Privacy Policy

Introduction

At Nexleon Helpdesk (“Nexleon,” “we,” “us,” or “our”), we build cloud-based software that keeps customer support running smoothly. Teams can effectively manage conversations, tickets, and service tasks without incurring inefficiencies or degrading quality standards thanks to our platform’s ability to cut through the clutter.

Let’s face it, though: tickets and numbers are never the only factors. Every message has a person behind it. It might be a client seeking assistance. Perhaps a teammate is voicing an issue. In any case, we treat what they have in common as important.

For us, privacy isn’t just fine print hidden in our contracts or a checkbox.  It is like being dependable or providing genuine support; it’s a core of what we do. We won’t say we’re perfect in terms of offering you our privacy policy and expected standards, but we monitor the risks, closely watch over who has access, and will always be honest with you about how we handle your data.

This Privacy Policy explains, in straightforward terms:

  • What information Nexleon collects
  • How and why that information is used
  • Where information may be stored or processed
  • When information may be shared
  • What rights users and customers have
  • And other related topics

This policy applies to anyone who interacts with the Nexleon Helpdesk, including administrators, authorized users, customers submitting tickets, trial users, and visitors to Nexleon websites.
 Employee records are excluded and governed separately.

Nexleon follows the Australian Privacy Act 1988 and the Australian Privacy Principles. For users outside Australia, Nexleon sticks to GDPR rules too, when needed. So, with that out of the way, let’s talk about what actually counts as personal information.

2. What Is Personal Information?

Simply put, “personal information” refers to any type of data that can be reasonably used to identify an individual, either by itself or in combination with other data.

This includes common identifier data such as

  • Name
  • Email address
  • Phone number
  • Company name and role
  • Login credentials

It also includes technical identifiers such as:

  • IP address
  • Device and browser information
  • Location data (at a general level)
  • Usage activity within the platform

In rare cases, private information may show up in support tickets—hidden inside messages, files, images, or conversation records. When users struggle with problems, they might share something personal without meaning to. Although Nexleon never requests such data, it recognizes slips can occur. Anything confidential is handled carefully every single time.

What exactly does Nexleon gather, then? Let’s get into that next.

3. Categories of Information Nexleon Collects

3.1 Account and User Information

When an account is created or managed, Nexleon collects basic details needed to operate the service. This includes:

  • Full name
  • Business email address
  • Phone number
  • Company name
  • Job title or role
  • Username and password (stored securely)
  • Account preferences and configuration settings

Optional information, such as profile photos or additional preferences, may also be added by users. However, these are not mandatory.

3.2 Ticket, Chat, and Support Interaction Data

When users or customers interact with Nexleon Helpdesk, information is generated as part of normal operations. This includes:

  • Ticket messages and replies
  • Live chat conversations
  • Email correspondence
  • Time and date of interactions
  • Internal notes added by agents
  • Files, images, or documents attached to tickets

Because of these details, Nexleon Helpdesk runs the way it should. The process involves monitoring issues that are occurring, then fixes following, and improvement comes alongside after that. Because of this, problems that stick around get spotted easier, which helps make the system more reliable over time.

3.3 Technical, Device, and Usage Information

Nexleon automatically collects certain technical information when users access the platform. This includes:

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Date and time of access
  • Pages visited and features used

This information supports security, system stability, troubleshooting, and performance improvements. However, it is not used for advertising or selling user profiles.

3.4 Billing and Payment Information

For paid subscriptions, Nexleon collects:

  • Subscription plan details
  • Billing status
  • Invoice history
  • Payment confirmations

Nexleon servers never store complete credit card numbers. Usually, third-party payment companies that adhere to industry-recognized security standards handle payments.

3.5 Communications and Feedback

Emails, forms, surveys, and feedback channels used by users to communicate with Nexleon are recorded. This aids us at Nexleon in tracking problems, responding appropriately, and enhancing services.

The following section describes how this information gets to Nexleon now that the types of information are clear.

4. How Information Is Collected

Information is collected through a combination of direct actions and automated systems.

4.1 Information Provided Directly by Users

Most information is provided voluntarily when users:

  • Register for an account
  • Submit support ticket
  • Upload files
  • Change account settings
  • Contact customer support

4.2 Information Collected Automatically

Some information is collected automatically when users interact with Nexleon Helpdesk. This includes:

  • System logs
  • Usage metrics
  • Security monitoring data

These processes are standard for cloud software and are necessary to maintain service quality.

