1. Introduction
GoNexel ("Company," "we," "us," "our") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over your information.
By using GoNexel services, you consent to the data practices described in this policy. If you do not agree with our practices, please do not use our services.
2. Information We Collect
2.1 Information You Provide Directly
Account Information: Name, email address, phone number, company name, billing address, and payment details.
Project Information: Project requirements, specifications, client-provided content (text, images, videos, documents), communications, and feedback.
Communication Data: Email messages, chat conversations, support tickets, and meeting notes.
2.2 Information Collected Automatically
Website Usage: IP address, device information, browser type/version, pages visited, time spent on pages, referring website, and cookies/tracking data.
Service Usage: Login times and frequency, features used, files uploaded/downloaded, and API activity logs.
2.3 Information from Third Parties
- Payment Processors: Stripe (transaction data, bank details)
- Analytics Providers: Google Analytics (anonymised usage data)
- Cloud Services: AWS (infrastructure data)
- Publicly Available Sources: Business directories, public records
3. How We Use Your Information
| Purpose | Examples | Legal Basis |
|---|---|---|
| Service Delivery | Providing services, processing payments, delivering updates | Contract |
| Communication | Project updates, support responses, policy changes | Contract / Consent |
| Business Operations | Improving services, usage analytics, fraud detection | Legitimate Interest |
| Marketing | Newsletters, promotional offers (with consent) | Consent |
| Legal Compliance | Regulatory requirements, law enforcement requests | Legal Obligation |
4. Data Sharing & Disclosure
Your personal information is never sold to third parties. Data is shared only as described below and strictly as necessary for service delivery.
4.1 Trusted Service Providers
- Stripe — Payment processing
- AWS — Cloud hosting and storage
- Google Analytics — Usage analytics
- Cloudflare — DDoS protection and CDN
All service providers are bound by confidentiality agreements and Data Processing Agreements (DPAs).
4.2 Legal Obligations
We may disclose your information when required by court orders, legal process, government agencies, or law enforcement authorities.
4.3 Business Transfers
In the event of a merger, acquisition, or sale, your data may transfer to the new entity. You will be notified of any such change and may opt out if the terms change significantly.
5. Data Security
- Encryption: SSL/TLS for all data in transit; AES-256 for data at rest
- Storage: AWS Mumbai region, India — with multiple redundancy systems
- Access Control: Role-based access; all employees sign NDAs
- Backups: Daily automated backups with 24-hour recovery guarantee
- Certifications: Pursuing ISO 27001 (expected 2026)
- Breach Notification: Within 24 hours via email; authorities notified as required by law
6. Data Retention
| Scenario | Retention Period | Action |
|---|---|---|
| Active Account | While account is active | Full access to account holder |
| After Deletion Request | 90 days | Recovery period, then permanent deletion |
| Legal Hold | As required by law | Retained for compliance or disputes |
| Backup Copies | Up to 90 days | Deleted per retention schedule |
7. Your Rights & Choices
- Access: Request a copy of your personal data (provided within 7 business days in portable format)
- Correction: Update or correct inaccurate information (within 5 business days)
- Deletion: Request deletion of personal data (completed within 90 days, subject to legal exceptions)
- Opt-Out: Unsubscribe from marketing emails via the link in every email; manage notification preferences in account settings
- Cookie Control: Manage cookie preferences via browser settings or our cookie management tool
- Do Not Track: We honour Do Not Track browser signals
8. GDPR Compliance (EU Customers)
For EU residents, we process data based on: Consent, Contractual Necessity, Legal Obligation, or Legitimate Interest. EU residents have additional rights to restrict processing, data portability, and the right to object. Data Processing Agreements are available on request.
See our full GDPR Compliance Policy for complete details.
9. CCPA Compliance (US Customers)
California residents may: know what data is collected, request deletion, and opt out of data sales. We do not sell personal data. Opt-out mechanisms are available via email (info@gonexel.com) and account settings.
10. Cookies & Tracking
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential | Core website functionality (sessions, security) | No |
| Analytics | Understanding user behaviour (Google Analytics) | Yes |
| Marketing | Personalised advertising | Yes (explicit opt-in) |
11. Children's Privacy
Our services are not intended for anyone under 18 years of age. We do not knowingly collect personal data from minors. If we discover that data has been collected from a minor, it will be deleted immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email with 30 days' advance notice. Continued use of our services after the effective date constitutes acceptance. You may terminate your engagement if you disagree with any changes.
13. Contact Us
GoNexel
Email: info@gonexel.com
Website: gonexel.com
Data Protection Officer: Available on request
EU Residents: You have the right to lodge a complaint with your local data protection supervisory authority.