Legal

Privacy Policy

How Nexa Growth Hub collects, uses, stores, and protects your personal data in accordance with Indian privacy laws, including the Digital Personal Data Protection Act, 2023.

Last updated: 23 May 2026

1. Introduction

This Privacy Policy explains how Nexa Growth Hub ("we", "us", "our") collects, uses, stores, shares, and protects personal data when you visit nexagrowthhub.com, create an account, use our WhatsApp marketing and automation platform (the "Service"), or otherwise interact with us.

We are committed to protecting your privacy and processing personal data in accordance with applicable laws in India, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), as applicable, along with other relevant regulations.

By accessing or using the Service, you acknowledge that you have read this Privacy Policy. Where the law requires consent for specific processing activities, we will obtain your consent separately or as part of signup and cookie choices.

2. Data Fiduciary & Contact Details

For the purposes of the DPDP Act, Nexa Growth Hub acts as a Data Fiduciary with respect to personal data we determine the purpose and means of processing for our website, platform accounts, and direct customer relationships.

Registered / business address: Chennai, Tamil Nadu, India.

General enquiries: contact@nexagrowthhub.com | Phone: +91 9090031523.

3. Information We Collect

We collect personal data that you provide directly, data generated through your use of the Service, and data collected automatically through cookies and similar technologies.

3.1 Account and identity information

  • First name and last name (or full name)
  • Email address (used for login, verification, and communications)
  • Password (stored only as a secure cryptographic hash — we never store plain-text passwords)
  • Company or business name (optional at registration)
  • Profile image, if you choose to upload one or connect via an OAuth provider in the future

3.2 Authentication and session data

  • Session tokens and cookies required to keep you signed in
  • Account identifiers linked to NextAuth / session management
  • Password reset tokens (hashed) and related metadata when you request a password reset

3.3 WhatsApp and messaging data (when you use the Service)

  • WhatsApp Business account identifiers and API credentials you connect
  • Contact lists, conversation content, message metadata (timestamps, delivery status), templates, campaigns, automations, and analytics derived from messaging activity
  • Customer/end-user phone numbers and messages processed through your connected WhatsApp Business API — you act as a Data Fiduciary for your customers' data; we process it on your instructions as a Data Processor where applicable

3.4 Usage and technical information

  • IP address, browser type, device type, operating system, and referring URLs
  • Pages viewed, features used, clicks, and approximate interaction patterns on our website and dashboard
  • Log files, error reports, and security events

3.5 Communications

  • Content of emails we send (e.g. password reset, service notices) and your responses to support requests
  • Records of marketing communications where you have opted in

3.6 Payment information

When paid plans are offered, payment card or UPI details are typically collected and processed directly by our payment gateway partners. We receive limited billing metadata (e.g. transaction ID, plan, billing status) but not full card numbers unless explicitly stated at checkout.

4. Google Analytics

We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC / Google Ireland Limited, to understand how visitors use our marketing website (e.g. traffic sources, page views, and aggregated usage trends).

GA4 may set cookies or use similar technologies and collect information such as your IP address (which may be anonymised depending on configuration), device identifiers, browser information, pages visited, time on site, and general geographic region.

Google may process this data on servers located outside India. Google's use of information is governed by Google's Privacy Policy: https://policies.google.com/privacy. You can learn how Google uses data from sites that use its services: https://policies.google.com/technologies/partner-sites.

You may opt out of GA4 on our site by disabling non-essential cookies through our cookie controls (where available), using the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout, or adjusting your browser settings to block analytics cookies. Essential cookies required for security and login are not disabled by this choice.

5. How We Use Your Information

We use personal data for the following purposes:

  • To create, authenticate, and manage your account
  • To provide, maintain, and improve the WhatsApp automation, campaigns, inbox, integrations, and related features
  • To send transactional emails (e.g. password reset via our email provider Resend)
  • To provide customer support and respond to enquiries
  • To analyse website usage via Google Analytics and improve our marketing site and product
  • To detect, prevent, and address fraud, abuse, security incidents, and technical issues
  • To comply with legal obligations, enforce our Terms of Service, and protect our rights and users
  • With your consent, to send product updates or marketing communications (you may withdraw consent at any time)

6. Lawful Grounds for Processing (India)

Under the DPDP Act and applicable rules, we process personal data based on one or more of the following: your consent; performance of a contract with you (providing the Service you signed up for); compliance with legal obligations; and legitimate uses permitted by law (such as preventing fraud or ensuring network security), where consent is not required.

