Privacy Policy

Last updated: January 2026

This template is provided for website publication and should be reviewed by legal counsel before use.

1. Who we are

NexCode provides enterprise messaging and verification services that help business customers send one-time passwords and transactional messages through channels such as SMS, WhatsApp and RCS.

2. Our role in processing personal data

When NexCode processes message data on behalf of a business customer, the customer is typically the controller of the personal data and NexCode acts as a processor or service provider. For account administration, billing, security, website analytics and direct commercial relationships, NexCode may act as an independent controller.

3. Personal data we process

Customer account and contact details, such as name, business email, company name and billing details.
Recipient data provided by customers, such as phone numbers, channel identifiers and message delivery metadata.
Message content where required to transmit, secure, troubleshoot or evidence delivery of the service.
Technical data, such as IP addresses, API logs, device/browser data, timestamps, routing data and authentication events.
Support and compliance communications exchanged with our customers.

4. How we use personal data

To provide, route, deliver, monitor and troubleshoot messaging services.
To authenticate users, prevent abuse, detect fraud and protect service integrity.
To manage customer accounts, billing, support, reporting and service notifications.
To comply with legal, regulatory, carrier, messaging-channel and law-enforcement obligations.
To improve reliability, analytics, routing quality and customer experience.

5. Legal bases

Depending on the context, we process personal data to perform a contract, comply with legal obligations, pursue legitimate interests such as security and service improvement, or based on consent where required by applicable law.

6. Sharing and subprocessors

We may share personal data with telecom operators, messaging platforms, hosting providers, payment providers, analytics providers, support vendors, professional advisers and public authorities where necessary. We require subprocessors to apply appropriate confidentiality, security and data-protection commitments.

7. International transfers

Messaging services may require international routing. Where personal data is transferred internationally, we use appropriate safeguards such as contractual protections, transfer impact assessments and other measures required by applicable law.

8. Retention

We retain personal data only for as long as necessary to provide the service, meet contractual commitments, resolve disputes, maintain security, comply with legal obligations and enforce our rights. Message logs and delivery data may be retained for limited operational, billing, security and compliance periods.

9. Security

We apply technical and organizational measures designed to protect personal data, including access controls, encryption where appropriate, logging, monitoring, network security, personnel controls and incident response procedures.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to or port your personal data. If you are an end user who received a message from one of our customers, you should usually contact that customer first because they determine why the message was sent.

11. Contact

For privacy questions, contact us at privacy@nexumtech.com.