tools to generate documents.
- Usage data — records of which tools you use and when, for billing, quota and product-improvement purposes.
- Billing information — subscription and payment records. Card details are handled entirely by Stripe; we never receive or store your full card number.
- Technical data — standard server logs (e.g. IP address, timestamps) used for security and reliability.
2. How we use your information
- To provide, operate and secure the Service and your account.
- To generate the documents you request through the AI tools.
- To process subscriptions, payments and entitlements.
- To send service and account communications (e.g. login links, receipts, important notices).
- To monitor reliability, prevent abuse, and improve the Service.
We do not sell your personal information, and we do not display third-party advertising.
3. How we store and protect it
Your account data is stored in a managed PostgreSQL database (Supabase) hosted in
the Seoul, South Korea region (Amazon Web Services ap-northeast-2).
Access is restricted by row-level security so each user can access only their own records.
Data is encrypted in transit. Because this location is outside Australia, see
section 5 (Overseas disclosure) for how we handle it under APP 8.
Further detail is in our Security & Data Protection page.
4. Service providers and disclosure
We share information only with the service providers needed to run the platform, and only as far as required:
- Stripe — payment processing.
- Anthropic (Claude AI) — processes the content you submit to the AI tools to generate output. API inputs are not used to train AI models.
- Supabase — database and authentication.
- Vercel — application hosting.
- Zoho Mail / Resend — email delivery.
- Upstash — rate-limiting and abuse protection.
We may also disclose information where required by law.
5. Overseas disclosure
Your account data — including builder profile details (company or trading name,
authorised representative name, ABN, VBA builder licence number and phone number),
project information such as site addresses, and any files you upload such as defect
photographs (which may include images of people) — is stored on our database
provider's infrastructure located in Seoul, South Korea (Supabase, on
Amazon Web Services region ap-northeast-2). Holding this data offshore is an
overseas disclosure for the purposes of Australian Privacy Principle 8.
Some other providers also process limited data outside Australia, primarily in the United States — for example Anthropic (AI processing of content you submit), Stripe (payment processing), and our application-hosting, email and rate-limiting providers.
Where personal information is disclosed overseas we take reasonable steps under APP 8 to ensure it is handled consistently with the Australian Privacy Principles. These steps include selecting established providers that publish their own data-processing and security terms, encryption of data in transit, and row-level access controls that limit each record to its owner. We remain accountable under the Privacy Act 1988 (Cth) for the personal information we entrust to these providers.
6. Cookies and sessions
We use a secure browser session token to keep you signed in. We do not use third-party advertising or tracking cookies.
7. Data retention
We retain your account and content data for as long as your account is active, and for a reasonable period afterwards as needed for legal, accounting and security purposes. You can request deletion (see below).
8. Your rights
Under the Privacy Act you may request access to, or correction of, the personal information we hold about you, and you may request deletion of your account. To make a request, contact us at the address below. If you have a privacy concern you may also contact the Office of the Australian Information Commissioner (OAIC).
9. Children
The Service is intended for businesses and is not directed at anyone under 18.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified through the Service or by email, and the "last updated" date above will change.
11. Contact
Privacy questions or requests: hello@nexxtsitemanager.com.au.