Home
Nexbone

Privacy Policy

Nexbone is a product operated by Nexbone S.A., a company incorporated and registered in the Republic of Panama. We are committed to protecting your privacy and handling your personal information in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive 2002/58/EC, and other applicable privacy legislation. This Privacy Policy constitutes a legally binding agreement between you ("User," "you," or "your") and Nexbone S.A. ("Nexbone," "Company," "we," "us," or "our") governing the collection, processing, storage, and protection of your personal data.

Last Updated: December 21, 2025

Effective Date: December 21, 2025

1. Data Controller Information

For the purposes of applicable data protection legislation, the data controller responsible for your personal information is:

Nexbone S.A.
Calle 50, Edificio el Tornillo
Panamá, Panama
Email: [email protected]
General Inquiries: [email protected]
Telephone: +507 328 3520

As the data controller, Nexbone S.A. determines the purposes and means of processing your personal data and is responsible for ensuring that such processing complies with applicable data protection laws.

2. Scope and Application of This Privacy Policy

This Privacy Policy applies to all personal data collected through or in connection with:

  • Your access to and use of the website located at https://nexbone.com (the "Website" or "Site")
  • Any services, features, content, applications, or functionality offered on or through the Website (collectively, the "Services")
  • Any communications between you and Nexbone, including but not limited to email correspondence, telephone communications, and any other form of electronic or physical communication
  • Any interactions with our customer support, sales, or technical teams
  • Any other means by which you may provide personal data to Nexbone

This Privacy Policy does not apply to any third-party websites, services, or applications that may be linked to or from our Website, even if such links are provided for your convenience. We strongly encourage you to review the privacy policies of any third-party websites you visit.

3. Categories of Personal Data We Collect

We collect and process various categories of personal data depending on your interactions with our Website and Services. The categories of personal data we may collect include, but are not limited to:

3.1 Device and Technical Information

When you access our Website, we automatically collect certain technical information about your device and connection, including:

  • Internet Protocol (IP) address, which may be anonymized or truncated where technically feasible
  • Browser type, version, and configuration settings
  • Operating system type and version
  • Device type, model, and unique device identifiers
  • Screen resolution and display characteristics
  • Language preferences and locale settings
  • Time zone settings
  • Referring URL and exit pages
  • Date and time of access
  • Pages viewed and navigation paths within the Website
  • Click patterns and interaction data
  • Network connection type and internet service provider information
3.2 Performance and Analytics Data

To ensure optimal Website performance and user experience, we collect real user monitoring (RUM) data, which may include:

  • Page load times and performance metrics
  • Resource loading sequences and timing
  • JavaScript execution timing
  • Error logs and exception reports
  • Core Web Vitals measurements (Largest Contentful Paint, First Input Delay, Cumulative Layout Shift)
  • Time to First Byte (TTFB) and other network timing metrics
  • User interaction timing and responsiveness measurements
3.3 Cookie and Similar Technology Data

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about our use of cookies, please refer to Section 8 of this Privacy Policy.

3.4 Communication Data

When you communicate with us, we may collect:

  • Your name and contact information (email address, telephone number)
  • The content of your communications
  • Metadata associated with your communications (date, time, duration)
  • Any attachments or supplementary materials you provide
  • Records of correspondence and interaction history
3.5 Account and Registration Data

If you create an account or register for our Services, we may collect:

  • Full legal name or business name
  • Email address
  • Password (stored in encrypted, hashed form)
  • Billing and shipping addresses
  • Telephone number
  • Company or organization name
  • Job title or role
  • Account preferences and settings
3.6 Transaction and Payment Data

If you make purchases or engage in transactions through our Website, we may collect:

  • Transaction history and purchase records
  • Payment method information (note: full payment card details are processed by our payment processors and are not stored on our systems)
  • Billing information and invoicing details
  • Tax identification numbers where required by law

4. Legal Bases for Processing Your Personal Data

We process your personal data only when we have a valid legal basis to do so under applicable data protection law. The legal bases upon which we rely include:

4.1 Consent (Article 6(1)(a) GDPR)

Where you have provided your explicit, informed, and freely given consent to the processing of your personal data for one or more specific purposes. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Consent withdrawal can be effectuated by contacting us at [email protected] or by adjusting your cookie preferences through the "Cookies" popup located in the lower-left corner of the Website.

