Privacy Policy

Last updated: December 2024

1. Introduction

Nessun ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products, services, applications, and platforms ("Services").

This policy applies to all users of our Services, including individual users and organizations.

2. Information We Collect

2.1 Information You Provide

Information you provide to us may include, but is not limited to:

For Organization Accounts:

• Organization name and details
• Contact information (email, phone)
• Billing and payment information
• Team member information and structure

For Individual Accounts:

• Name and email address
• Profile information and preferences
• User-generated content
• Communications and interactions within our Services

2.2 Location Information

We collect location data when you use location-based features of our Services, such as check-ins or location sharing. Location information may include:

• GPS coordinates
• WiFi access points
• Cell tower information
• Manual location input

Important: Location information is collected only when you explicitly use location-based features. We do not collect location data in the background or without your knowledge and consent.

2.3 Automatically Collected Information

• Device information (type, operating system, browser)
• IP address and general location (city/country)
• Usage data (features used, time spent, interactions)
• Log data (access times, errors, performance metrics)

2.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns
• Improve our Services

You can control cookies through your browser settings.

3. How We Use Your Information

3.1 To Provide and Improve Services

• Deliver the features and functionality you request
• Process transactions and manage subscriptions
• Generate reports, analytics, and insights
• Facilitate communication and collaboration
• Identify and fix technical issues
• Develop new features and improvements
• Conduct research and testing

3.2 To Communicate

• Send service updates and notifications
• Respond to support requests
• Provide billing and account information
• Share important policy changes
• Send marketing communications about new features, products, or offers (you can opt out at any time)

3.3 Legal and Security

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against fraud and abuse
• Ensure platform security

4. How We Share Your Information

4.1 Within Your Organization

For workforce management services, user data may be shared with:

• Organization administrators
• Authorized managers and supervisors
• Other users as permitted by organization settings

Organizations control access to user data within their account.

4.2 Service Providers

We share limited data with trusted third-party service providers who assist us with:

• Cloud hosting and infrastructure
• Payment processing and billing
• Email delivery and communications
• Analytics and performance monitoring
• Customer support tools

These providers are contractually obligated to protect your data and use it only for specified purposes. We do not share the specific identity of our service providers to maintain operational flexibility.

4.3 Legal Requirements

We may disclose information when:

• Required by law or legal process
• Necessary to protect our rights or property
• Required to prevent fraud or security threats
• Needed to enforce our Terms of Service

4.4 Business Transfers

If Nessun is involved in a merger, acquisition, or sale, your information may be transferred. We'll notify you before your information becomes subject to different privacy practices.

4.5 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

5.1 Security Measures

We implement security measures appropriate to the sensitivity of the data, including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and updates
• Access controls and authentication
• Secure backup procedures

5.2 Your Responsibility

You're responsible for:

• Keeping your password secure
• Logging out of shared devices
• Reporting suspected security breaches
• Using strong, unique passwords

5.3 No Guarantee

While we use reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your data.

6. Your Rights and Choices

6.1 Access and Correction

You have the right to:

• Access your personal information
• Correct inaccurate data
• Update your profile information
• Export your data

Contact us at [email protected] to exercise these rights.

6.2 Data Deletion

Employees can:

• Request deletion of their account and data
• Note: Employers may retain certain data for legal or business purposes

Organizations can:

• Delete their entire account and all associated data
• Export data before deletion
• Request permanent deletion after 30-day grace period

6.3 Opt-Out Rights

You can opt out of:

• Marketing communications (via unsubscribe link or account settings)
• Non-essential notifications (in account settings)
• Cookies (via browser settings)

You cannot opt out of essential service communications (security alerts, billing notices, legal updates).

6.4 Region-Specific Rights

European Union (GDPR):

• Right to access, rectification, and erasure
• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent

California (CCPA):

• Right to know what data is collected
• Right to delete personal information
• Right to opt out of data sales (we don't sell data)
• Right to non-discrimination

Colombia (Habeas Data):

• Right to access and update personal data
• Right to request deletion
• Right to revoke consent
• Right to file complaints with authorities

Brazil (LGPD):

• Rights similar to GDPR
• Right to data portability
• Right to information about public and private data sharing

7. Data Retention

7.1 Active Accounts

We retain your data while your account is active and for legitimate business purposes.

7.2 After Account Deletion

• Data is retained for 30 days to allow account recovery
• After 30 days, data is permanently deleted
• Some data may be retained longer as required by law (tax records, legal disputes)

7.3 Aggregated Data

We may retain anonymized, aggregated data indefinitely for analytics and research purposes. This data cannot identify you or your organization.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Adequacy decisions by data protection authorities
• Your explicit consent where required

9. Children's Privacy

Our Services are generally not intended for users under 16 years of age. Certain products may be suitable for younger users with parental consent. We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent.

If we learn we have collected information from a child under 13 without proper consent, we will delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at [email protected].

10. Third-Party Links

Our Services may contain links to third-party websites. We're not responsible for their privacy practices. Review their privacy policies before providing information.

11. Changes to This Policy

We may update this Privacy Policy periodically. We may notify you of material changes via:

• Email notification
• In-app announcement
• Notice on our website

Your continued use of our Services after changes constitutes acceptance of the updated policy. We encourage you to review this policy regularly.

12. Contact Information

For questions about this Privacy Policy:

• Email: [email protected]
• Privacy: [email protected]
• Legal: [email protected]
• Address: Bogotá, Colombia

If you believe we've mishandled your data, you can:

1. Contact us directly at [email protected]
2. File a complaint with your local data protection authority

Colombia: Superintendencia de Industria y Comercio (SIC) EU: Your country's data protection authority California: California Attorney General

14. Contact Information

For questions about this Privacy Policy:

• Email: [email protected]
• Privacy: [email protected]
• Legal: [email protected]
• Address: Bogotá, Colombia

Summary for Quick Reference

What we collect:

• Account information, usage data, and information you provide while using our Services

Location data:

• Only collected when you use location-based features (never in the background)

Why we collect it:

• Provide and improve Services, ensure security, communicate with you

Who we share with:

• Service providers as necessary (never sold for marketing)

Your rights:

• Access, correct, and delete your data

How to contact us:

• [email protected] or [email protected]