Nexamass logo

Privacy Policy for the Nexamass application

Last updated: December 18, 2025. This privacy policy applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

In this privacy policy, we explain what we do with the personal data we collect through https://app.nexamass.com. This service is intended for business use only and is not directed at individuals under 18. We recommend that you read this statement carefully. In processing personal data, we comply with the requirements of the General Data Protection Regulation (GDPR) and other applicable legislation. This means, among other things, that:

  • We clearly state the purposes for which we process personal data.
  • We limit our collection of personal data to what is necessary for legitimate purposes.
  • We process your personal data only when we have a valid legal basis for doing so.
  • We take appropriate security measures to protect your personal data.
  • We respect your right to access, correct, or delete your personal data upon request.

If you have any questions or want to know exactly what data we store about you, please contact us.

1. Purposes, Data, Legal Basis, and Retention Period

We may collect or receive personal data for the following purposes related to the use of the Quote Configurator application:

1.1 User Account Management

For this purpose, we may collect the following data:

  • Full name
  • Email address
  • Phone number
  • Location (address, city, country)
  • IP address
  • Company and role in the system
  • Country and preferred language

1.2 Legal Basis and Legitimate Interests

We process personal data only when there is a clear reason to do so. In this service, the main reasons are:

  • Account management and access – to provide and secure your login to the Nexamass application (contractual necessity).
  • Service monitoring and improvement – to understand usage and enhance functionality (legitimate interest).
  • Troubleshooting and error resolution – to diagnose and fix problems (legitimate interest).
  • Analytics cookies – to gather usage insights (consent, accepted by signing in).

1.3 Data Sources

We collect personal data in the following ways:

  • Directly from you or your organization when an account is created.
  • Automatically through your use of the service (e.g., IP address, log data, and analytics events).

1.4 Retention Period

We retain this data as long as the user account is active. When an account is removed, associated personal data will be deleted within 90 days, unless longer retention is required by law.

2. Cookies and Similar Technologies

We use cookies and similar technologies in our application:

  • Essential (functional) cookies – required for authentication, security, and core functionality (e.g., keeping you logged in, remembering language).
  • Analytics cookies – used to understand usage, improve performance, and troubleshoot issues.

By signing in, you consent to the use of both functional and analytics cookies. If you do not wish cookies to be set, you may opt out by signing out of the service and/or blocking cookies in your browser settings (note: blocking cookies will prevent the application from functioning).

Retention:

  • Session cookies expire when you log out or after 30 days of inactivity.
  • Analytics cookies may persist for up to 12 months (subject to configuration).

3. Tracking and Analytics

We use Plausible Analytics (EU-hosted) for product analytics to improve the service, monitor performance, and diagnose issues. Plausible Analytics may process usage data (such as events, navigation within the app, approximate device, and timestamps).

We do not use analytics data for advertising, nor do we share analytics data with advertisers.

4. Disclosure of Data

We may disclose personal data if required by law or by a court order, in response to a law enforcement authority, or for public safety reasons.

If our organization is acquired, sold, or involved in a merger, your personal data may be disclosed to advisors and potential buyers, and transferred to the new owners.

5. Security

We are committed to the security of personal data. We take appropriate technical and organizational measures to limit misuse of and unauthorized access to personal data. Only authorized persons have access to your data, and our security measures are regularly reviewed.

6. International Transfers

We primarily process and store data within the European Union.

Application hosting: All production systems are hosted in Finland.

Backups and transactional emails: These are processed via Amazon Web Services (AWS) in the Stockholm (Sweden) region, which is within the EU/EEA.

We do not transfer your data outside the European Economic Area (EEA). If in the future we need to transfer data to a third country, we will ensure appropriate safeguards are in place (such as adequacy decisions or Standard Contractual Clauses).

7. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that would produce legal effects or similarly significant consequences for you.

8. Third-Party Websites

This privacy policy does not apply to third-party websites connected to our service by links. We recommend that you read the privacy policies of such websites before using them.

9. Your Rights Under GDPR

You have the following rights with respect to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct or complete your personal data if it is inaccurate or incomplete.
  • Right to erasure (“right to be forgotten”): You can request deletion of your personal data at any time.
  • Right to restriction of processing: You may request that we limit the processing of your personal data.
  • Right to data portability: You may request your personal data in a structured, commonly used, and machine-readable format, and transfer it to another controller.
  • Right to object: You may object to our processing of your personal data.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw this consent at any time.

To exercise your rights, please send a clear request to info@nexamass.com. Please include enough information to verify your identity so we can protect your data from unauthorized access. We will respond to your request within 30 days in accordance with GDPR.

10. Complaints

If you are not satisfied with the way we handle your personal data, you have the right to lodge a complaint with your local Data Protection Authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. You are advised to review it periodically. Where possible, we will notify users of significant changes.

12. Contact Details

Nexamass Oy
Hanikka 29 B
02360 Espoo, Finland
Email: info@nexamass.com

For any privacy-related questions or requests, please use the contact details above.

info@nexamass.com

© Nexamass Oy

Privacy policy