Privacy Policy

Nexus ERP (“the Service”) is operated by Rivant Media Solutions Pvt. Ltd. with CIN: U73100MH2024PTC424547 (“we”, “us”, “our”). This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it. We are the data controller for information you provide directly to us about your account and your use of the Service.

• Account information. Name, email address, profile photo, organization details, and authentication identifiers (e.g. Google account ID when you sign in with Google).
• Workspace content. Tasks, projects, leads, contacts, files, messages, invoices, and any other content you or your team create or upload.
• Usage data. Device and browser information, IP address, pages visited, actions taken, timestamps, and approximate geolocation derived from IP.
• Payment information. Billing address and the last four digits of your card. Full payment details are processed by Razorpay; we never see or store your full card number.
• Communications. Emails, in-app messages, and support requests you send us.

• To provide, operate, secure, and improve the Service.
• To authenticate users, prevent fraud, and detect abuse.
• To process payments and manage subscriptions.
• To send service notifications (billing, security, downtime, product updates).
• With your consent, to send marketing emails - you can unsubscribe at any time.
• To comply with legal obligations and respond to lawful requests.

Where applicable, we process personal data on the following legal bases:

• Contract. To deliver the Service you signed up for.
• Legitimate interests. To secure our infrastructure, prevent abuse, and improve the Service.
• Consent. For marketing communications and optional analytics.
• Legal obligation. Tax, accounting, and lawful disclosure requirements.

We do not sell your personal data. We share data only as follows:

• Service providers (data processors). Hosting, email delivery (AWS SES), file storage (Cloudinary, UploadThing), payment processing (Razorpay), messaging (WhatsApp Business, Telegram). All processors are bound by data-processing agreements and may only use your data to provide their service to us.
• Within your workspace. Other members of an organization you join can see content you contribute, in line with the role and permissions assigned to them.
• Legal disclosures. When required by law, court order, or to protect the rights, property, or safety of users, the public, or us.
• Business transfers. In connection with a merger, acquisition, or sale of assets, with notice to affected users.

We host your data on secure cloud infrastructure with encryption in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel and audited. While no system is perfectly secure, we apply industry-standard administrative, technical, and physical safeguards to protect your information.

We use a minimal set of cookies:

• Essential. Authentication, session management, CSRF protection. Required for the Service to function.
• Preferences. Theme, language, and UI state.
• Analytics. Aggregated usage measurement to improve the product. Where required by law, these are loaded only with your consent.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data (subject to legal retention obligations).
• Export your data in a portable format.
• Restrict or object to certain processing.
• Withdraw consent for processing based on consent.
• Lodge a complaint with your local data protection authority.

Most of these are self-service from Dashboard → Settings. For anything else, email support@nexuserp.dev.

While your account is active, we retain your data for as long as it is needed to provide the Service. After cancellation, Your Content remains exportable for 30 days and is then permanently deleted from our active systems. Backups are rotated out within 90 days. We may retain limited records longer where required by law (e.g. tax, fraud prevention).

Your data may be processed in countries other than the one you live in. Where we transfer personal data internationally, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions.

The Service is not directed to children under 18 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. For material changes we will notify you by email or in-app notice. The “Last updated” date at the top of this page reflects the latest revision.

Privacy questions, data requests, or concerns? Reach us at support@nexuserp.dev.

For information about our terms of service, see our Terms of Service. For refund-related questions, see our Refund Policy.