Back to landing page

Privacy

Privacy Policy

Effective November 29, 2025

This policy describes how NectorPay (“we”, “our”, “us”) collects, uses, and shares information when you visit our marketing site, join the waitlist, or use the NectorPay product.

1. Information we collect

Information you provide directly:

  • Account registration: email, name, password, company details
  • Business profile: company name, legal name, tax ID, registered address, website, timezone, primary currency
  • Contractor information: names, email addresses, phone numbers, addresses, bank account details, tax forms, compliance documents, service descriptions, rates, payment preferences
  • Team member details: names, email addresses, roles, permissions
  • Invoice data: amounts, currencies, line items, due dates, payment terms, attachments
  • Payment information: subscription billing details, payment methods (processed by third-party payment processors)
  • Communications: support requests, feedback, comments, notes, change requests

Information collected automatically:

  • Device data: IP address, browser type, operating system, device identifiers
  • Usage analytics: pages viewed, features used, session duration, click patterns
  • Audit logs: user actions, timestamps, status changes, approval history, data modifications
  • Performance data: error logs, load times, API calls
  • Cookies and similar technologies (see our Cookie Policy for details)

Information from third parties:

  • Authentication providers (Google OAuth) when you sign in with third-party services
  • FX rate providers for currency conversion data
  • Payment processors for subscription billing status

2. How we use information

  • Providing and improving the NectorPay platform, including support and security.
  • Sending operational communications, product updates, and marketing messages (you can opt out at any time).
  • Complying with legal obligations, accounting rules, or requests from competent authorities.
  • Researching usage trends to guide roadmap decisions; analysis is aggregated or de-identified wherever feasible.

3. How we share information

We do not sell your personal data. We may share limited information with:

  • Infrastructure and analytics providers (e.g., hosting, error monitoring) bound by confidentiality.
  • Payment and billing partners that help us process subscription fees.
  • Professional advisors (auditors, legal counsel) where necessary.
  • Authorities or third parties when required to protect rights, safety, or comply with the law.

Within your workspace, data is shared based on role-based access controls:

  • Team members see contractor data according to their assigned permissions
  • Contractors access their own profile, invoices, and payment history via the contractor portal
  • Managers see contractors assigned to them (when manager assignments are configured)

4. International transfers

NectorPay may process data in the United States and other countries where we or our subprocessors operate. When legally required, we use Standard Contractual Clauses or other safeguards to protect cross-border transfers.

5. Data retention

We retain personal data for as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:

  • Active accounts: Data retained while your account is active and for a reasonable period afterward
  • Invoices and payment records: 6 years (tax and accounting compliance)
  • Audit logs: 7 years (compliance, fraud prevention, and dispute resolution)
  • Deleted accounts: Personal data deleted or anonymized within 12 months, subject to legal retention requirements
  • Data exports: Available for 30 days after generation, automatically deleted after 90 days
  • Backup systems: Data may persist in backups for up to 90 days after deletion

Workspace owners can delete contractor profiles, invoices (in draft status), and certain records via the product. We may anonymize or aggregate data for analytics and product improvement.

6. Your rights & choices

  • Access the personal data we hold about you.
  • Request corrections to inaccurate information.
  • Export or delete certain data, subject to legal or contractual requirements.
  • Object to or restrict certain types of processing.
  • Withdraw marketing consent at any time by using in-product settings or unsubscribe links.

You can exercise many rights in the app via Settings → Preferences. Alternatively, email [email protected] and we’ll help.

7. Security measures

We implement reasonable technical and organizational measures to protect your data:

  • Data encryption in transit (TLS/HTTPS) and at rest
  • Role-based access controls and permission management
  • Secure authentication with password hashing and optional two-factor authentication
  • Regular security monitoring and vulnerability assessments
  • Audit logging of sensitive actions and data access
  • Secure cloud infrastructure with established providers (Supabase/PostgreSQL)
  • Data backup and disaster recovery procedures

However, no system is completely secure. You are responsible for maintaining the confidentiality of your login credentials and should notify us immediately if you suspect unauthorized access to your account.

8. Children’s information

NectorPay is not directed to children under 16, and we do not knowingly process children’s personal data. If you believe a child has provided information, contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. We will post the new date at the top and, for material changes, provide additional notice in-product or via email.

10. Contact & data protection

Questions, data subject requests (access, deletion, portability, correction), or privacy concerns can be sent to [email protected].

For GDPR-related requests, please clearly indicate the nature of your request (right to access, right to erasure, right to rectification, etc.) and provide sufficient information to verify your identity. We will respond within 30 days as required by law.

If you are a contractor using NectorPay through a business workspace, please contact your business client directly for data requests, as they act as the data controller for your information. We can assist in coordinating responses.