4.3 Information From Third Parties

In limited cases, Nexleon may receive information from:

  • Payment processors
  • Integration partners
  • Infrastructure providers

This only happens when required to deliver the service.

With collection covered, the next step is understanding why Nexleon uses this information.

5. Why Nexleon Uses Personal Information

Nexleon uses personal information only when there is a clear operational, security, or legal purpose.

Information is used to:

  • Provide and operate Nexleon Helpdesk
  • Create and manage user accounts
  • Process and resolve support tickets
  • Help customers and troubleshoot tech issues
  • Handle subscriptions and billing
  • Keep an eye on performance and reliability
  • Make features better and the whole experience smoother
  • Spot and stop fraud or misuse
  • Follow all legal and regulatory rules

Nexleon doesn’t sell your personal information or use it for third-party ads.

6. Legal Grounds for Processing (Where Applicable)

Depending on jurisdiction, Nexleon processes information based on:

  • Contractual necessity
  • Legitimate business interests
  • User consent
  • Legal obligations

Where consent is required, users may withdraw it. However, doing so may limit access to certain services.

6.1 Data Controller vs. Data Processor: What’s the Difference?

6A. Data Controller and Data Processor Roles

Your usage of the platform will determine how Nexleon Helpdesk manages your data. Nexleon acts as a data controller on occasion. At other times, we are merely the data processor. These positions follow the guidelines set by data protection regulations such as the GDPR (General Data Protection Regulation)

When Nexleon is the Data Controller: 

Nexleon takes on the Data Controller role when we decide why and how your personal information gets processed. Here’s when that happens:

  • We take care of authentication and user account management.
  • We handle payments, subscriptions, and bills.
  • Our websites are managed by us.
  • We manage marketing improvements and disseminate product news.
  • We uphold our platform’s security, avoid fraud, and comply with legal requirements.

In each of these situations, Nexleon sets the direction and is solely responsible for making sure that your data is handled in compliance with privacy laws.

When Nexleon is the Data Processor

When companies use Nexleon Helpdesk to assist their own teams or clients, things change. Nexleon only handles personal data in these situations in accordance with the customer’s directives. This is what it includes:

  • Support tickets, chats, and emails from end users
  • Customer contact info uploaded by our customers
  • Files, images, or documents attached to tickets
  • Conversation histories and notes written by customer agents

Here, the business using Nexleon is the Data Controller. We just follow their lead, processing data solely to deliver the Helpdesk services they need. Nexleon never uses this customer-controlled data for its own purposes.

6B. Data Processing Agreement (DPA)

Nexleon provides a Data Processing Agreement (DPA) if you are subject to the GDPR, UK GDPR, or comparable data protection regulations.

This DPA spells out Nexleon’s obligations as a Data Processor, including:

  • What kind of data we process, why, and for how long
  • The types of personal data involved
  • Which groups of people the data covers
  • Our security and confidentiality commitments
  • How we handle sub-processors
  • What happens when there’s a data breach
  • How we help with data subject rights requests
  • Data deletion or return when your service ends

The DPA checks all the boxes for Article 28 of the GDPR and similar laws.

If your business is subject to GDPR, UK GDPR, or similar privacy laws, the Data Processing Agreement (DPA) becomes a formal part of your contract with Nexleon. This means its terms are legally binding and govern how your data is handled while using our service.

6C. Sub-processors and Third-Party Service Providers

To keep Nexleon Helpdesk running smoothly and securely, we team up with trusted third-party service providers—our sub-processors. They handle personal information for us, but only as needed to deliver their specific services.

Here’s what these partners help with:

  • Cloud hosting and infrastructure
  • Data storage and backups
  • Email delivery and communication
  • Payment processing and billing
  • Security monitoring and performance analytics

We make sure our sub-processors follow our instructions and use personal data strictly for the jobs we hire them to do. Every provider signs a written agreement, sticks to clear purposes, keeps strong security in place, and respects all relevant data protection laws.

If you want to see the latest list of our sub-processors, along with what they do and where they’re based, just ask us by reaching out to us using the contact information available at the bottom of this policy.

We update our sub-processors as our business grows. If the law says so, we’ll give you a heads-up about major changes and give you a fair chance to raise any concerns.

