Privacy Policy 

1. Our Commitment

Nexleon—or just referred to as just "us"—wrote this privacy policy to keep things simple, honest, and easy to grasp. At Nexleon, we agree that you deserve to know in complete transparency about exactly what data we collect, why we ask for it, and what we do with it.

Our headquarters is based in Victoria, Australia, so we follow the Australian Privacy Principles and the Privacy Act of 1988. Just so there’s no confusion, we don’t sell your personal information. That’s not how we do business. Our revenue comes from the products and services we actually offer, not from selling your data.

To keep everything running smoothly and deliver what we promise, we do need to collect some information from you—nothing unusual for an online service.

Privacy laws aren’t the same everywhere, so whether you’re in Australia, the UK, the US, or South Africa, this policy addresses the most important things that matter no matter where you reside.

2. What This Privacy Policy Covers

The primary website of Nexleon and any pages that link to it are covered by this privacy statement. It addresses how we manage data about website visitors, service enquiries, and platform users who have registered.

There are distinct privacy policies and terms of service for each of Nexleon's products, including Nexleon CRM and Nexleon Helpdesk. When using any particular Nexleon product, please review those documents. Furthermore, even if they are partners, third-party websites that are linked from our pages follow their own privacy policies. Those are beyond our control.

You consent to the handling of your information as outlined in this document by using our website. But don't hesitate to get in touch if something here doesn't feel right. We welcome enquiries at all times.

3. How Nexleon Handles Data: Controller vs Processor

Not all data or information is handled the same way, and honestly, this part often confuses people — so let's keep it simple.

When you are visiting the Nexleon website or filling out a form, Nexleon acts as a data controller. That means we decide what data is collected and why. However, when you use Nexleon's platform to manage your own customers or team data, the role shifts. In that case, Nexleon acts as a data processor — we handle data based only on your instructions.

Moreover, this distinction matters under laws like the General Data Protection Regulation (GDPR). But it also matters in practice. It ensures that your data — and your customers' data — stay under your control. Additionally, we do not use data stored in our systems for our own independent purposes. It is processed only to provide the service you signed up for.

4. Information Nexleon Collects


What You Give Us Directly

Basic details like your name, email address, company, phone number, and country must be entered and shared when registering with Nexleon. But not all fields appear every time. The username, followed by the password, also appears, and both are important during the registration. Moreover, the specific Nexleon tool you choose may require you to include additional information, such as a photo or your time zone. Some fields appear only under specific conditions.

After completing a contact form, attending a webinar, requesting a demo, or downloading a file from our website, you share your data, and your information stays with us. Support messages are saved in the same way whether they are sent via email or live chat. This enables us to react faster in the event that you come back later with a familiar query.

What Gets Collected Automatically

Every time a user visits our website, some technical data is recorded, and this includes your IP address, operating system, browser type, page you came from, and the time you visited. You might not be able to be identified by this information alone. Nonetheless, it may still be regarded as personal data under some laws. In any case, it gives us insight into how people use our website and where it can be made better.

Cookies and other comparable tracking tools are also used by us. Additionally, we monitor general usage trends, such as the most popular pages, visitor durations, and exit points. Section 10 contains all the information about cookies.

What We Receive from Third Parties

If you choose to sign in using Google, Microsoft, or LinkedIn, those services pass your name and email address to us to complete the login. We do not request anything beyond what is needed for that.

Additionally, if a reselling partner or referral programme directed you to Nexleon, they may have shared your contact details with us. We use that information only for the purpose it was passed on for. If you want it removed, write to us at [email protected], and we will sort it out.

We may also come across publicly available information about Nexleon on social media — comments, mentions, reviews. We might collect that to understand feedback better. But if you later delete that post, be aware that we may still hold a record of it.

Data You Entrust to Nexleon

When you use Nexleon's tools, you may upload or manage data that belongs to you — customer details, employee records, or internal business information. This type of data is often called service data.

Here is the important part — you own this data. Not Nexleon. Moreover, Nexleon does not access or look into this data unless it is genuinely required. Access is limited, and it usually only happens in situations like technical support or system maintenance.

Additionally, you stay in control at all times. You can access your service data, export it, or delete it whenever you choose. However, if you close your account, this data is also removed in line with our retention timelines set out in Section 8.

5. How Nexleon Uses Your Information

We only collect your data when it’s actually needed. Here’s what we do with it:

  • Set up your account, keep it safe, and handle the basics.
  • Give you the services you signed up for.
  • Send important emails—these include stuff like password resets, payment receipts, renewal reminders, and security alerts.
  • Let you know if there’s a big change or a new feature that affects your account.
  • Sometimes send marketing emails, but only if you've already agreed to it or if we think they matter to you.

