Legal

Privacy Policy

Effective date: May 26, 2026 ·  Last updated: May 26, 2026

Overview

NexStock ("we", "our", or "us") is an inventory management platform built by Kutullo Innocent Moropane, based in South Africa. We are committed to protecting your personal information and being transparent about what we collect and why.

This Privacy Policy explains how we collect, use, store, share, and protect information about you when you use NexStock. By creating an account or using our services, you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us to delete your data.

Data We Collect

We collect only the data necessary to provide and improve NexStock. We do not sell your data.

Account Information

When you register, we collect your name, email address, organization name, and a hashed password (using bcrypt). If you invite team members, we collect their email addresses to send invitations.

Usage Data

We collect information about how you use NexStock: pages visited, features used, actions performed (creating products, orders, suppliers), and error events. This data helps us improve reliability and identify problems. Usage data is associated with your account and organization.

Business Data

NexStock stores the inventory, order, supplier, customer, and warehouse data you enter. This is your data — you own it entirely. We process it solely to operate the service on your behalf.

Billing Information

Billing is handled by Lemon Squeezy, our payment processor. We do not store credit card numbers or full payment details. We receive a billing record (plan type, subscription status, customer ID) from Lemon Squeezy to manage your subscription.

Device & Log Data

Our servers automatically log IP addresses, browser type, operating system, referring URLs, and request timestamps for security monitoring, debugging, and abuse prevention.

How We Use Your Data

  • Service delivery: To operate your account, process your data, authenticate your sessions, and provide all NexStock features.
  • Security: To detect fraud, unauthorized access, and abuse. Log data is retained for security auditing.
  • Product improvement: Aggregated, anonymized usage data helps us prioritize features and fix bugs.
  • Communications: To send transactional emails (account confirmation, password reset, OTP codes, billing receipts) via Resend. We may also send product updates — you can unsubscribe at any time.
  • Legal compliance: To comply with applicable laws, including tax, financial record-keeping, and regulatory requirements.

Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following third-party service providers who process data on our behalf under strict data processing agreements:

ProviderPurposeData shared
Lemon SqueezyPayment processing & subscription billingName, email, billing address
ResendTransactional email deliveryEmail address, email content
Cloud hosting providerInfrastructure & database hostingAll account and business data (encrypted at rest)

We may also disclose information when required by law, court order, or to protect the rights and safety of NexStock, our users, or the public.

Data Retention

We retain your data for as long as your account is active. Specifically:

  • ·Active accounts: All account and business data is retained while your account is active and your subscription is in good standing.
  • ·After cancellation: Your data is retained for 30 days after account cancellation to allow you to reactivate or export. After 30 days, all personal data and business data is permanently deleted from our systems.
  • ·Billing records: Billing history may be retained longer where required by tax law (typically 5–7 years depending on jurisdiction).
  • ·Security logs: Server logs are retained for 90 days for security monitoring and then purged.

Your Rights

Depending on your location, you have the following rights regarding your personal data. To exercise any of these, contact us at privacy@nexstock.com.

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data. We will action this within 30 days.
  • Portability: Request your business data (products, orders, suppliers, etc.) in machine-readable format (JSON or CSV).
  • Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any email, or by contacting us.
  • Restrict processing: Request that we restrict the processing of your data in certain circumstances.
  • Object to processing: Object to our processing of your data where we rely on legitimate interests as the legal basis.

Security Measures

We take security seriously and implement industry-standard protections:

  • ·All data is encrypted in transit using TLS 1.3.
  • ·Data at rest is encrypted using AES-256.
  • ·Passwords are hashed using bcrypt with cost factor 12 — we never store plaintext passwords.
  • ·Sessions are managed using short-lived JWT access tokens (15-minute expiry) with rotating refresh tokens.
  • ·Email OTP verification is required for sensitive operations.
  • ·All database queries are parameterized to prevent SQL injection.
  • ·Multi-tenant data is strictly scoped by organizationId — no cross-tenant data access is possible.

For more detail, see our Security page. To report a vulnerability, email security@nexstock.com.

Cookies

We use a minimal set of cookies necessary to operate the service. We do not use third-party tracking or advertising cookies. See our full Cookie Policy for details.

Essential cookies include ih_access_token and ih_refresh_token — both httpOnly and Secure, used solely for authentication.

GDPR & POPIA Compliance

NexStock is committed to compliance with the Protection of Personal Information Act (POPIA) of South Africa and the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.

Our legal bases for processing personal data include: performance of a contract (providing the service you signed up for), legitimate interests (security monitoring, fraud prevention), compliance with legal obligations, and consent (where explicitly obtained, such as marketing emails).

If you are in the EU/EEA and believe your rights have been violated, you have the right to lodge a complaint with your local supervisory authority. South African users may contact the Information Regulator at www.justice.gov.za/inforeg.

Policy Changes

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last updated" date at the top of this page. Continued use of NexStock after notification constitutes acceptance of the revised policy.

Contact Us

For privacy-related inquiries, data requests, or to exercise your rights, contact us at:

NexStock — Privacy

Email: privacy@nexstock.com

We aim to respond to all privacy requests within 5 business days.