We value your privacy and are committed to protecting your personal information. This policy explains exactly how we collect, use, and safeguard your data.
Effective Date: January 1, 2026 | Last Updated: May 28, 2026NETRA NEXUS ("NETRA NEXUS," "we," "our," or "us") operates a software-as-a-service platform available at nexusnetra.com (the "Platform"). The Platform is designed to help network marketing professionals manage their teams, prospect pipelines, appointments, and business activities.
This Privacy Policy explains what personal information we collect and why; how we use, store, and protect that information; with whom we share it; and what rights you have with respect to your personal information.
This policy applies to all users of the NETRA NEXUS Platform, regardless of where you are located. By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy.
This policy is intended to comply with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25), as well as the European Union's General Data Protection Regulation (GDPR) to the extent applicable to our international users.
NETRA Nexus Inc. is the data controller responsible for the personal information collected through the NETRA NEXUS Platform.
For the purposes of Quebec Law 25, NETRA Nexus Inc. is the enterprise responsible for the protection of personal information.
For the purposes of the GDPR (where applicable), NETRA Nexus Inc. is the data controller.
Contact details for privacy-related requests are set out in Section 20 below.
When you create a NETRA NEXUS account, we collect:
If you sign in using Google or Apple, we receive basic profile information (name, email address, and a unique identifier) from those providers. We do not receive your Google or Apple passwords.
After creating your account, you may provide the following information during onboarding. Fields noted as optional are not required to use the Platform:
As you use the Platform, we collect and store:
When you access the Platform, our infrastructure providers process standard technical data associated with your request, including IP address and browser or device metadata. We do not operate any independent analytics platform, advertising network, behavioral tracking system, or telemetry service. We do not use cookies, tracking pixels, or similar technologies for advertising or behavioral profiling.
Your authentication session (including a JWT access token and refresh token) is stored in your browser's localStorage. See Section 8 for details.
NETRA NEXUS is designed for network marketing professionals who manage contacts, prospects, and team members. As part of your normal use of the Platform, you may enter personal information about individuals who are not NETRA NEXUS users. This includes, but is not limited to:
This information is stored under your account and is subject to the access controls described in Section 11.
We use the personal information we collect for the following purposes:
If you are located in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under the GDPR or UK GDPR to process your personal data:
| Processing Activity | Legal Basis |
|---|---|
| Account registration and authentication | Performance of a contract — Art. 6(1)(b): necessary to provide the service |
| Core Platform features (messaging, appointments, prospect management, sharing) | Performance of a contract — Art. 6(1)(b) |
| Subscription management and billing | Performance of a contract — Art. 6(1)(b) |
| Optional profile fields (phone number, gender, avatar) | Consent — Art. 6(1)(a): you provide this information voluntarily |
| Platform security and fraud prevention | Legitimate interests — Art. 6(1)(f): protecting the security and integrity of the Platform |
| Legal compliance (e.g., financial record-keeping) | Legal obligation — Art. 6(1)(c) |
Where we rely on consent as a legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Payments for NETRA NEXUS subscriptions are processed by Stripe, Inc. ("Stripe"). When you subscribe to a paid plan, you are directed to a Stripe-hosted checkout page. Your full payment card details are entered directly on Stripe's secure servers and are never transmitted to or stored on our systems.
We store the following Stripe-related data to manage your subscription:
Full Stripe payment event data (including customer and subscription identifiers) is logged in a secure audit table that is inaccessible to Platform users and is available only to our system-level service account for audit and reconciliation purposes.
Stripe operates under its own privacy policy, available at stripe.com/privacy. Stripe is an independent data controller for the payment data it processes.
You may sign in to NETRA NEXUS using any of the following methods:
Session storage: Your authentication session — including a JWT access token and a refresh token — is stored in your browser's localStorage. This storage is local to your device and browser, is not transmitted to third parties, and is not shared across devices or browsers.
We recommend using NETRA NEXUS only on trusted personal devices, signing out when you finish your session (particularly on shared devices), and keeping your browser and operating system up to date.
NETRA NEXUS includes a direct messaging feature that allows you to send and receive text messages with other Platform users.
Profile avatars — for your own account and for any prospect or team member records you create — and quick-link icons are stored in publicly accessible cloud storage. This means that any person with the direct URL to one of these images can access it without authentication.
You should only upload images that you are comfortable making publicly accessible. If you upload a profile photo of yourself or of another individual, please ensure you have their appropriate consent to do so and that you understand the public nature of the storage.
We do not sell your personal information to third parties. We may share your information only in the following limited circumstances:
NETRA NEXUS includes a built-in data-sharing system that allows you to grant other Platform users access to specific portions of your data (such as your prospect list or tracking sheet URL). Any such sharing is explicit — you must actively grant access — scoped to the categories of data you choose, and revocable at any time. No sharing occurs without your affirmative action.
If you are part of an organizational hierarchy within the Platform, users above you in that hierarchy (your "upline") may have access to certain account-level information as governed by the Platform's hierarchical access model. The scope of any such access is defined within the Platform and does not extend beyond permissions explicitly configured by users.