    • Nexleon plays it straight with marketing without complexities, keeping users' needs in mind. You won’t get promotional emails unless you’ve opted in or they genuinely relate to how you use Nexleon. Every message has an unsubscribe link—so if you are not interested in receiving marketing communication, just click it. No worries, your account will stay active. We don’t send spam, and we never share your info with advertisers.

    Apart from communication and marketing, we also use your data to

  • Make the website and platform better, fix bugs, and see where things need improvement.
  • Spot scams and block anything that could put users at risk.
  • Handle the legal stuff—records for tax and audits.
  • Reply to your support questions fast and with real answers.

Just so you know, Nexleon never uses your data to show ads from other companies. We don’t build profiles to sell to data brokers, either. Our business is simple: we earn money when you use our products, not by selling your info.

How we use your data depends on why we’re using it. For account setup and service delivery, it’s because it’s needed to fulfil our contract with you. For analytics and fraud prevention, we have a legitimate interest. For marketing, it's only with your consent, and you can take back that consent whenever you want—nothing changes for things that already happened.

Automation and AI Use

Nexleon uses some automation and basic AI tools to help the platform run better. That might mean sorting support tickets, catching spam, or speeding up responses. Still, your data stays protected. Our systems run within strict limits. We never use your info to train public AI models, and nothing leaves our controlled environment. If we use anonymised data to make improvements, it never includes anything that could identify you.

Using Anonymised and Aggregated Data

Sometimes, your data is stripped of any identifying details. We call this anonymised or aggregated data. Stuff like how many people visit a page or which features get used most. None of it points back to you or anyone else.

This data helps us make Nexleon better without risking your privacy. Once it’s anonymised, there’s no way anyone can trace it back to you—and at that point, it’s not covered under personal data protection laws.

6. Who We Share Your Information With

Nexleon never intends to sell your personal data. Still, there are times when we have to share it, and we want you to know exactly how that works.

First, our team and contractors only access your info when they actually need it to do their jobs. Say you submit a support ticket—someone on support will see your account details. But personnel working for Nexleon in other departments won’t. We’re strict about this.

We also use certain third-party service providers/companies for things like payments, cloud storage, email, or analytics. Those providers only get your data for the job we’ve hired them for, as we require them to follow strong security standards, always.

Sometimes we use sub-processors—trusted partners who help us keep Nexleon up and running. They might handle hosting, email, payments, or analytics. But these companies can’t just do whatever they want with your info. They’re locked into strict agreements and can only use your data for the exact thing we’ve contracted them for. Security matters to us, so if a provider falls short of expectations, we will discontinue our relationship with them. Want the current list of such providers that are associated with us? Just reach out to us at Nexleon via the contact medium mentioned at the end of this policy.

If you signed up through a partner, they get your name and email so they can support you. But you’re free to opt out of their messages whenever you want. If the law says we have to—like if there’s a court order or a regulatory request—we’ll share your info. We’ll also do so to stop fraud, protect user safety, or uphold our own terms.

Finally, if you install a third-party app through Nexleon, we share your name and email with that app’s developer. At that point, their privacy policy takes over, not ours. Definitely check their terms before you install them.

7. Your Privacy Rights

Nexleon treats everyone equally, no matter where you live. Some of these rights are backed by law in certain places, but we offer them to everyone because it just feels right.

  • Data Access

    You can see what personal information we have about you, where it came from, and who we’ve shared it with. If you spot something that’s wrong or outdated, just let us know—or go ahead and update most of your details yourself through your account settings.

  • Data Deletion

    If you want your data deleted, we’ll do that too; normally, this right is called the "right to be forgotten". So if you don’t need your info in our system anymore, just ask and we’ll remove it—unless there’s a law that says we have to keep it for a while.

  • Restriction

    You can ask us to stop using your data in certain situations, like when you don't believe the information we have is true.

  • Portability

    If you got your data through consent or a contract, you can ask us to give it to you in a format that machines can read so you can move it to another provider.
    You can tell us at any time that you don't want us to use your information for direct marketing. If we have a strong legal reason, we can still go ahead, but you can also object to processing based on legitimate interests.

    If you think we didn't handle your data properly, you can file a complaint with your local data protection authority. Send us an email at [email protected] to exercise any of these rights. Our goal is to reply within 30 days. Complex requests might take a little longer, but we'll always let you know.

