nextap.idnextap.id

Privacy Policy

Last updated: March 2, 2026

1. Who We Are

nextap.id ("we", "us", "our") operates the nextap.id website and mobile application — an NFC-powered digital business card platform. We are the data controller responsible for your personal data.

If you have any questions about this Privacy Policy, please contact us at: privacy@nextap.id

2. What Data We Collect

We collect and process the following categories of personal data:

a) Account Data

  • Name, email address
  • Profile information you provide (job title, company, bio, photo)
  • Social media links and contact details you choose to share

b) NFC Card Data

  • Card code (unique identifier linked to your NFC card)
  • Card pairing and activation timestamps

c) Usage Data

  • NFC scan events (when your card is scanned, timestamp)
  • Connection requests and their status
  • Device type and browser information (automatically collected)

d) Payment Data

  • Payment information is processed securely by our payment provider (Stripe). We do not store full credit card numbers on our servers.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b)) — to provide you with our services, manage your account, and process NFC card orders.
  • Consent (Art. 6(1)(a)) — for optional profile information you choose to make publicly visible and marketing communications.
  • Legitimate interest (Art. 6(1)(f)) — to improve our services, prevent fraud, and ensure platform security.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable tax, accounting, and regulatory requirements.

4. How We Use Your Data

  • To create and manage your digital business card profile
  • To display your public profile when your NFC card is scanned
  • To facilitate connections between users
  • To process orders and deliver NFC cards
  • To send service-related notifications
  • To improve and develop our platform
  • To detect and prevent fraud or abuse

5. Public Profile Visibility

When someone scans your NFC card or accesses your card link, your public profile information (name, job title, company, bio, photo, and social links) will be visible to them. This is the core functionality of our service.

You have full control over what information you include in your profile. You can update or remove any profile data at any time through the nextap.id app.

6. Data Sharing & Third Parties

We share your data only with the following third parties, as necessary:

  • Supabase — cloud database and authentication provider (data processing)
  • Stripe — payment processing
  • Vercel — website hosting
  • Google / Apple — app distribution (Play Store / App Store)

We do not sell your personal data to any third party. All third-party processors are bound by data processing agreements and comply with GDPR requirements.

7. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's adherence to an adequacy decision.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal or regulatory purposes.

NFC scan logs are retained for up to 12 months for analytics purposes and are then automatically deleted.

9. Your Rights (GDPR Art. 15–22)

As a data subject in the EU/EEA, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — restrict processing in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, contact us at privacy@nextap.id. We will respond within 30 days.

10. Cookies & Tracking

Our website uses only essential cookies required for the service to function. We do not use third-party tracking cookies or advertising cookies. If this changes in the future, we will update this policy and request your consent.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

12. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with your local data protection authority (supervisory authority) in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

15. Contact

For any privacy-related questions or requests, please contact us:

nextap.id
Email: privacy@nextap.id