We share data with the third-party service providers described in Section 12, only to the extent necessary for them to deliver their respective services.
We may disclose personal information if required to do so by applicable law, regulation, subpoena, court order, or governmental or regulatory authority. We may also disclose information where we believe in good faith that disclosure is necessary to protect our rights, the rights of other users, or the safety of any person, or to detect or prevent fraud or illegal activity.
In the event that NETRA NEXUS or its parent company is acquired, merged with, or otherwise transferred to another organization, your personal information may be transferred as part of that transaction. We will provide reasonable notice before your information becomes subject to a materially different privacy policy and will seek your consent where required by applicable law.
We work with the following third-party service providers to operate the Platform. Each provider processes personal data only as necessary to deliver their services and is subject to appropriate contractual data protection obligations.
| Provider | Role | Personal Data Shared |
|---|---|---|
| Supabase (via Lovable Cloud) | Database hosting, user authentication, file storage, server-side computing, and real-time data delivery | All Platform data, including user profiles, prospect data, messages, and subscription information |
| Stripe, Inc. | Subscription payment processing | Email address, user identifier, and subscription metadata |
| Google LLC | OAuth sign-in (if you choose to use Google sign-in) | Name, email address, and OAuth identifier returned to Supabase Auth |
| Apple Inc. | OAuth sign-in (if you choose to use Apple sign-in) | Name, email address, and OAuth identifier returned to Supabase Auth |
| Lovable | Application hosting and delivery | Standard web traffic data |
We do not use advertising networks, behavioral analytics platforms, email marketing services, SMS providers, session recording services, error-tracking services, or AI / machine-learning processing services in connection with the Platform.
The NETRA NEXUS Platform is built on infrastructure managed by Supabase (via Lovable Cloud) and Stripe, which may store and process data in data centers located outside of Canada. The specific geographic region(s) of our database infrastructure are determined by our infrastructure providers.
Quebec residents: Personal information you provide to NETRA NEXUS may be communicated outside of Quebec for processing by our service providers. We take steps to ensure that personal information shared with providers outside Quebec receives a level of protection comparable to that afforded under Quebec's Law 25, primarily through contractual provisions with those providers.
EEA and UK users: If you are located in the European Economic Area or the United Kingdom, your personal data may be transferred to and processed in countries that are not subject to an adequacy decision by the European Commission. Where such transfers occur, we rely on the appropriate safeguards established by our service providers, including Standard Contractual Clauses (SCCs) as adopted by the European Commission or equivalent mechanisms under UK law.
You may request more information about the safeguards applicable to international transfers by contacting us at the address listed in Section 20.
We retain your personal information for as long as your account is active or as otherwise necessary to provide the services you have requested and to comply with applicable legal obligations.
Account and data deletion: A self-serve account deletion or data-export feature is not currently available within the Platform interface. If you wish to request deletion of your personal information, please contact us using the information in Section 20. We will respond to deletion requests within the timeframe required by applicable law, subject to any legal obligations that require us to retain certain information.
We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, use, disclosure, alteration, and destruction. These measures include:
localStorage for your authentication session and a small number of UI preferences.Despite these measures, no method of electronic storage or internet transmission is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach, we will notify affected users and applicable regulatory authorities in accordance with applicable law.
If you are a Canadian resident, you have the following rights with respect to your personal information:
Quebec residents have additional rights under Law 25, including the right to request destruction or anonymization of data no longer needed for its original purpose; the right to data portability (where technically feasible); and the right to be informed when your personal information is communicated outside of Quebec.
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR or UK GDPR:
To exercise any of the rights described in this section, please contact us at privacy@netranexus.com. Please include your name and the email address associated with your account so we can verify your identity before processing your request. We aim to respond to all requests within 30 days of receipt, or such shorter period as may be required by applicable law.
If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:
To submit a CCPA/CPRA request, please contact us at privacy@netranexus.com. We will verify your identity before processing your request.
NETRA NEXUS is not directed at, and is not intended for use by, children under the age of 16 (or under 13 in jurisdictions where that is the applicable threshold).
We do not knowingly collect personal information from children below these ages. If you are a parent or guardian and you believe your child has provided us with personal information without appropriate consent, please contact us at privacy@netranexus.com. We will take prompt steps to delete such information from our records.
We may update this Privacy Policy from time to time to reflect changes in our data practices, the Platform's features, or applicable legal requirements. When we make material changes, we will:
Your continued use of NETRA NEXUS after any changes become effective constitutes your acceptance of the revised policy. If you disagree with the changes, you may request account deletion by contacting us at the address in Section 20. Prior versions of this policy are available upon request.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:
Email: privacy@netranexus.com
Response Time: We aim to respond within 30 days of receipt.
Mailing Address: NETRA Nexus Inc., 4517 Washington Ave, Suite 300, Manchester, KY 40962, United States
For users in the EEA or United Kingdom, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights under the GDPR or UK GDPR have been violated. A list of EEA supervisory authorities is available at edpb.europa.eu.