Data Retention

We keep your data for as long as it is genuinely needed — no longer. For active account holders, that means we hold your information for the life of your account. Once you close your account, data is removed from our active systems within six months. Backup copies are deleted within three months after that. So within nine months of closing your account, your data is gone.

However, some data must be kept longer under law. Financial records, for instance, may need to be retained for several years for tax or audit purposes. In such cases, we keep only the minimum required, with tightly restricted access. Additionally, if there is an unresolved legal matter involving your account, we may retain relevant records until that is settled.

9. Keeping Your Data Secure

Nexleon takes data security seriously. We manage who can access internal systems, encrypt data while it's in transit, and conduct frequent security audits. However, there are always risks associated with online systems. Change your password right away and send us an email at [email protected] if you think your account has been hacked.

We will notify you and the appropriate authorities within the legally mandated timeframes if there is a data breach that could potentially impact your rights or liberties. Our internal protocols for identifying, containing, and evaluating such incidents are routinely reviewed.

10. Cookie Policy

Just imagine cookies like tiny memory joggers that the browser has, and with their presence, the browser remembers you when you return to any particular site. These also help our site run smoothly for you, personalised, and as you expect it to work.

The types of cookies we use


  • The 'Must-Have' cookies (Essential)

    Behind-the-scenes operations are made easier by these kinds of cookies. One of these is there to ensure that you are still the same user you claimed to be when you are using the website and logged in. These are essential to the site's operation and cannot be disabled; their sole purpose is to ensure that you remain logged in.

  • The 'Convenience' cookies (Functional)

    These functional cookies are significant since they remember the choices you made, like your selected language, how you've organised your dashboard, and so on. You can't turn them off, but they just do those simple little things to save you the bother of setting it all up every time you come back.

  • The 'Improvement' cookies (Analytics)

    These tell us how many people are using the site and where people are going on the site and which bits of the site are not so good and confusing for users. The data in this regard is fully anonymous, as we look at trends rather than individual use.

  • The 'Growth' cookies (Marketing)

    Only after we have received a clear "yes" from you will we include one of these. These cookies allow us to assess the effectiveness of our advertising in reaching the target audience. Rest assured that we will not track your progress or show advertisements elsewhere using cookies from third-party organisations.

You're always in control

You can make changes or amend settings at any time; this can be done via our cookie banner that you get to see when you visit us for the first time or your own browser settings. Still, if you decide to disable 'essential' cookies, certain parts of the website might not work right. On the flip side, turning off the 'other' ones won’t change how you browse.

How long do they last?

Session cookies: When the browser is closed, these specific kinds of cookies are removed.

Persistent cookies: These have a shelf life of 30 days to two years generally, but keep in mind that we make use of such cookies; it is so we can identify you the next time you visit, saving you from having to log in each time.

"Do Not Track"

Many browsers may offer you a “Do Not Track” setting, but there’s no universally acceptable set procedure or rule for how websites like ours should handle such requests. That’s why, currently, Nexleon doesn’t respond to “Do Not Track” signals. However, we’re keeping an eye on industry updates, and if a clear standard comes out, we’ll adjust our approach for sure.

11. Australian Privacy Policy (Privacy Act 1988)

Since Nexleon is an Australian company, we abide by the Privacy Act 1988 (Cth). Additionally, we handle data in accordance with the thirteen Australian Privacy Principles (APPs). The entire process of your information, from collection to ultimate deletion, is covered by these regulations.

Below is a simple explanation of how we meet these obligations.

Collection and Transparency (APPs 1–5)

We only collect information that we truly need. Moreover, wherever possible, we collect it directly from you. At the same time, we clearly explain who we are and why we need it. We also tell you who may receive that information.

But there are times when we get data we didn't ask for. In these situations, we quickly delete or de-identify it if there is no legal reason to keep it.

You can also use some parts of our website without giving us any personal information. For instance, you don't need to give any personal information to just browse.

Use, Disclosure and Marketing (APPs 6–8)

At Nexleon, we collect and use your data only for the purpose for which it was collected. Moreover, we may use it for related purposes you would reasonably expect. However, we do not use your data for unrelated reasons without your consent.

For marketing, we keep things controlled. We send messages only if you have opted in or if they are clearly relevant to you. Additionally, every email includes an easy unsubscribe option.

If we share data outside Australia, we take extra care. Moreover, we ensure the recipient follows similar privacy standards. If they don’t, we do not proceed.

Data Quality, Security and Access (APPs 10–13)

Errors happen, and unfavourable incidents do take place, rarely, but they cannot be stopped forever. The same is true for Nexleon. But we at Nexleon always strive to keep your information correct and current. Please let us know if you see anything incorrect, and we'll take care of it.

