Privacy Policy

Version 2.0 — Effective 2026-06-15

In short: NXTN is a queue and customer-engagement platform operated by NXTN Solutions LLC. Businesses that use NXTN (our "tenants") control their own customers' personal data, and NXTN processes that data on their behalf to deliver the service. We do not sell personal data. For any privacy question or request, contact us at contact@nxtn.me.

Contents

Who We Are (Data Controller)
Controller vs Processor
Information We Collect
How We Use It
WhatsApp / Meta Data
Legal Bases (GDPR)
Data Sharing & Third-Party Processors
International Data Transfers
Automated Decision-Making & Profiling
Data Retention
Your Privacy Rights
Your Choices / Marketing Opt-Out
Security
Data Breach Notification
Children's Privacy
Cookies
Changes to This Policy
Contact & Data Requests

1. Who We Are (Data Controller)

The NXTN platform is operated by NXTN Solutions LLC, a limited liability company organized under the laws of the State of Delaware, United States ("NXTN," "we," "us," or "our").

Principal business address: 2093 Philadelphia Pike, #4204, Claymont, New Castle County, DE 19703, United States
MENA / GCC operations: Kuwait City, Kuwait
Email: contact@nxtn.me
Phone: +1 302 276 8413
Website: https://nxtn.me

2. Controller vs Processor

For the personal data of a tenant's end-customers (for example, the people who join a queue or interact with a business over WhatsApp), the tenant — the business using NXTN — is the data controller, and NXTN Solutions LLC acts as the processor, processing that data only on the tenant's documented instructions to provide the service.

For tenant account and platform data (business registration details, staff accounts, billing information, and how tenants use the platform), NXTN Solutions LLC is the data controller.

3. Information We Collect

The categories of personal data processed through the platform are summarized below.

Category	What it includes	Purpose	Retention
Identifiers	Name, phone number, WhatsApp profile, optional email	Identify and contact the customer to deliver the service	For the duration of the service relationship, then deleted or anonymized
Customer identity	BSUID / whatsapp_user_id, when WhatsApp provides it	Match a customer to their interactions across sessions	For the duration of the service relationship
Commercial activity	Queue, booking, order, and credit records	Operate queues, bookings, and tenant analytics	As required by the tenant and applicable law
Electronic & message data	Message content processed via the platform	Send and route WhatsApp service messages	For the duration of the service relationship
Internet/device & cookies	Essential session/security cookies, basic device metadata	Keep the portal secure and functioning	Session-based; security logs kept for a limited period
Coarse location	Country/region inferred from phone number	Localize service and ensure regional compliance	For the duration of the service relationship
Inferences	Guest-intelligence tags and segments	Help tenants understand and serve their customers	Until the tenant deletes them or the relationship ends

4. How We Use It

Operate the service — run queues, bookings, orders, and the customer portal
Send WhatsApp service notifications related to the service the customer requested
Provide analytics to the tenant about their own customers and operations
Improve the platform's reliability, security, and features
Comply with legal obligations and respond to lawful requests

5. WhatsApp / Meta Data

NXTN operates over Meta's WhatsApp Business Platform (Cloud API). When you message a business through WhatsApp, your data flows through Meta's infrastructure under Meta's terms before it reaches the platform. Your WhatsApp interactions are therefore also subject to Meta's Privacy Policy, in addition to this Policy.

6. Legal Bases (GDPR)

Where the GDPR applies, we rely on the following legal bases for processing personal data:

Performance of a contract — to provide the service requested by the tenant or customer
Legitimate interests — to secure, maintain, and improve the platform
Consent — for promotional messages and other optional processing
Legal obligation — to comply with applicable laws

For customers in the GCC and the United States, processing is grounded in consent and contractual necessity.

7. Data Sharing & Third-Party Processors

We share personal data only with the service providers needed to operate the platform, and with the tenants whose customers the data belongs to. These include:

Meta / WhatsApp — message delivery via the WhatsApp Business Platform
DigitalOcean (Frankfurt, Germany — EU hosting) — cloud infrastructure and storage
Resend — transactional email delivery
Payment processors (Tap / Stripe — when billing launches) — processing of payments
Tenants — businesses access the data of their own customers only

We do NOT sell personal data, and we do NOT share it for cross-context behavioral advertising.

8. International Data Transfers

Platform data is hosted in Frankfurt, Germany (EU). Transfers of personal data out of the EU/UK rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards.

For customers in the GCC, cross-border transfers of personal data are disclosed to you and processed with your consent, in accordance with the laws of Kuwait, the UAE (Federal Decree-Law No. 45 of 2021), and Saudi Arabia (Personal Data Protection Law, PDPL).

9. Automated Decision-Making & Profiling

We use limited automated processing to power service features such as guest-intelligence tags, segments, and churn signals. We do NOT make solely-automated decisions that produce legal or similarly significant effects on you. Where the GDPR applies, you have the right to object to such processing.

10. Data Retention

Personal data is retained for the duration of the service or as legally required
Unrouted cold contacts are purged on a rolling 30-day window
We delete or anonymize personal data on request, subject to legal retention obligations

11. Your Privacy Rights

Your rights depend on where you live. Below we summarize them by region.

11A. United States (CCPA / CPRA)

If you are a California resident (and where similar US state laws apply), you have the right to:

Know and access the personal information we hold about you
Delete your personal information
Correct inaccurate personal information
Opt out of the sale or sharing of personal information (note: we do not sell personal data)
Limit the use of sensitive personal information
Non-discrimination for exercising your rights

We honor requests made by authorized agents, and we verify your identity before fulfilling a request.

11B. EU & UK (GDPR / UK GDPR)

If you are in the EU or UK, you have the right to:

Access, rectification, and erasure of your personal data
Restriction of processing and data portability
Object to processing, including profiling
Withdraw consent at any time
Complain to your local Data Protection Authority (DPA), or the UK ICO

Where NXTN acts as a processor on behalf of a tenant, we forward your request to the relevant tenant-controller.

11C. GCC (Kuwait / UAE / Saudi Arabia)

If you are in the GCC, you have the right to access, correct, and delete your personal data, and to withdraw consent.

You may complain to your regulator: CITRA (Kuwait), the UAE Data Office, or SDAIA (Saudi Arabia).

12. Your Choices / Marketing Opt-Out

You can opt out of non-essential or promotional messages at any time. Please note that WhatsApp service messages are tied to the specific service you requested and are not marketing — they are necessary to deliver that service.

13. Security

Database-per-tenant isolation, so one tenant's data is separated from another's
Encryption in transit and at rest
Role-based access controls
Audit logging

14. Data Breach Notification

In the event of a personal data breach, we will notify affected users and the relevant authorities without undue delay — and, where the GDPR applies, within 72 hours of becoming aware of a qualifying breach.

15. Children's Privacy

The service is not directed to children below the applicable age in each jurisdiction, and we do not knowingly collect personal data from them. If you believe we have inadvertently collected data from a child, please contact us so we can delete it.

16. Cookies

The customer portal uses only essential session and security cookies needed to keep it working and secure. We do NOT use third-party advertising cookies.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will communicate material changes through the platform or via email. Your continued use of the service after changes take effect constitutes acceptance of the updated Policy.

18. Contact & Data Requests

NXTN Solutions LLC
2093 Philadelphia Pike, #4204, Claymont, New Castle County, DE 19703, United States
Email: contact@nxtn.me
Phone: +1 302 276 8413

Wherever you are located, you can submit privacy and data requests to contact@nxtn.me. We verify your identity before acting on a request, and we respond within 30 days or within the period required by your local law.