Privacy Policy

Last updated: 27 October 2025

This Privacy Policy explains how NexFort (Pvt) Ltd (“NexFort,” “we,” “our,” or “us”) collects, uses, discloses, and protects information when you use our website https://nexfort.io, interact with us, or use our products and services (including custom software, websites, call management solutions, and ERP/CRM integrations).

1) Who we are

NexFort (Pvt) Ltd is a technology company providing software development, integration, and automation services. We are registered in Sri Lanka. If you have questions about this Policy, you can reach us at info@nexfort.io.

2) Scope

This Policy applies to information we collect through: (a) our public website; (b) forms, emails, and messaging channels (e.g., WhatsApp Business); and (c) our products and managed services delivered to clients. Where we process data solely on behalf of a client, we act as a processor and the client’s privacy terms will apply.

3) Information we collect

  • Contact & business details (name, email, phone, company, role) you submit via forms or email.
  • Project information you share for scoping or support (requirements, sample data, API access details).
  • Technical data (IP address, device/browser info, pages viewed, timestamps) for security and analytics.
  • Usage data from our apps/portals (log events, preferences, role/permission changes).
  • Communications (emails, WhatsApp Business messages, and—only if you enable it—call recordings/transcripts).
  • Payment/contract data (vendor IDs, PO references, billing contact). We do not store card numbers on our servers.

4) How we use information

  • Provide, operate, and improve our website, products, and services.
  • Respond to inquiries, proposals, and support tickets.
  • Configure integrations (e.g., WhatsApp Business API, PBX/call-center connectors, ERP/CRM connectors).
  • Secure our systems, prevent fraud/abuse, and audit access (role/permission logs).
  • Comply with legal, regulatory, and contractual obligations.
  • With consent or legitimate interest, send product updates and relevant notices (you can opt out).

5) Legal bases

Depending on your location, we process data based on one or more of the following: contract performance, legitimate interests (e.g., securing systems, improving services), consent (where required), and legal obligations.

6) When we share information

We do not sell your personal information. We may share limited data with:

  • Service providers (hosting, email, monitoring, analytics, error tracking, message gateways) under data-processing terms.
  • Telecom/Platform partners as required for features you enable (e.g., WhatsApp Business providers, SIP carriers).
  • Professional advisors (legal, accounting) under confidentiality.
  • Authorities when required by law or to protect rights and safety.

7) International transfers & data residency

We serve clients in multiple regions. Your information may be processed in data centers outside your country. Where feasible, we offer data-residency options (e.g., region-specific hosting or separate databases by region). We implement appropriate safeguards (contractual and technical) for cross-border transfers.

8) Retention

  • Website inquiries: typically 18–24 months.
  • Account & audit logs: 12–36 months depending on security and compliance needs.
  • Project artifacts: for the term of the contract and a reasonable period thereafter to support handover or legal requirements.
  • Call recordings/transcripts (if enabled): retention is configurable per client; defaults are short and minimised.

9) Security

We use a defense-in-depth approach: access controls and least-privilege by role, encryption in transit, hardened hosting, network restrictions, and routine patching. No method is 100% secure; we continuously improve our safeguards.

10) Cookies & analytics

We may use essential cookies (for site operation) and limited analytics to understand usage and performance. You can control cookies in your browser. If we use any non-essential cookies, we’ll show a notice and obtain consent where required.

11) Your choices & rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal information, and to object or withdraw consent. To exercise these rights, contact info@nexfort.io. Where we process data as a processor for a client, please contact the client (controller) directly.

12) WhatsApp Business & communications

If you contact us via WhatsApp Business or enable WhatsApp features in a solution we build for you, message content and metadata may be processed by WhatsApp and any selected Business Solution Provider (BSP) under their terms. We only enable templates and flows you approve and we configure least-privilege access.

13) Children

Our website and services are not directed to children. We do not knowingly collect personal information from children.

14) Third-party links

Our site may link to third-party websites. Their privacy practices are their own; please review their policies.

15) Changes to this Policy

We may update this Policy from time to time. If changes are material, we’ll take reasonable steps to notify you. The “Last updated” date shows the current version.

16) Contact us

Questions or requests: info@nexfort.io
General inquiries: info@nexfort.io