Last updated: 15/12/2025
This Privacy Policy explains how Nexo Software LLC (“NEXO”, “we”, “us”, or “our”) collects, uses, and protects personal data when you access or use our website and software platform (the “Services”).
NEXO provides a B2B software platform that enables restaurants and suppliers to receive, process, and structure orders originating from communication channels such as WhatsApp and email.
This Privacy Policy is intended to comply withthe EU General Data Protection Regulation (GDPR) and applicable dataprotection laws.
Legal entity: NexoSoftware LLC
Registered agent: Northwest Registered Agent Service Inc
Registered address: 30 N Gould St Ste N Sheridan, WY 82801United States
Operating regions: EuropeanUnion and United States
Contact email: info@nexoapp.es
NEXO’s Services are intended exclusively for business users.
Our customers are business entities (such as restaurants and suppliers). Individual users (e.g. employees) access the platform on behalf of their employer, with role-based permissions defined by the customer.
NEXO does not knowingly provide services to minors.
Depending on the context, NEXO acts as:
a) Data Processor
When processing personal data contained in messages, emails, orders, or attachments on behalf of our business customers, in accordance with their instructions.
b) Data Controller
When processing personal data necessary to operate our own business, including:Account creation and administrationPlatform security and access controlWebsite communicationsLegal and compliance obligations
Depending on usage of the Services, we may process the following categories of data:
a) Account and Business Information
- Business name, address, VAT/NIF
- Contact person name, email address, phone number
- User credentials (email address and encrypted password)
b) Communication Data
- WhatsApp messages processed via third-party providers
- Emails sent to NEXO for order processing
- Attachments such as PDFs, images, or invoices
c) Order and Operational Data
- Product names, quantities, and related order details
- Order history and timestamps Supplier–restaurant relationships
d) Technical and Usage Data
- Platform logs
- Error and performance data
- Security and access records
Purpose
Providing and operating the Services
Platform security and access control
Customer support and communications
Compliance with legal obligations
Service improvement and reliability
Legal Basis
Contract (Art. 6(1)(b) GDPR)
Legitimate interests (Art. 6(1)(f))
Contract / Legitimate interests
Legal obligation (Art. 6(1)(c))
Legitimate interests
NEXO uses artificial intelligence tools to assist with:
- Parsing unstructured messages into structured orders
- Suggesting missing or inconsistent information
- Supporting data classification and enrichment
These processes are designed to assist users and do not result in fully automated decision-making with legal or similarly significant effects. Orders are subject to human validation before confirmation or ERP integration.
NEXO uses only strictly necessary cookies required for the operation and security of the platform.
We do not use analytics, marketing, or tracking cookies at this time.
As a result, no cookie consent banner is currently required.
We may share personal data with trusted third-party service providers acting as data processors, including:
- Hosting and infrastructure providers (e.g. Vercel)
- Database providers (e.g. Supabase)
- Communication service providers (e.g. Twilio)
- Platform and messaging providers (e.g. WhatsApp / Meta, where applicable)
Such providers process data solely in accordance with our instructions and applicable data protection agreements.
Some service providers are located outside the European Union, including in the United States.
Where personal data is transferred outside the EU, NEXO ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
Personal data is retained only for as long as necessary to:
- Provide the Services
- Fulfil contractual obligations
- Comply with legal requirements
When data is no longer required, it is securely deleted or anonymized.
Where applicable under GDPR, individuals have the right to:
- Access their personal data
- Request rectification or deletion
- Restrict or object to processing
- Request data portability
- Lodge a complaint with a supervisory authority
Requests may be submitted to info@nexoapp.es.
Where NEXO acts as a data processor, such requests should be directed to the relevant customer acting as data controller.
NEXO implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.
We may update this Privacy Policy from time to time. The most current version will always be available on our website, with the “Last updated” date revised accordingly.
For any questions regarding this Privacy Policy or data protection matters, please contact:
info@nexoapp.es