For WhatsApp end-customer data that you upload or generate through the platform, you are responsible for obtaining valid consent or another lawful basis from those individuals under applicable law.

7. How We Share Information

We do not sell your personal data. We may share personal data with:

  • Service providers (processors) who assist us under contract, including cloud hosting, database providers (PostgreSQL infrastructure), email delivery (Resend), analytics (Google Analytics), and payment processors
  • Meta / WhatsApp and related API partners, to the extent required to deliver WhatsApp Business API functionality you enable
  • CRM, ecommerce, or integration partners you choose to connect
  • Professional advisers (lawyers, auditors) under confidentiality obligations
  • Law enforcement, regulators, courts, or government authorities when required by applicable law or valid legal process
  • Successors in the event of a merger, acquisition, or asset sale, subject to this Privacy Policy

8. International Data Transfers

Your data may be stored or processed in India and, where we or our subprocessors use infrastructure abroad, in other countries. When personal data is transferred outside India, we take steps reasonably required under applicable law, such as contractual safeguards, standard contractual clauses, or ensuring the recipient country is approved or offers adequate protection, as the law may require from time to time.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Account data is generally retained while your account is active and for a reasonable period thereafter (e.g. up to 90 days after deletion request processing, unless a longer period is required by law or for legitimate business purposes such as billing records).

Analytics data in Google Analytics is retained according to our GA4 property settings (you may contact us for current retention periods).

You may request deletion subject to exceptions under law (e.g. ongoing legal claims or statutory record-keeping).

10. Security Measures

We implement reasonable security practices and procedures aligned with industry standards and applicable Indian law, including encryption in transit (HTTPS/TLS), hashed password storage, access controls, and secure development practices.

No method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your login credentials and for activity under your account.

11. Your Rights

Subject to the DPDP Act and other applicable laws, you may have the right to:

  • Confirm whether we process your personal data and access a summary of such data
  • Correct inaccurate or incomplete personal data
  • Erase personal data when no longer necessary or when you withdraw consent (where processing was consent-based), subject to legal exceptions
  • Withdraw consent for processing that relies on consent (without affecting prior lawful processing)
  • Nominate another individual to exercise your rights in the event of death or incapacity, as permitted under the DPDP Act
  • Grievance redressal through our Grievance Officer (see Section 14)

How to exercise your rights

To exercise these rights, email us at contact@nexagrowthhub.com with sufficient detail to verify your identity. We will respond within timelines prescribed under applicable law (including the DPDP Act, when fully in force for your request type).

12. Additional Disclosures (EEA / UK Visitors)

If you access our website from the European Economic Area or United Kingdom, you may have additional rights under GDPR or UK GDPR (access, rectification, erasure, restriction, portability, objection). Our primary establishment for Indian users is India; for cross-border requests we will assess applicable law. Contact contact@nexagrowthhub.com for such requests.

13. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, contact us at contact@nexagrowthhub.com and we will take steps to delete it.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and rules made thereunder, and the DPDP Act requirements for grievance redressal, we have designated a Grievance Officer:

Name / Designation: Grievance Officer, Nexa Growth Hub

Email: contact@nexagrowthhub.com

Address: Chennai, Tamil Nadu, India

Phone: +91 9090031523

We will acknowledge complaints within 24 hours and endeavour to resolve them within 15 days, or within such period as applicable law may prescribe from time to time.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page with an updated "Last updated" date. Material changes may be notified via email or in-app notice where appropriate. Continued use after changes constitutes acceptance where permitted by law.

17. Contact Us

For privacy-related questions, requests, or complaints:

Email: contact@nexagrowthhub.com

Phone: +91 9090031523

Address: Chennai, Tamil Nadu, India