Privacy Policy

How we collect, use and protect your personal information.

Last updated:January 1, 2025

1. Information we collect

At NextAura we collect information you provide directly and data generated automatically during your use of our services.

Information you provide

  • Account data: name, email address, encrypted password, phone number and postal address.
  • Profile information: profile photo, tax details and notification preferences.
  • Communications: messages you send us through the contact form or support.
  • Payment data: processed securely by PCI-DSS certified payment providers (we never store full card details).

Automatically collected information

  • Usage data: pages visited, features used, session time and clicks.
  • Technical data: IP address, browser type, operating system and language settings.
  • Cookies and similar: session identifiers and preferences stored locally.

2. How we use information

We use the collected data to:

  • Provide, maintain and improve our technology services.
  • Manage your account and authenticate your identity securely.
  • Process transactions and send you related confirmations.
  • Send you technical support communications and relevant service updates.
  • Comply with legal and regulatory obligations.
  • Detect and prevent fraud, abuse and security vulnerabilities.
  • Perform statistical analysis to improve the user experience.

Legal basis: the processing of your data is based on informed consent, contractual execution and legitimate interest, in accordance with the GDPR (General Data Protection Regulation).

3. Sharing information

We do not sell or rent your personal information. We only share data in the following cases:

  • Service providers: companies that help us operate the platform (hosting, payments, analytics), subject to confidentiality agreements.
  • Legal requirements: when necessary to comply with applicable laws, legal processes or requests from competent authorities.
  • Rights protection: to protect the rights, property or safety of NextAura, its users or the public.
  • Corporate transactions: in case of merger, acquisition or asset sale, with guaranteed data protection.

4. Cookies and similar technologies

We use cookies and similar technologies to improve your experience. See our Cookies Policy for complete information about the types of cookies we use and how to manage them.

5. Data security

We implement robust technical and organisational measures to protect your information:

  • Encryption in transit via TLS 1.3 and at rest via AES-256.
  • Passwords stored with bcrypt hash (never in plain text).
  • Two-factor authentication (2FA) available for all accounts.
  • Periodic security audits following OWASP Top 10.
  • Role-based access control with least privilege principle.

If you detect any security vulnerability, contact us at security@nextaura.com.

6. Your rights

Under the GDPR and applicable legislation, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request the deletion of your data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to the processing of your data for certain purposes.
  • Restriction: request restriction of processing in certain circumstances.
  • Withdrawal of consent: at any time, without retroactive effect.

To exercise these rights, write to us at privacy@nextaura.com. We will respond within a maximum of 30 days.

7. Data retention

We retain your personal information for as long as necessary to provide services and meet our legal obligations. Active account data is kept for the duration of the contractual relationship. After account cancellation, data is deleted within 90 days, unless legally required to retain it.

8. Minors

Our services are aimed at companies and professionals over 18 years of age. We do not intentionally collect information from minors. If you are aware that a minor has provided us with personal data, contact us immediately so we can delete it.

9. Changes to this policy

We may update this Privacy Policy periodically. We will notify you of any material changes through a prominent notice on our platform or by email with at least 30 days' notice. The updated version will carry a new date at the beginning of the document.

10. Contact

If you have questions about this Privacy Policy or how we handle your data:

NextAura S.L.

Privacy email: privacy@nextaura.com

Postal address: Calle Hoces del Duratón, 8, Madrid, España

You can also contact us through our form.