Privacy Policy

1. Introduction

NXT Automation ("we," "our," or "us") is a service-based AI automation agency that provides done-for-you automation solutions for businesses. We design, implement, and manage custom automation systems tailored to your specific operational needs.

This Privacy Policy explains how we collect, use, protect, and handle information when delivering our automation services to you. By engaging our services, you agree to the practices described in this policy.

2. Our Services

NXT Automation operates as a professional services provider, not a self-serve software platform. We work directly with clients to:

• Analyze and understand your business processes
• Design custom automation solutions using AI and integration technologies
• Implement and configure automation workflows
• Monitor, maintain, and optimize automated systems
• Provide ongoing support and consultation

Our approach is collaborative and hands-on, requiring access to certain business information to deliver effective automation solutions.

3. Information We Collect

3.1 Client Contact and Business Information

To establish and maintain our service relationship, we collect:

• Contact Information: Names, email addresses, phone numbers, job titles, and company details of authorized representatives
• Business Context: Industry, company size, organizational structure as relevant to automation design
• Communication Records: Correspondence, meeting notes, and project documentation related to service delivery

3.2 Business Process and Operational Data

To design and implement automation solutions, you share with us:

• Process Information: Descriptions of workflows, business rules, operational procedures, and requirements
• System Data: Information about tools, applications, and platforms you use that will be integrated
• Sample Data: Representative datasets, templates, or examples needed to configure and test automations (we minimize collection of sensitive personal data)
• Credentials and Access: API keys, authentication tokens, or limited account access necessary to implement and operate automation systems on your behalf

3.3 Technical and Performance Data

While operating your automation systems, we collect:

• System Logs: Automation execution records, error logs, and performance metrics
• Usage Information: How automations are being used, frequency of operations, and system health indicators
• Support Data: Technical information related to troubleshooting and optimization requests

4. How We Use Your Information

We use the information you provide exclusively for service delivery purposes:

4.1 Automation Design and Implementation

• Understanding your business requirements and processes
• Designing custom automation workflows tailored to your needs
• Configuring integrations between your systems and tools
• Testing and validating automation functionality

4.2 Service Operations and Monitoring

• Operating and executing automation workflows on your behalf
• Monitoring system performance and reliability
• Identifying and resolving technical issues
• Ensuring automations continue to function as intended

4.3 Support and Optimization

• Responding to your support requests and technical inquiries
• Providing recommendations for improving automation efficiency
• Updating and maintaining your automation systems
• Training your team on automation usage when applicable

4.4 Communication and Project Management

• Coordinating project timelines and deliverables
• Sending service updates, maintenance notifications, and status reports
• Managing billing and contractual matters

5. Data Sharing and Third-Party Tools

NXT Automation leverages various technologies and platforms to deliver automation services. We maintain strict control over how your data is handled.

5.1 Third-Party Service Providers

We use carefully selected technology providers as part of our service delivery infrastructure:

• AI and Automation Platforms: We utilize AI models (such as OpenAI, Anthropic, Google) and automation platforms (such as Make, Zapier, n8n) as tools in building your solutions. These providers process data only as necessary to execute the automation functions we design for you.
• Cloud Infrastructure: Hosting and computing services (AWS, Google Cloud, or similar) provide the infrastructure on which your automations run.
• Integration Services: Platforms that facilitate connections between your business applications.
• Communication Tools: Email and messaging services used for client communication and system notifications.

5.2 Confidentiality and Access Controls

When using third-party tools:

• We select providers with strong security and privacy practices
• We configure tools to minimize data exposure and maintain confidentiality
• We use service-level configurations that restrict data access to what's necessary for automation functionality
• We limit our own team access to information on a need-to-know basis
• All team members are bound by confidentiality obligations

5.3 Client-Controlled Integrations

Many automations involve direct integrations between your own systems (e.g., your CRM, email platform, databases). In these cases:

• Data flows directly between your connected services
• We configure and manage the integration logic but may not store the underlying data
• You retain control over your system credentials and can revoke access at any time

5.4 Legal and Compliance Disclosures

We may disclose information only when:

• Required by law, court order, or government authority
• Necessary to protect our legal rights or defend against claims
• Needed to address suspected fraud, security threats, or violations of our terms
• You provide explicit consent for a specific disclosure

6. Data Security and Protection

We take data protection seriously and implement multiple layers of security:

6.1 Technical Security Measures

• Encryption: Data in transit is protected with TLS encryption; sensitive data at rest is encrypted using industry-standard methods
• Access Controls: Multi-factor authentication, role-based access, and principle of least privilege for our team
• Secure Infrastructure: Use of reputable cloud providers with robust security certifications
• Credential Management: API keys and authentication credentials are stored securely using encrypted vaults
• Network Security: Firewalls, VPNs, and monitoring to protect against unauthorized access

6.2 Operational Security Practices

• Team Training: Our staff receives regular training on data protection and security best practices
• Confidentiality Agreements: All team members sign confidentiality and non-disclosure agreements
• Monitoring and Logging: System activity is monitored for suspicious behavior and security incidents
• Incident Response: We maintain procedures for responding to and reporting security incidents
• Regular Reviews: Security practices are reviewed and updated to address emerging threats

6.3 Physical Security

• Team members work in secure environments
• Cloud infrastructure is hosted in certified data centers with physical security controls

Important: While we implement strong security measures, no system can be guaranteed 100% secure. We continuously work to minimize risks, but cannot eliminate them entirely.

7. Data Retention

We retain your information as follows:

7.1 During Active Engagement

While we are actively providing services to you, we retain all data necessary for:

• Operating your automation systems
• Providing support and maintenance
• Maintaining service continuity

7.2 After Service Conclusion

When our engagement ends:

• Automation Systems: We work with you to transfer or decommission automation systems according to your instructions
• Project Records: We retain project documentation and business records as required for legal, accounting, and contractual purposes (typically 3-7 years depending on jurisdiction)
• Technical Data: System logs and operational data may be retained for a limited period (usually 90 days) after service conclusion, then deleted
• Credentials: Access credentials and API keys are revoked and deleted when no longer needed

7.3 Data Deletion Requests

You may request deletion of your data at any time, subject to:

• Completing any ongoing service obligations
• Retaining records required by law or contractual obligations
• Anonymizing data where complete deletion is not feasible

8. Your Rights

As our client, you have significant control over your information:

8.1 Access and Transparency

• Request information about what data we hold about your organization
• Receive explanations of how we use your data in our services
• Review project documentation and records

8.2 Correction and Updates

• Update your contact information and business details
• Correct any inaccurate information we hold
• Request updates to automation configurations based on changed requirements

8.3 Access Revocation

• Revoke API access or credentials we use to operate automation systems
• Request disconnection of specific integrations
• Terminate services according to your service agreement

8.4 Data Portability

• Request copies of automation configurations and workflows
• Export project documentation and technical specifications
• Receive data in commonly used formats where applicable

8.5 Complaints and Concerns

• Raise privacy or security concerns directly with our team
• Lodge complaints with relevant data protection authorities in your jurisdiction

To exercise any of these rights, contact us at contact@nxtautomation.online

9. Compliance and Legal Obligations

9.1 Regulatory Awareness

We are aware of and respect data protection regulations that may apply to our services, including:

• GDPR: When serving clients in the European Union
• CCPA/CPRA: When serving clients in California
• Other Regional Laws: Data protection laws specific to your jurisdiction

Our practices are designed to align with these regulatory principles, though specific compliance requirements depend on your location and the nature of your business.

9.2 Data Processing Agreements

For clients subject to GDPR or similar regulations, we can enter into Data Processing Agreements (DPAs) that formalize:

• Our role as a data processor or service provider
• Your role as data controller
• Specific security and compliance obligations
• Sub-processor arrangements
• Data subject rights procedures

9.3 Industry-Specific Considerations

If your business operates in a regulated industry (healthcare, finance, etc.), please inform us so we can:

• Understand applicable compliance requirements
• Implement appropriate additional safeguards
• Configure automation solutions to meet regulatory standards
• Document compliance measures as needed

9.4 International Data Transfers

Our services may involve data processing across different geographic locations:

• We use cloud infrastructure that may be located in various regions
• Where required, we implement appropriate safeguards for international data transfers (such as Standard Contractual Clauses)
• We can discuss data residency preferences during service setup

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify active clients via email
• For significant changes, we will provide a summary of what has changed

We encourage you to review this policy periodically. Continued use of our services after changes indicates acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your information:

By engaging NXT Automation's services, you acknowledge that you have read and understood this Privacy Policy. We appreciate your trust in us to handle your business information with the utmost care and professionalism.