Privacy Policy

Last updated: December 2024

1. Introduction

NextJenga ("we," "our," or "us") operates a multi-tenant website builder platform that enables businesses and individuals to create, publish, and manage professional websites. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform, whether as a platform user creating websites or as a visitor to websites built on NextJenga.

By using NextJenga, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our services.

2. Definitions

"Platform Users" refers to individuals or businesses who create accounts on NextJenga to build and manage websites. "End Users" refers to visitors who interact with websites built using NextJenga. "Sites" refers to the websites created by Platform Users using our services. "Content" refers to all data, text, images, videos, and other materials uploaded or created on the platform.

3. Information We Collect

3.1 Information from Platform Users

When you register for a NextJenga account, we collect: your name and email address, authentication credentials (passwords are hashed and never stored in plain text), business information you provide (company name, business type, contact details), billing information processed securely through Stripe (we do not store full credit card numbers), and profile information you choose to add.

3.2 Information from Site Creation

When you build websites on our platform, we store: page content, layouts, and design configurations, media files uploaded to your media library, custom domain configurations, integration settings (Stripe Connect, OAuth providers), and site analytics and performance data.

3.3 Automatically Collected Information

We automatically collect certain technical information including: device type, browser type, and operating system, IP addresses and approximate geographic location, pages visited, features used, and session duration, referral sources and search terms, and error logs and performance metrics.

3.4 Information from End Users

When visitors interact with Sites built on NextJenga, we may collect on behalf of Platform Users: form submissions and contact information, e- commerce transaction data (processed via Stripe), session data for site functionality, and any data the Platform User's site is configured to collect.

4. How We Use Your Information

4.1 Platform Operations

We use collected information to: provide, maintain, and improve our website builder services, process account registration and authentication, handle subscription billing and payment processing, deliver customer support and respond to inquiries, send service-related communications (updates, security alerts, billing notices), and enforce our Terms of Service and prevent abuse.

4.2 Platform Improvement

We analyze usage data to: understand how users interact with our platform, identify and fix bugs and performance issues, develop new features and improve existing ones, optimize the user experience, and ensure platform security and stability.

4.3 Communications

With your consent, we may send: product updates and new feature announcements, educational content and best practices, and promotional offers (you can opt out at any time).

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

NextJenga does not sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is your data.

5.2 Service Providers (Sub-processors)

We share data with trusted service providers who assist in operating our platform: Stripe for payment processing and subscription management, Cloudinary and UploadThing for media file storage and delivery, MongoDB Atlas for database hosting, Supabase for authentication and real-time features, Vercel for application hosting and CDN, Resend for transactional email delivery, and Sentry for error monitoring and performance tracking.

5.3 Legal Requirements

We may disclose information when required to: comply with applicable laws, regulations, or legal processes, respond to lawful requests from public authorities, protect our rights, privacy, safety, or property, and enforce our Terms of Service.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will provide notice and choices regarding your data in such circumstances.

6. Data Security

We implement industry-standard security measures to protect your data: encryption in transit (TLS/SSL) and at rest, secure authentication with hashed passwords, regular security audits and vulnerability assessments, access controls limiting employee access to user data, isolated multi- tenant architecture preventing cross-site data access, and secure API tokens with role-based permissions.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically: account data is retained until you delete your account, site content is retained until you delete the site or account, billing records are retained as required by tax and financial regulations, and usage logs are retained for up to 24 months for analytics and security.

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

8. Your Rights and Choices

8.1 Access and Portability

You can access your account data through your dashboard at any time. You may request a copy of your personal data in a portable format by contacting us.

8.2 Correction and Deletion

You can update your account information directly in your profile settings. You may request deletion of your account and associated data by contacting support or using the account deletion feature.

8.3 Communication Preferences

You can opt out of promotional communications at any time via the unsubscribe link in emails or through your account settings. Note that you cannot opt out of essential service communications (billing, security alerts).

8.4 Regional Rights

Depending on your location, you may have additional rights under laws such as GDPR (EU), CCPA (California), or other privacy regulations. These may include: right to know what data we collect, right to delete your data, right to correct inaccurate data, right to data portability, right to opt out of certain processing, and right to non-discrimination for exercising your rights.

9. International Data Transfers

NextJenga operates globally, and your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including: Standard Contractual Clauses for EU data transfers, compliance with applicable data transfer frameworks, and selection of service providers with appropriate certifications.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for: authentication and session management, remembering your preferences and settings, analyzing platform usage and performance, and security and fraud prevention. You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

11. Platform User Responsibilities

As a Platform User building sites on NextJenga, you are responsible for: your own privacy practices on sites you create, providing appropriate privacy notices to your End Users, obtaining necessary consents for data collection on your sites, complying with applicable privacy laws for your operations, and properly configuring data collection features.

NextJenga provides tools to help you comply with privacy requirements, but ultimate responsibility for your sites' privacy practices rests with you.

12. Children's Privacy

NextJenga is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately, and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by: posting the updated policy with a new "Last updated" date, sending an email notification to Platform Users, and displaying a notice on our platform.

Your continued use of NextJenga after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@nextjenga.com. We aim to respond to all inquiries within 30 days.