6.2  Personal Data Breach Notification

At Nexleon, we take data security seriously. We have clear steps to spot, investigate, and handle any personal data breach.

If we confirm a breach that affects personal information we process, here’s what happens:

  • First, we dig in right away to figure out the size, impact, and risk of the incident.
  • If we’re acting as a data processor, we’ll notify the relevant customer as soon as we know about the breach.
  • If we’re the Data Controller, we’ll reach out to affected individuals and, when the law says so, notify the right regulatory authorities.

For customers covered by the GDPR, we make sure to send breach notifications quickly so you can meet your Article 33 obligations—including that 72-hour deadline, if it applies.

When we send a breach notification, here’s what you can expect if we’ve got the details:

– What happened and the nature of the breach

– The types and rough number of people and records involved

– What’s likely to happen because of the breach

– What steps we’re taking (or plan to take) to fix and limit the damage

Not every security incident counts as a personal data breach. We only send notifications when an incident legally meets the definition under data protection laws. 

6.3  Automated Decision-Making and Profiling

At Nexleon Helpdesk, we don’t let machines make big decisions about you—especially not the kind that can seriously affect your life or carry legal weight. No one here relies on automated processes or profiling to decide whether you get our services, whether your contract or payment goes through, or to judge your work or behavior for legal or job reasons.

 When it comes to decisions that matter, real people are always involved. We believe that’s how it should be.

In compliance with GDPR and other applicable data protection laws, if we ever do decide to use automated decision-making or profiling in a way that’s covered by data protection laws, we’ll give you a heads-up first. And we’ll make sure all the right safeguards are in place, just like the law says.

7. Sharing and Disclosure of Information

Nexleon does not sell or rent personal information.

However, information may be shared in limited situations, including with:

  • Cloud hosting and infrastructure providers
  • Payment and billing partners
  • Analytics and monitoring service providers
  • Legal, financial, or professional advisers
  • Regulatory authorities, when legally required
  • A successor entity, in the event of a merger or acquisition

All third parties are required to use information only for agreed purposes and maintain appropriate security measures.

7.1 Law Enforcement and Government Requests

Sometimes, government agencies, law enforcement, or courts contact Nexleon for access to personal information. When that happens, we take it seriously.

  • First, we check every request to make sure it’s legal and actually valid.
  • If we must share something, we only give the minimum required to meet our legal obligations—nothing more.
  • We also let you know if your data is involved, unless the law or a court order says we can’t.
  • Every request and every disclosure get documented, so there’s always a real record of what happened and why.

 Nexleon never gives any authority access to personal information for marketing or anything unrelated to the law. And if a request feels too broad or doesn’t line up with the law, we push back. That’s just how we aim to protect your privacy while staying on the right side of the law.

7.2 Backup, Disaster Recovery, and Business Continuity

At Nexleon, we know your data isn’t just numbers and files—it’s the backbone of your business. That’s why we’ve put serious effort into building systems that keep your information safe and make recovery fast if something ever goes sideways.

We regularly create backups of our platform and personal data, which we then store in safe, encrypted places. If there’s a system crash or outage, our cloud infrastructure kicks in right away to get services back online.

We make sure you stay up and running—no excuses. Hardware fails, hackers strike, and storms happen, but Nexleon is ready for all of it. Our plans don’t just sit on a shelf. We actually test and monitor our backup and recovery systems all the time, so when something goes wrong, you’re covered. That’s how we keep your business moving and downtime to a minimum.

We’ll be straight with you: no system is flawless. But we work hard to protect your data and get you back online fast when trouble hits. That’s our promise.

8. International Data Storage and Transfers

Nexleon uses modern cloud infrastructure. As a result, data may be stored or processed outside Australia.

Nevertheless:

  • Security safeguards remain consistent
  • Privacy principles continue to apply
  • Transfers are handled lawfully

Appropriate contractual protections are used where required

9. Data Security Measures

Nexleon takes security seriously and implements:

  • Encrypted data transmission
  • Access controls and authentication
  • Secure hosting environments
  • Limited internal access

While no system is entirely risk-free, Nexleon works to reduce risk and respond quickly to incidents.

9A. Do Not Track and Global Privacy Control

Some browsers and devices let you request “don’t track me” using features like Do Not Track (DNT) or Global Privacy Control (GPC).

At Nexleon, your privacy matters to us. Right now, our platforms and websites don’t automatically respond to DNT or GPC signals. But that doesn’t mean we take your data lightly. We still follow this Privacy Policy and hold ourselves to high security standards.

