This Privacy Policy explains how Nexavorix ("we", "us") collects, uses, and shares information when you visit our website or use our software-as-a-service platform (the "Service"). By using the Service you agree to this Policy.
The two roles your data plays
It helps to separate two kinds of data we handle differently:
- Account & usage data — information about you as a Nexavorix customer (your email, your billing details, how you use the product). For this data we are the data controller.
- Customer Data you upload — donor records, test forms, appointment notes, invoices, and similar data your workspace contains. You decide what goes in. For this data we are a processor acting on your behalf; the data subjects' relationship is with you, not us.
Information we collect
You give us directly:
- Account info — name, email, password (stored as a one-way bcrypt hash), workspace name.
- Billing info — handled by Stripe, Inc.; we do not see or store your full card number. We retain the last four digits, card brand, and Stripe customer/subscription identifiers.
- Customer Data — anything you upload to your workspace.
- Communications — emails or messages you send us.
Collected automatically when you use the Service:
- Log data — IP address, browser type, pages visited, timestamps, referring URLs.
- Cookies and session identifiers (see "Cookies" below).
- Activity events within your workspace (who created/edited what), used for the audit trail.
From third parties:
- Stripe sends us subscription, payment, and webhook events related to your account.
How we use it
- To provide, operate, and maintain the Service.
- To process payments and manage subscriptions.
- To communicate with you about your account, billing, security, and product updates.
- To prevent abuse, troubleshoot, and improve the Service.
- To comply with legal obligations.
We do not sell your data and we do not use Customer Data (the records inside your workspace) to train AI models or for advertising.
Sharing
We share information only where necessary:
- Service providers / sub-processors we rely on to run the Service:
- Stripe, Inc. — payment processing
- Hostinger International, Ltd. — hosting and database
- Google LLC — fonts (CSS only, no account-level data is sent)
Each is contractually required to use data only to provide their service to us.
- Within your workspace — Customer Data is shared with the users you invite, according to their assigned role.
- Legal compliance — we may disclose information if required by law, subpoena, or court order, or to protect our rights, users, or the public.
- Business transfers — if Nexavorix is merged, acquired, or sells substantially all of its assets, your information may transfer to the successor, subject to this Policy.
Drug-testing data and confidentiality
Drug and alcohol testing records are subject to confidentiality requirements under 49 CFR Part 40, the Americans with Disabilities Act, and applicable state law. As the workspace owner, you are responsible for limiting access to authorized parties (Designated Employer Representative, Medical Review Officer, donor, or as required by law) and for retention practices. The Service offers role-based access, audit logging, and tenant isolation to help you meet these obligations, but you remain the controller of donor data.
Security
We use industry-standard practices to protect data:
- HTTPS/TLS encryption for data in transit.
- bcrypt password hashing.
- Tenant isolation — every database query is scoped by tenant ID.
- Role-based access (owner / admin / staff / viewer).
- Activity event log for audit purposes.
No system is perfectly secure. If you become aware of a vulnerability, please notify us at info@nexavorix.pro.
Data retention
We keep your account information and Customer Data for as long as your subscription is active. After cancellation we retain Customer Data for at least 30 days, during which you may export it. After that we may permanently delete it. Backups may persist for a limited additional period.
You may request deletion of your account and associated data by emailing info@nexavorix.pro. Some records (billing, tax, audit logs) may be retained for legal and regulatory purposes.
Your rights
Depending on where you live, you may have rights to:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Request deletion of your information;
- Object to or restrict certain processing;
- Receive a copy of your data in a portable format;
- Lodge a complaint with a supervisory authority.
For Customer Data inside a workspace, please direct your request to the workspace owner; we will assist them in fulfilling it.
Cookies
We use a small number of cookies, all strictly necessary:
- Session cookie (
NXSESS) — keeps you signed in. HttpOnly and Secure.
- Stripe cookies — set on the Stripe Checkout page when you subscribe; governed by Stripe's privacy policy.
- Local storage — your workspace stores a working copy of your data in your browser for offline-friendly use; cleared when you sign out.
We do not use third-party advertising or analytics cookies.
Children
The Service is intended for businesses and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
International users
The Service is hosted in the United States. If you access it from elsewhere, your information will be transferred to and processed in the U.S.
Changes to this Policy
We may update this Policy from time to time. Material changes will be notified by email or through the Service at least 14 days in advance. The "Last updated" date at the top of this page reflects the most recent change.
Contact
Privacy questions or requests: info@nexavorix.pro.