4.2 Performance of a Contract (Article 6(1)(b) GDPR)

Where the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This includes processing necessary to provide you with our Services, process your orders, manage your account, and fulfill our contractual obligations to you.

4.3 Legal Obligation (Article 6(1)(c) GDPR)

Where the processing is necessary for compliance with a legal obligation to which we are subject. This may include compliance with tax laws, accounting requirements, court orders, regulatory requirements, or other applicable legal obligations.

4.4 Legitimate Interests (Article 6(1)(f) GDPR)

Where the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. Our legitimate interests include:

  • Ensuring the security, integrity, and proper functioning of our Website and Services
  • Preventing fraud, unauthorized access, and other malicious activities
  • Improving and optimizing our Website performance and user experience
  • Conducting analytics to understand how users interact with our Website
  • Protecting our legal rights, property, and interests
  • Administering and managing our business operations
4.5 Vital Interests (Article 6(1)(d) GDPR)

In exceptional circumstances, where processing is necessary to protect the vital interests of you or another natural person, we may process personal data on this basis. Such circumstances are rare and typically involve emergency situations where there is a genuine threat to life or physical safety.

5. Purposes of Processing

We process your personal data for the following specific purposes:

5.1 Website Operation and Service Provision
  • To operate, maintain, and provide our Website and Services
  • To authenticate users and manage access to restricted areas
  • To process transactions and manage billing
  • To provide customer support and respond to inquiries
  • To personalize your experience on our Website
5.2 Security and Protection
  • To protect our Website against cyber attacks, including DDoS attacks, malicious bot traffic, and other security threats
  • To detect and prevent fraud, unauthorized access, and other illegal activities
  • To maintain the integrity, security, and stability of our systems and infrastructure
  • To implement and enforce security measures and access controls
  • To conduct security audits and vulnerability assessments
5.3 Performance Monitoring and Optimization
  • To monitor and analyze Website performance using real user monitoring (RUM)
  • To identify and diagnose technical issues and errors
  • To optimize page load times and overall Website performance
  • To improve user experience based on interaction analytics
  • To conduct A/B testing and feature optimization
5.4 Communication
  • To respond to your inquiries, requests, and support tickets
  • To send transactional communications related to your account or purchases
  • To send service-related announcements and updates
  • To send marketing communications where you have provided consent
5.5 Legal and Regulatory Compliance
  • To comply with applicable laws, regulations, and legal processes
  • To respond to lawful requests from public authorities
  • To enforce our terms of service and other legal agreements
  • To protect our legal rights and interests in legal proceedings

6. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise transfer your personal data to third parties for their marketing purposes. We maintain strict controls over the disclosure of personal data and share your information only in the limited circumstances described below:

6.1 Service Providers and Data Processors

We engage carefully selected third-party service providers who process personal data on our behalf and under our instructions. These service providers are contractually bound to:

  • Process personal data only for specified purposes and in accordance with our documented instructions
  • Implement appropriate technical and organizational security measures
  • Maintain confidentiality obligations
  • Assist us in responding to data subject rights requests
  • Delete or return all personal data upon termination of services
  • Submit to audits and inspections to verify compliance
6.2 Cloudflare, Inc.

Our Website utilizes services provided by Cloudflare, Inc. ("Cloudflare") for the following purposes:

  • Content Delivery Network (CDN) Services: To improve Website loading speeds and availability by caching and delivering content from geographically distributed servers
  • Security Services: To protect our Website from DDoS attacks, malicious bot traffic, SQL injection, cross-site scripting (XSS), and other cyber threats
  • Web Application Firewall (WAF): To filter and monitor HTTP traffic between the Website and the Internet
  • Real User Monitoring (RUM): To collect performance metrics and analytics data to monitor and optimize Website performance
  • SSL/TLS Encryption: To ensure secure, encrypted connections between users and our Website

Cloudflare processes certain personal data as a data processor on our behalf. The categories of data processed by Cloudflare may include IP addresses, device information, browser characteristics, and Website interaction data. Cloudflare's processing activities are governed by a Data Processing Agreement that ensures compliance with GDPR requirements and restricts Cloudflare from using your personal data for any purpose other than providing services to us.