Here’s what you need to know:

  • Nexleon’s privacy and data practices still protect your browsing choices.
  • We don’t sell your data or track what you do for ads unless you give us the green light.
  • You have control—manage tracking through cookies, your settings, or third-party tools (see Section 13 for details).

And if anything changes with how we handle DNT or GPC in the future, we’ll update this Privacy Policy and keep you in the loop.

10. Data Retention Practices

Personal information is retained only for as long as necessary.

Information may be kept to:

  • Operate the platform
  • Meet legal requirements
  • Resolve disputes
  • Enforce agreements

Once no longer required, data is deleted or anonymized.

11. Your Privacy Rights and Choices

You have real control over your personal information, and we try to make everything convenient for you. At Nexleon Helpdesk, we’ve set up clear ways for you to see, manage, and decide what happens to your data.

11.1 Access to Your Information

Are you curious about what information we have about you? Simply ask. Got questions about your data or need them for things related to your account, help requests, how often do you use things, payments, and chat? No worries since we’ve got records. When you ask, we’ll share exactly what data we possess and how it was collected. Moreover, you can put in request to seek anything else related to assessing your information that you may need.,

We typically handle these requests in less than 30 days and don’t charge for typical situations. We may impose a small admin fee if you begin making a lot of repetitive or excessive requests, but we’ll notify you beforehand.

11.2 Correction of Information

You can correct any errors, omissions, or out-of-date information you find. You can change the majority of things in your account settings. Just get in touch with us, and we’ll handle things like billing records or support logs and anything else that you need to correct your information or that of the third party or individual you are representing.

11.3 Deletion of Personal Information

Sometimes information deletion is possible in cases such as if your data isn’t needed anymore, you’ve taken back permission, there was a handling error, or legal rules demand removal. Yet at times information stays simply because laws require finishing a transaction, preventing fraud, keeping things secure, or dealing with legal claims. We’ll explain why we can’t erase everything, and we’ll remove what we can in case questions are put up for these.

11.4 Data Portability

If the law says so, you can get your data in a format you can use elsewhere. We’ll give you what we can in standard files like CSV or JSON—whatever works technically.

11.5 Objection and Restriction

You don’t have to agree with every way we use your data. If you want us to stop certain kinds of processing—especially if we say it’s for our “legitimate interests”—just let us know. For marketing, we stop right away. Sometimes, you can also ask us to put things on pause while we investigate your issue.

11.6 Withdrawal of Consent

If we’re using your info because you said yes, you can take back that consent anytime. This won’t change what we did before, but it might limit some features that need your data.

11.7 Marketing Preferences

When it comes to the marketing you receive from us, you are always in control. Do you want to be informed? Fantastic. Would you rather have fewer updates? That is also acceptable. Simply send us an email or have a direct conversation with us, whichever is more convenient for you. You won’t lose access to the necessities if you choose not to participate in marketing. Important information, such as payment details and security alerts, will still be sent to you. Regardless of the promotions, the important information flow towards you continues.

11.8 How to Make a Request Regarding Your Rights

Simply contact us using the information provided in this policy to exercise any of your rights. We’ll confirm it’s you, usually by requesting some information from your account. At Nexleon, we will typically respond to you within 30 days. We’ll keep you informed if things take longer. We’ll explain why we can’t fulfill your request and walk you through your other options.

12. Additional Rights by Region

EEA, UK, and Switzerland

If you’re in these areas, you can complain to your local data protection authority and ask about international data transfers if you believe we’ve violated GDPR. We don’t make decisions about the right to refuse automated decision-making (though we don’t currently make solely automated decisions that significantly affect you)

California (CCPA / CPRA)

If you’re a California resident, you get some real power over your personal info since the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide specific rights. You can see it, fix it, delete it, or even limit how we use your data. And don’t worry—we never sell your personal information, ever. Do you want someone to handle this task of data deletion for you? No problem. Just make sure we can confirm they’re actually working for or representing you.

Australia

Living in Australia and feel like your privacy got trampled? We always work under the guidelines to comply with the Privacy Act 1988 (CTH), Australian Privacy Principles (APPs), and applicable GDPR provisions. The Office of the Australian Information Commissioner (OAIC) is there for you. Still, try reaching out to us first. We’re usually quick to help and can clear things up without all the red tape.

