Trust Center

Last updated: 28 June 2026

Builders trust Nexxt Site Manager with real business information. This page summarises who processes your data on our behalf, answers the security questions we hear most, and tells you how to request further detail. For the full picture see our Security & Data Protection and Privacy Policy pages.

Subprocessors

We use a small number of trusted providers to run the Service. Each receives only the data needed for its function.

ProviderPurposeData location
SupabaseManaged PostgreSQL database & authentication (row-level security per account)Seoul, South Korea (AWS ap-northeast-2)
VercelApplication hosting & serverless functionsUnited States
Anthropic (Claude)AI processing of the content you submit, solely to generate your requested outputUnited States
StripePayment processing — card details are handled entirely by Stripe; we never receive or store themUnited States / global

Some of these providers process limited data outside Australia. This is an overseas disclosure under Australian Privacy Principle 8 — see the Privacy Policy for detail.

Security FAQ

Is my data encrypted?

Yes. All traffic between your browser and the Service is encrypted in transit over HTTPS/TLS.

Can other customers see my data?

No. Row-level security is enforced at the database so each account can access only its own records. Internal/operational tables are restricted to server-side access only.

How do I sign in — do you store passwords?

Sign-in is passwordless: a secure, single-use link is sent to your email. We do not store passwords, and sessions use short-lived, auto-refreshing tokens.

Is the content I submit to the AI tools used to train models?

No. Content you submit is processed by our AI provider solely to generate your requested output. API inputs are not used to train AI models.

How are payments handled?

Payments are processed by Stripe. Card details are handled entirely by Stripe — we never receive or store your card number.

Where is my data stored?

Your account data is stored in a managed PostgreSQL database (Supabase) hosted in the Seoul, South Korea region (AWS ap-northeast-2). See the Privacy Policy for how we handle offshore storage under the Australian Privacy Principles.

Request security details

Need a deeper security review — a questionnaire, our subprocessor list in writing, or to report a vulnerability? We welcome good-faith requests and disclosure.

Email: hello@nexxtsitemanager.com.au
Disclosure policy: /.well-known/security.txt · Security & Data Protection

Nexxt Nest Group Pty Ltd · ABN 52 689 862 922 · Melbourne, Victoria, Australia. Operated under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.