NexaDesk

Privacy Policy

Last updated: March 30, 2026

Nexa Systems Inc (“we”, “us”, or “our”) operates the NexaDesk platform, including the NexaDesk website, web application, WordPress plugin, chat widget, and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using NexaDesk, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Service.

1. Definitions

  • Service refers to the NexaDesk platform, including the website at nexadesk.ai, the web application, WordPress plugin, chat widget, APIs, and all related services.
  • Personal Data means data about a living individual who can be identified from that data.
  • Usage Data means data collected automatically, generated by the use of the Service or from the Service infrastructure.
  • Cookies are small files stored on your device.
  • Data Controller means the entity that determines the purposes and means of processing Personal Data. When you use NexaDesk as an end user, the business that deployed the NexaDesk widget is the Data Controller.
  • Data Processor means the entity that processes data on behalf of the Data Controller. Nexa Systems Inc acts as a Data Processor when handling visitor data on behalf of our customers.
  • Visitor refers to an individual who visits a website where the NexaDesk chat widget or WordPress plugin is installed.
  • Customer refers to an individual or entity that has registered for a NexaDesk account to use our Service.

2. Information We Collect

2.1 Account Information (Customers)

When you create a NexaDesk account, we collect:

  • Name (first and last)
  • Email address
  • Organisation name
  • Password (encrypted)
  • Billing information (processed by our payment provider; we do not store full card details)

2.2 Visitor Data (Collected via Chat Widget & WordPress Plugin)

When the NexaDesk chat widget or WordPress plugin is installed on a customer’s website, the following data may be collected from website visitors:

Personal Information

  • Name, email address, phone number, and company name (when voluntarily provided through chat or forms)
  • IP address

Device & Browser Information

  • Device type (Desktop, Mobile, Tablet)
  • Browser name and version
  • Operating system
  • Screen resolution

Location Data

  • Approximate geographic location derived from IP address (city, country, coordinates)

Browsing & Behavioural Data

  • Pages visited (URL, page title, page type)
  • Time spent on each page (dwell time)
  • Scroll depth (percentage of page scrolled)
  • Click interactions (call-to-action buttons, phone number clicks)
  • Navigation path (last 30 pages visited per session)
  • Session data (session ID, visit count, return visit patterns)
  • Referrer information and UTM parameters

Form Submission Data

The WordPress plugin integrates with popular form builders (Contact Form 7, WPForms, Gravity Forms, Formidable Forms) and may capture:

  • Name, email, phone, company, and message content submitted through forms
  • Form name, source, and page URL

E-Commerce Data (WooCommerce Integration)

  • Products viewed (name, price, category, SKU)
  • Cart contents (items, quantities, total amount)
  • Checkout page visits

Engagement & Intent Scoring

We calculate an engagement score based on visitor behaviour signals such as return visits, page dwell time, scroll depth, form submissions, and specific page views (e.g., pricing pages). This score helps our customers identify high-intent visitors.

2.3 Chat & Conversation Data

  • Messages exchanged between visitors and the AI chatbot or human agents
  • Conversation metadata (timestamps, status, channel)
  • Files or attachments shared during conversations

2.4 WhatsApp Business Data

If you connect a WhatsApp Business channel, we process messages sent and received through the WhatsApp Business Cloud API on your behalf. This includes message content, phone numbers, message status (delivered, read), and template message data. We act as a technical service provider facilitating communication between your business and your customers via Meta’s WhatsApp Business Platform.

2.5 Usage Data

We automatically collect information about how you interact with the NexaDesk platform, including pages visited, features used, session duration, and performance metrics.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process transactions and manage subscriptions
  • To provide customer support
  • To send service-related communications and updates
  • To provide visitor analytics and engagement insights to our customers
  • To power AI-driven chatbot responses
  • To detect and prevent fraud, abuse, or security threats
  • To comply with legal obligations
  • To generate aggregated, anonymised analytics for service improvement

4. Visitor Tracking & WordPress Plugin

The NexaDesk WordPress plugin and chat widget enable our customers to understand how visitors interact with their websites. Key tracking features include:

  • Page View Tracking: Records which pages visitors view, how long they stay, and how far they scroll.
  • Click Tracking: Monitors clicks on phone numbers (tel: links) and call-to-action buttons.
  • Form Submission Tracking: Captures form submissions from supported form plugins.
  • Return Visitor Detection: Identifies returning visitors and tracks visit frequency.
  • Intent Scoring: Calculates engagement scores to help identify high-intent visitors.
  • Real-Time Monitoring: Provides live visitor information including current page, location, and device.
  • Bot Detection: Identifies and optionally excludes automated traffic from analytics.