13. Cookies and Similar Technologies

Cookies are little files that appear on your device when you access any website, and you experience them when you visit Nexleon site as well. Like digital sticky notes, they help the website remember who you are. Some disappear the moment your browser shuts, while others stay in place until you delete them or they expire.

Types of Cookies We Use

Essential Cookies (very important)

These are important for the platform’s operation. They ensure the functionality and security of your account. For example, they keep track of your login information and the preferences you’ve set. You would be unable to log in or navigate the website without them.

Analytics and Performance Cookies

These improve our understanding of how users engage with the website. They tell us which features people test, which sites get attention, and if anything is broken. Our goal is to discover problems and continuously improve your experience, not to spy on you.

Preference or Functional Cookies

Such cookies remember the little things you select or prefer, making the site feel more personal when you return. such as your theme, display preferences, or language. They just make Nexleon feel more familiar; they don’t follow you around the internet.

Cookies for marketing or optional purposes

We occasionally use tools to share promotions or establish a connection with you. These only appear when you give them permission. Without your consent, we don’t sell your information or track you for advertisements.

Managing Cookies and Your Consent

You’re in control here. With your browser, you can switch cookies off, wipe them away, or even stop specific ones at any time. If you go ahead with any such acts, features such as keeping preferences saved or remaining signed in might break a little.

Your continued use of our websites means you agree to cookie usage just like described on this page. When it comes to non-essential tracking, permission is something we seek ahead of time.

Email services, tracking tools, and messaging apps are examples of third-party apps that may install their own cookies on your device. When your information is shared with these services, their privacy rules apply, not Nexleon’s. To learn how your data is handled, it’s a good idea to review their policies. We carefully choose our partners and only collaborate with businesses that adhere to our security and confidentiality requirements.

Why Cookies Matter

Cookies manage a lot behind the scenes, despite their little size. Your internet site visits remain consistent as a result of them; issues are promptly resolved, but preferences endure. When you take a break, your settings stay exactly the same. When you get back, everything just goes smoothly.

14. Third-Party Integrations

Third-party tools like calendars, messaging apps, email platforms, and CRM systems are all integrated with Nexleon Helpdesk. Although these integrations increase functionality, they might require data sharing with outside services.

By connecting an integration, you give Nexleon permission to exchange data with that service. The integration and settings determine what kind of data is shared. For example:

  • Email tools may access message content, sender details, and attachments
  • CRM systems may sync customer records and interaction history
  • Chat platforms may receive conversation data and participant information
  • Calendar tools may access scheduling details

Sharing data with an outside calendar app might mean their privacy policy rules apply instead of ours. If that happens, Nexleon cannot manage or answer how those platforms treat your details. Their policies determine what happens to your info—how it is kept safe, used, or saved.

Look closely at what access they ask for, how they protect data, and what their terms allow before linking anything up. Remember this: after you send data away, it stays under someone else’s rules and policies’ umbrella—even if you leave later.

Disconnecting an integration does not automatically pull your data back. Some third-party tools may also use their own cookies or tracking tools, which follow their own privacy rules, not yours.

15. Children’s Privacy

Nexleon Helpdesk is built for business—it’s not meant for kids. We don’t intentionally collect personal data from anyone under 16 (or under 13 if certain laws apply), and we follow the guidelines of the Australia Child Protection Act 1999 (Qld) and the Care and Protection of Children Act 2007 (NT). Users must be of legal age in accordance with their home country’s laws to sign a contract, as explicitly stated in our Terms of Service. It is your duty to ensure that you and each member of your team, or the person you are representing, satisfy the age requirements when creating accounts for them.

We will quickly remove any information we may have unintentionally collected from a child. Do you think we may have information about a child? Tell us immediately, and we’ll act as quickly as we can.

16. Policy Updates

This Privacy Policy is completely under Nexleon’s control and may be updated or changed from time to time due to

  • Legal updates
  • Platform enhancements
  • Business growth

Updated versions will be published, and significant changes may be communicated directly.

17. Contact Information and Complaints

For privacy-related questions or requests:

Email: [email protected]
Phone: +(61) 480 096 295
Address: CORPORATE HQ 540 Springvale Rd, Glen Waverley VIC 3150

If concerns are not resolved, users may contact the Office of the Australian Information Commissioner (OAIC).

Book for Demo
Book for Demo
Scroll to Top