Important: We have configured Cloudflare to process and store all data exclusively within the European Union. Cloudflare has certified its compliance with applicable data protection frameworks and maintains appropriate safeguards for data processing. For more information about Cloudflare's privacy practices, please visit https://www.cloudflare.com/privacypolicy/.

6.3 Legal Disclosures

We may disclose your personal data if required to do so by law or in response to valid legal process, including:

  • Court orders, subpoenas, or other judicial or administrative orders
  • Requests from law enforcement or other government authorities
  • Regulatory or supervisory authority requests
  • Legal proceedings to which we are a party

In such cases, we will disclose only the minimum amount of personal data necessary to comply with the legal requirement and will, where legally permitted, notify you of such disclosure.

6.4 Protection of Rights and Interests

We may disclose personal data where we believe disclosure is necessary to:

  • Protect our legal rights, property, or interests
  • Enforce our terms of service or other agreements
  • Investigate potential violations of our policies
  • Protect the safety, rights, or property of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues
6.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other similar corporate transaction involving Nexbone S.A., your personal data may be transferred to the acquiring entity or successor organization. In such circumstances, we will ensure that the receiving entity agrees to be bound by the terms of this Privacy Policy or provides substantially similar protections for your personal data.

6.6 With Your Consent

We may share your personal data with third parties when you have provided your explicit consent to such sharing.

7. International Data Transfers

Your personal data is stored and processed exclusively within the European Union. We have implemented technical and organizational measures to ensure that all personal data processing occurs within EU-based data centers and infrastructure.

Our service provider, Cloudflare, has been configured to process and store data within the European Union through their EU data localization features. This ensures that your personal data does not leave the European Economic Area (EEA) during processing.

In the unlikely event that a transfer of personal data outside the EEA becomes necessary, we will ensure that such transfers are conducted in compliance with applicable data protection laws and are subject to appropriate safeguards, including:

  • Transfers to countries recognized by the European Commission as providing an adequate level of data protection (adequacy decisions)
  • Standard Contractual Clauses (SCCs) adopted by the European Commission
  • Binding Corporate Rules approved by competent supervisory authorities
  • Certification mechanisms or codes of conduct approved under GDPR
  • Your explicit consent, where appropriate and legally permissible

You may obtain a copy of the safeguards we use for international transfers by contacting us at [email protected].

8. Cookies and Similar Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyze Website traffic, and improve our Services. This section explains what cookies are, how we use them, and your choices regarding their use.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. Cookies are widely used to make websites work more efficiently, provide information to website owners, and enable certain features and functionality.

8.2 Types of Cookies We Use
  • Strictly Necessary Cookies: These cookies are essential for the operation of our Website. They enable core functionality such as security, network management, and accessibility. You cannot opt out of these cookies as the Website cannot function properly without them.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our Website, including which pages are visited most often, how visitors navigate through the site, and whether they encounter error messages. This data helps us improve Website performance and user experience.
  • Functionality Cookies: These cookies allow our Website to remember choices you make (such as language preferences or region settings) and provide enhanced, personalized features.
8.3 Cloudflare Cookies

Cloudflare may set cookies on your device as part of providing security and performance services. These cookies include:

  • __cf_bm: A cookie used to distinguish between humans and bots for security purposes. This cookie is necessary for the proper functioning of our security features.
  • __cflb: A cookie used for load balancing to ensure optimal Website performance.
  • cf_clearance: A cookie set after a user successfully completes a security challenge, indicating that the browser has passed the verification.
8.4 Managing Your Cookie Preferences

You can manage your cookie preferences at any time through the "Cookies" popup located in the lower-left corner of our Website. This tool allows you to:

  • View the categories of cookies we use
  • Accept or reject non-essential cookies
  • Modify your preferences at any time
  • Withdraw any previously given consent

Additionally, you can control cookies through your browser settings. Most web browsers allow you to manage cookies through their settings preferences. However, please note that disabling certain cookies may affect the functionality of our Website.

