Privacy Policy
Last updated: May 13, 2026
At Nexara (operated by MrVampCruz | Altaaf Hamod), we are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our platform.
1. Information We Collect
We collect information you provide directly when you register for Nexara (your name, email address, password hash, role, company or workspace details, optional department assignment, and assigned access groups) and when you use the platform — including the company, stakeholder, client, bank account and signatory records you create, KYC documents you upload, custom form fields configured for your workspace, brand assets (logo, brand name, website URL) where applicable, billing address, the saved payment-method reference returned by our payment processor, and any data you submit through the Contact Form (name, email, optional subject, and message). We also collect information automatically when you use the platform, including usage data, audit log entries, IP addresses, and device and browser information. Specific details about Contact Form data collection are described in the next section.
2. Contact Form Submissions
When you submit a message through our Contact Form, we receive the fields you fill in (name, email, optional subject, and message) together with technical metadata about your request. This metadata includes browser data — your user agent, browser language and additional preferred languages, operating system platform, cookie-enabled and online status, hardware concurrency (number of logical CPU cores), reported device memory, maximum touch points, screen and available screen dimensions, color depth, device pixel ratio, viewport size, IANA timezone, timezone offset, locale, network connection details (effective type, downlink speed, round-trip time, and data-saver mode where exposed by your browser), the page URL of the Contact page, and the document referrer if any — and server-side request data — your IP address, user-agent, accept-language and accept-encoding headers, the referer and origin of the request, and, when the request is routed through Cloudflare, the country code (cf-ipcountry) and Cloudflare request identifier (cf-ray). This information is included in the notification email delivered to our team and is used solely to respond to your enquiry, prevent spam and abuse, and diagnose technical issues. It is not used for advertising or profiling, and is not shared with third parties beyond the email infrastructure used to deliver the message.
3. KYC Documents & Third-Party Personal Data
When you use Nexara to manage stakeholders (shareholders, directors, secretaries, beneficial owners) and clients (individual or corporate), you may upload personal data about those individuals — including names, contact details, share counts and percentages, identification numbers, KYC documents (passports, IDs, proofs of address, etc.), and signatory information for bank accounts. You are the data controller for this third-party personal data; Nexara processes it on your behalf as a data processor for the purpose of providing the service. You confirm that you have a lawful basis to upload and process this data, including any consent required from the data subjects.
4. Subscription, Billing & Payment Information
For paid plans, we collect billing details (your billing address and the company name on the invoice) and a payment-method reference returned by our third-party payment processor. We do not store full payment card numbers, CVV codes, or bank account credentials on our servers — those are tokenised and held by the payment processor. We retain a record of orders, invoices, plan changes, and renewal events for accounting, tax, and audit purposes. Cancellation requests are recorded together with the cancellation effective date.
5. How We Use Your Information
We use the information we collect to provide, maintain, and improve our services; enforce subscription quotas and feature gates; process transactions and renewals; send administrative notifications (welcome emails, password reset emails, invoice and renewal notices, plan change confirmations, and notifications when your company's name or website URL changes); respond to comments, questions, and Contact Form submissions; and monitor and analyse usage patterns to improve the platform and its security.
6. Audit Logs
Every mutation in Nexara — creates, updates, deletes, logins, logouts, exports, approvals, rejections, password resets, plan changes — is recorded in an immutable audit log together with the actor, timestamp, severity, category, and IP address. The IP address is collected for security, abuse-prevention, and compliance purposes. Audit entries cannot be edited; only Super Admins may delete entries, and any deletion is itself recorded. Audit logs are retained subject to your subscription plan's per-company rolling cap.
7. Data Storage & Security
Your data is stored on secure servers and we implement industry-standard security measures including encryption in transit (TLS) and at rest, hashed passwords, and JWT-based session tokens delivered as httpOnly cookies. We retain your data for as long as your account is active or as needed to provide services and to comply with our legal obligations. Contact Form submissions are retained as long as needed to respond to your enquiry and for legitimate record-keeping, abuse-prevention, and legal purposes.
8. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share anonymised, aggregated data for analytical purposes. We may share information with service providers who assist in operating our platform — including the third-party payment processor used to handle subscription billing, email delivery providers used to send transactional and Contact Form notifications, file-storage providers used to host KYC documents and brand assets, and Cloudflare for network protection — provided they agree to keep this information confidential and use it only for the contracted purpose.
9. Cookies
Nexara uses cookies strictly for authentication, session management, and remembering your light/dark theme preference (stored locally as "nexara-theme"). We do not use tracking or advertising cookies. You may disable cookies in your browser settings, but this will affect your ability to sign in to the platform.
10. Your Rights
You have the right to access, correct, export, or delete your personal data at any time, including data submitted through the Contact Form and data uploaded about your stakeholders or clients. You may also request data portability — Nexara provides built-in CSV export for clients and stakeholders, and additional exports on request — or object to certain processing activities. Audit log entries are retained for compliance and security and may not be erased except as part of a full account deletion. To exercise your rights, contact us at altaaf@mrvampcruz.com.
11. Third-Party Links
Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.
12. Children's Privacy
Nexara is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by placing a prominent notice on our website. Your continued use of Nexara after such notice constitutes acceptance of the updated policy.
14. Contact
If you have any questions about this Privacy Policy, please contact us at altaaf@mrvampcruz.com or through the Contact page.