When we no longer need your data, we securely delete it, though occasionally we will de-identify something instead.

You have the right to view and request a copy of your data at any time, and in most cases, we respond within 30 days. If we are unable to fulfil your request, we will inform you of the next steps and give you an explanation.

Notifiable Data Breaches (NDB Scheme)

Australian law about notifiable data breaches is clear – we have to report some data breaches, especially if there’s a risk of serious harm. When we suspect a breach, we act fast — usually, we investigate within 30 days. If the breach meets the threshold (if the data breach is serious enough by law that it must be reported), we’ll let you know and inform the Office of the Australian Information Commissioner (OAIC).

If you think we’ve mishandled your data, you can always contact the OAIC. But honestly, it’s easier and faster to come to us first — we resolve most problems that way.

Governing Law

This policy follows the laws of Victoria, Australia. Moreover, any disputes will fall under Victorian courts. However, if your local law requires otherwise, that law will apply.

12. Regional Rights — California, UK and South Africa


California (CCPA / CPRA)

If you are in California, you have specific rights under both the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). You can ask what data we collected in the last 12 months. Moreover, you can request deletion or correction.

We do not sell your personal data. However, the right to opt out still exists, and we respect that. Additionally, we do not treat users differently for using these rights.

To make a request, email us. We will verify your identity first. Moreover, we usually respond within 45 days.

United Kingdom Specific Rights (UK GDPR / Data Protection Act 2018)

If you are in the UK, your rights are already listed in Section 7. Moreover, we follow UK GDPR and Data Protection Act 2018 rules when handling your data.

If your data moves outside the UK, safeguards are applied. These may include Standard Contractual Clauses or adequacy decisions.

However, if you feel your rights were not respected, you can contact the ICO. Still, we recommend contacting us first — it is usually faster.

South Africa (POPIA)

POPIA (Protection of Personal Information Act) is applicable to your data if you are in South Africa, and we adhere to it. As per this, in summary, you have the ability to view, update, or remove your data. Additionally, you have the option to reject direct marketing.

You have the option to complain to the Information Regulator if necessary. Furthermore, we only send data across borders when appropriate security measures are in place.

13. Children’s Privacy

Nexleon is designed for adults. We do not knowingly collect data from anyone under 16.

However, if this happens, we act quickly. If a parent or guardian contacts us, we verify the request and delete the data. Additionally, if you use Nexleon to manage your own customers, the responsibility is yours. This is especially true if your customers include minors.

In such cases, you act as the data controller. Moreover, Nexleon only processes data based on your instructions.

14. Data Processing Addendum

If you use Nexleon to manage customer or employee data, you are the data controller. Nexleon, however, acts as a data processor.

To support compliance, we can sign a Data Processing Addendum (DPA). This document explains how we handle data on your behalf.

Moreover, it covers processing details, data types, and security measures. If you need it, just email us.

When data moves across borders, we apply safeguards. These may include Standard Contractual Clauses or adequacy decisions. Additionally, related documents are available on request.

15. Links, Business Transfers and Policy Updates


Third-Party Links

Our website may link to other sites. However, once you leave our site, our policy no longer applies.Each external site has its own rules. So before sharing data, check their privacy policy carefully.

Business Transfers

We are not planning to sell Nexleon. However, if a merger or acquisition happens, your data may be transferred. If that happens, we will inform you clearly. Moreover, the new entity must follow this same policy. Additionally, you can request deletion instead of transfer.

Updates to This Privacy Policy

We may update this policy from time to time. This may happen as laws change or services evolve. For small changes, we update the document quietly. However, for major changes, we give at least 30 days’ notice.

Moreover, if you continue using Nexleon after changes, it means you accept them. If not, you can close your account before the changes take effect.

16. Contact Nexleon

If you have questions or concerns related to Nexleon, specifically regarding this policy, reach out anytime. Irrespective of the fact whether your query is related to access, correction, or complaints, we handle it all.

Email: [email protected]

Phone: +(61) 480 096 295

Address: 540 Springvale Rd, Glen Waverley VIC 3150, Australia

Data Protection Contact

For privacy-specific matters, you can contact our internal team. This includes access requests, deletion requests, or complaints. Moreover, this also applies to data processed on behalf of your organisation. Additionally, every request is reviewed carefully, which means there is no place for automated replies, and every request is handled by a real person.

We aim to respond within 30 days. However, complex cases may take up to 45 days. If so, we will inform you in advance.

Scroll to Top