Customers can configure tracking settings including:

  • Enabling or disabling specific tracking features (page views, click tracking, scroll depth, form submissions)
  • Excluding specific IP addresses or ranges from tracking
  • Excluding search forms and login forms from capture

5. Cookies & Tracking Technologies

  • Essential Cookies: Required for the Service to function (session management, authentication, preferences).
  • Analytics Cookies: Help us understand how users interact with the platform to improve the Service.
  • Widget Session Storage: The NexaDesk chat widget uses browser storage to maintain conversation state, visitor identification, and session data.

You can configure your browser to refuse cookies. However, some features of the Service may not function properly without them.

6. Data Storage and Security

Your data is stored on secured servers with encryption at rest and in transit (TLS 1.2+). We implement per-tenant data isolation, meaning each organisation’s data is logically separated from other tenants. We employ industry-standard security measures including access controls, audit logging, and regular security assessments.

Data is primarily stored in Canada unless otherwise specified in your service agreement. Data may be transferred to and processed in other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your information to these locations.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

  • Account Data: Retained while your account is active and for a reasonable period thereafter for legal and business purposes.
  • Visitor Data: Retained according to each customer’s configured retention policies.
  • Conversation Data: Retained per the customer organisation’s retention settings.
  • Upon Termination: Data is deleted or anonymised within 90 days of account termination, unless legally required to retain it.

You may request earlier deletion of specific data by contacting us.

8. Third-Party Services

We share data with the following categories of third-party service providers, strictly as needed to deliver our services:

  • Meta / WhatsApp Business Platform — for processing WhatsApp messages. Meta’s use of data is governed by their own privacy policy.
  • OpenAI — for AI-powered features such as message suggestions and conversation analysis. We send only the minimum data necessary and do not permit use of your data for model training.
  • Stripe — for payment processing. We do not store full credit card numbers on our servers.
  • IP Geolocation Services — for determining approximate visitor location from IP addresses.
  • Infrastructure Providers — for hosting, database, and content delivery services.

We do not sell your personal information to third parties.

9. PIPEDA Compliance (Canada)

As a Canadian company, Nexa Systems Inc complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). We adhere to the ten fair information principles set out in PIPEDA, including accountability, consent, limiting collection, and safeguards. You have the right to:

  • Access your personal information held by us
  • Request correction of inaccurate information
  • Withdraw consent for the collection, use, or disclosure of your information
  • File a complaint with the Office of the Privacy Commissioner of Canada

10. GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights:

  • Right of Access — Request copies of your personal data.
  • Right to Rectification — Request correction of inaccurate data.
  • Right to Erasure — Request deletion of your personal data.
  • Right to Restrict Processing — Request that we limit how we use your data.
  • Right to Data Portability — Request transfer of your data in a structured, machine-readable format.
  • Right to Object — Object to our processing of your personal data.
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at [email protected].

11. CalOPPA Compliance (California Users)

In accordance with the California Online Privacy Protection Act:

  • Users can visit our site anonymously.
  • This privacy policy is accessible from our home page.
  • Users will be notified of any privacy policy changes on this page.
  • Users can change their personal information by emailing us at [email protected].

12. Do Not Track Signals

We honour Do Not Track (DNT) signals. When a DNT browser signal is detected, we will not engage in behavioural tracking of the visitor.

13. Children’s Privacy

Our Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

14. Links to Other Sites

Our Service may contain links to third-party websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Nexa Systems Inc
Brampton, Ontario, Canada
Email: [email protected]
Facebook: NexaDesk on Facebook
Website: nexadesk.ai