For more information about cookies and how to manage them, please visit https://www.allaboutcookies.org.

8.5 Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that the user does not wish to be tracked. Our Website responds to DNT signals by limiting tracking activities where technically feasible. However, there is currently no universally accepted standard for how websites should respond to DNT signals.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period for different categories of data varies based on:

  • The nature of the personal data and the purposes for which it is processed
  • Legal and regulatory requirements mandating minimum retention periods
  • Statute of limitations for potential legal claims
  • Our legitimate business interests
  • Industry best practices and standards
9.1 Specific Retention Periods
  • Server Logs and Technical Data: Retained for up to 90 days for security monitoring and troubleshooting purposes, after which they are anonymized or deleted.
  • Analytics Data: Retained in identifiable form for up to 26 months, after which it is aggregated and anonymized.
  • Account Information: Retained for the duration of your account relationship with us, plus a period of up to 7 years following account closure to comply with legal and regulatory requirements.
  • Transaction Records: Retained for a minimum of 7 years to comply with tax and accounting regulations.
  • Communication Records: Retained for up to 3 years following the last communication, unless a longer retention period is required for legal purposes.
  • Consent Records: Retained for as long as the consent is valid, plus a period of 7 years to demonstrate compliance with applicable laws.
9.2 Extended Retention

In certain circumstances, we may retain your personal data for longer periods, including:

  • Where required by applicable law, regulation, or court order
  • To establish, exercise, or defend legal claims
  • For archival purposes in the public interest or scientific/historical research purposes (subject to appropriate safeguards)
  • Where necessary for our legitimate interests, such as fraud prevention
9.3 Data Deletion

When personal data is no longer required, we will securely delete or anonymize it using industry-standard methods. Anonymized data, which cannot be used to identify you, may be retained indefinitely for statistical and analytical purposes.

10. Data Security

We take the security of your personal data seriously and have implemented comprehensive technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

10.1 Technical Measures
  • TLS/SSL encryption for all data transmitted between your browser and our servers
  • Encryption of personal data at rest using industry-standard encryption algorithms
  • Web Application Firewall (WAF) protection through Cloudflare
  • DDoS mitigation and bot management
  • Regular security assessments and penetration testing
  • Intrusion detection and prevention systems
  • Secure, access-controlled data centers within the European Union
  • Regular software updates and security patches
  • Network segmentation and firewall protection
10.2 Organizational Measures
  • Strict access controls based on the principle of least privilege
  • Employee training on data protection and security awareness
  • Confidentiality agreements with all employees and contractors
  • Documented security policies and procedures
  • Incident response and breach notification procedures
  • Regular security audits and compliance assessments
  • Vendor due diligence and security assessments
  • Data protection impact assessments for high-risk processing activities
10.3 Limitation of Liability

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal data, but we commit to promptly addressing any security incidents and notifying affected individuals and relevant authorities as required by law.

11. Your Rights Under Data Protection Law

Subject to applicable law and certain exceptions, you have the following rights with respect to your personal data:

11.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that personal data along with information about the purposes of processing, categories of data concerned, recipients, retention periods, your rights, the source of the data, and the existence of automated decision-making.

11.2 Right to Rectification (Article 16 GDPR)

You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data concerning you.

11.3 Right to Erasure (Article 17 GDPR)

Also known as the "right to be forgotten," you have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, where you object to processing, where the data has been unlawfully processed, or where erasure is required to comply with a legal obligation.

11.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data, where processing is unlawful, where we no longer need the data but you require it for legal claims, or where you have objected to processing pending verification of our legitimate grounds.

11.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where processing is based on consent or contract performance and is carried out by automated means.

