Privacy Policy

Last updated: 27 June 2026

This Privacy Policy explains how Nexxt Nest Group Pty Ltd ("Nexxt Site Manager", "we", "us") collects, uses, stores, discloses and protects your personal information when you use the Nexxt Site Manager platform at nexxtsitemanager.com.au (the "Service"). We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information we collect

We collect only what the Service needs to function:

2. How we use your information

We do not sell your personal information, and we do not display third-party advertising.

3. How we store and protect it

Your account data is stored in a managed PostgreSQL database (Supabase) hosted in the Seoul, South Korea region (Amazon Web Services ap-northeast-2). Access is restricted by row-level security so each user can access only their own records. Data is encrypted in transit. Because this location is outside Australia, see section 5 (Overseas disclosure) for how we handle it under APP 8. Further detail is in our Security & Data Protection page.

4. Service providers and disclosure

We share information only with the service providers needed to run the platform, and only as far as required:

We may also disclose information where required by law.

5. Overseas disclosure

Your account data — including builder profile details (company or trading name, authorised representative name, ABN, VBA builder licence number and phone number), project information such as site addresses, and any files you upload such as defect photographs (which may include images of people) — is stored on our database provider's infrastructure located in Seoul, South Korea (Supabase, on Amazon Web Services region ap-northeast-2). Holding this data offshore is an overseas disclosure for the purposes of Australian Privacy Principle 8.

Some other providers also process limited data outside Australia, primarily in the United States — for example Anthropic (AI processing of content you submit), Stripe (payment processing), and our application-hosting, email and rate-limiting providers.

Where personal information is disclosed overseas we take reasonable steps under APP 8 to ensure it is handled consistently with the Australian Privacy Principles. These steps include selecting established providers that publish their own data-processing and security terms, encryption of data in transit, and row-level access controls that limit each record to its owner. We remain accountable under the Privacy Act 1988 (Cth) for the personal information we entrust to these providers.

6. Cookies and sessions

We use a secure browser session token to keep you signed in. We do not use third-party advertising or tracking cookies.

7. Data retention

We retain your account and content data for as long as your account is active, and for a reasonable period afterwards as needed for legal, accounting and security purposes. You can request deletion (see below).

8. Your rights

Under the Privacy Act you may request access to, or correction of, the personal information we hold about you, and you may request deletion of your account. To make a request, contact us at the address below. If you have a privacy concern you may also contact the Office of the Australian Information Commissioner (OAIC).

9. Children

The Service is intended for businesses and is not directed at anyone under 18.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified through the Service or by email, and the "last updated" date above will change.

11. Contact

Privacy questions or requests: hello@nexxtsitemanager.com.au.