11.6 Right to Object (Article 21 GDPR)

You have the right to object to the processing of your personal data based on legitimate interests or public interest grounds, including profiling. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

11.7 Right to Withdraw Consent (Article 7(3) GDPR)

Where we rely on your consent for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11.8 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing is necessary for contract performance, authorized by law, or based on your explicit consent.

11.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes applicable data protection law.

11.10 Exercising Your Rights

To exercise any of your rights, please contact us at:

Email: [email protected]
Post: Nexbone S.A., Calle 50, Edificio el Tornillo, Panamá, Panama
Telephone: +507 328 3520

We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request.

We may request additional information necessary to confirm your identity before processing your request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

12. Automated Decision-Making and Profiling

We may use automated processing, including profiling, for the following purposes:

  • Security and Fraud Prevention: We use automated systems to detect and prevent fraudulent activity, bot attacks, and other security threats. These systems analyze traffic patterns, device characteristics, and behavioral indicators to identify potentially malicious activity.
  • Website Performance Optimization: We use automated analytics to understand how users interact with our Website and to identify opportunities for improvement.

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you without human intervention, except where such processing is necessary for contract performance, authorized by law, or based on your explicit consent.

Where we engage in automated decision-making that significantly affects you, we will implement suitable safeguards, including the right to obtain human intervention, express your point of view, and contest the decision.

13. Children's Privacy

Our Website and Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16 years of age. If you are under 16, please do not provide any personal data to us.

If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 16, please contact us immediately at [email protected].

For users between 16 and 18 years of age, we recommend that you review this Privacy Policy with a parent or guardian to ensure you understand your rights and our data practices.

14. Third-Party Links and Services

Our Website may contain links to third-party websites, services, or applications that are not operated or controlled by Nexbone S.A. This Privacy Policy does not apply to such third-party services, and we are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link on our Website does not imply endorsement of the linked site or service by Nexbone S.A.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our Website with a new "Last Updated" date
  • Providing notice through our Website interface or via email (for registered users)
  • Obtaining your consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our Website after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by applicable law.

Previous versions of this Privacy Policy are available upon request by contacting [email protected].

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us using the following information:

Nexbone S.A.
Calle 50, Edificio el Tornillo
Panamá, Panama

Privacy Inquiries: [email protected]
General Inquiries: [email protected]
Telephone: +507 328 3520

We aim to respond to all privacy-related inquiries within 30 days of receipt. For complex requests, we may require additional time, in which case we will keep you informed of our progress.

17. Supervisory Authority

If you are located in the European Economic Area and believe that we have not adequately addressed your concerns regarding your personal data, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities and their contact information can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

We kindly request that you contact us first to allow us the opportunity to address your concerns before escalating to a supervisory authority.

18. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Panama, without regard to its conflict of law provisions, except where superseded by mandatory provisions of applicable data protection law, including the GDPR.

For users located in the European Economic Area, nothing in this Privacy Policy affects your statutory rights under applicable EU data protection law, and you retain the right to bring claims before the courts of your country of habitual residence.

19. Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such invalidity, illegality, or unenforceability shall not affect the remaining provisions of this Privacy Policy, which shall remain in full force and effect. The invalid, illegal, or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent.

20. Entire Agreement

This Privacy Policy, together with our Terms of Service and any other legal notices or agreements published on the Website, constitutes the entire agreement between you and Nexbone S.A. with respect to the collection, processing, and protection of your personal data in connection with your use of our Website and Services.

21. Language

This Privacy Policy has been prepared in the English language. In the event of any inconsistency between the English version and any translated version, the English version shall prevail to the extent permitted by applicable law.

22. Acknowledgment

By accessing or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not access or use our Website.

Document Information

Document Title: Privacy Policy
Document Owner: Nexbone S.A.
Last Reviewed: December 21, 2025
Next Review Date: June 21, 2026

Get started

Ready to start earning with Nexbone?

If you have any questions, feel free to reach out to our team.

  • No credit card required

  • 14-Day free trial